Configure LDAP Server(centos7 openldap)

1.安装openldap -server:

[[email protected] ~]# yum -y install openldap-servers openldap-clients
[[email protected] ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[[email protected] ~]# chown ldap. /var/lib/ldap/DB_CONFIG
[[email protected] ~]# systemctl start slapd
[[email protected] ~]# systemctl enable slapd 

2.设置openldap 的admin 密码

# generate encrypted password
[[email protected] ~]# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
[[email protected] ~]# vi chrootpw.ldif
# specify the password generated above for "olcRootPW" section
 dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[[email protected] ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

3.导入基础的Schemas

[[email protected] ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

[[email protected] ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"

[[email protected] ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"

4.在LDAP DB设置domain name

# generate directory manager‘s password
[[email protected] ~]# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
[[email protected] ~]# vi chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
 dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=srv,dc=world" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=srv,dc=world

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=srv,dc=world

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=srv,dc=world" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=srv,dc=world" write by * read

[[email protected] ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}monitor,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

[[email protected] ~]# vi basedomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
 dn: dc=srv,dc=world
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
dc: Srv

dn: cn=Manager,dc=srv,dc=world
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=srv,dc=world
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=srv,dc=world
objectClass: organizationalUnit
ou: Group

[[email protected] ~]# ldapadd -x -D cn=Manager,dc=srv,dc=world -W -f basedomain.ldif
Enter LDAP Password: # directory manager‘s password
adding new entry "dc=srv,dc=world"

adding new entry "cn=Manager,dc=srv,dc=world"

adding new entry "ou=People,dc=srv,dc=world"

adding new entry "ou=Group,dc=srv,dc=world"

5.配置防火墙

[[email protected] ~]# firewall-cmd --add-service=ldap --permanent
success
[[email protected] ~]# firewall-cmd --reload
success
时间: 2024-10-14 21:48:34

Configure LDAP Server(centos7 openldap)的相关文章

LDAP环境搭建 OpenLDAP和phpLDAPadmin -- yum版

  前言: 前两天公司要求做一个使用LDAP和Kerberos做一个认证授权系统,然后开始学习LDAP相关知识,期间找了不少博客按照步骤来安装,可是很多博客在配置的时候,都会遇到安装过程中一两个问题卡住了,然后就无法进行下去了,坑了我不少时间,其实我只是想先搭建好环境然后来深入浅出的学习,总结这两天的坑,便有了这篇博文,本次主要是快速上手篇,大部分会采用yum方式安装 力求快速上手,尽量少修改官方配置 最小化的环境,为了详细,文章中图片可能会多一点 正式使用还是要基于源码安装,如果你喜欢源码安装

Configure Windows Server 2008 based DHCP database cleanup interval & lease grace period

My Windows Server 2008 based DHCP server related settings: 这里,LeaseExtension设置为10 minutes,意味着默认4个小时的grace period缩短到10分钟.DatabaseCleanupInterval默认为60 minutes,即默认每小时执行一次DHCP database cleanup. Configure Windows Server 2008 based DHCP database cleanup in

How to configure samba server in Linux     Print

Most Linux systems are the part of networks that also run Windows systems. Using Linux Samba servers, your Linux and Windows systems can share directories and printers. This is most use full situation where your clients are window native and you want

LDAP入门与OpenLDAP使用配置

LDAP入门与OpenLDAP使用配置 1.LDAP简介 LDAP(轻量级目录访问协议,Lightweight Directory Access Protocol)是实现提供被称为目录服务的信息服务.目录服务是一种特殊的数据库系统,专门针对读取,浏览和搜索操作进行了特定的优化.目录一般包含描述性的,基于属性的信息并支持精细复杂的过滤能力.目录一般不支持通用数据库针对大量更新操作需要的复杂事务管理或回卷策略.目录服务的 更新一般都非常简单.这种目录可以存储包括个人信息.web链结.jpeg图像等各

Configure NTP Server

Configure NTP Server for Time Sync. [1] Right-click [Start] button and open [run] and input [gpedit.msc] like follows. [2] Select [Administrative Templates] - [System] - [Windows Time Service] - [Time Providers] on the left pane, and Open [Enable Win

Configure PPPoE on CentOS7

Why? I prefer using ethernet to Wifi to access internet. But, I'm afraid, sometimes I have to use Wifi. So, I'm going to configure my CentOS7 to be able to access internet through both Wifi and Ethernet. Preparation The ethernet interface/card name i

How to add and configure jetty server in maven pom.xml

Jetty server configuration will be added as a maven plugin <!--Jetty config--><build> <pluginManagement> <plugins> <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId&

Configure VNC Server on CentOS 7 / RHEL 7

The following simple guide help you to setup the VNC server on RHEL 7/CentOS 7 machines, VNC help to share the desktop with the other machines which has a client installed. VNC server and client are not installed by default, you need to setup the vnc

Configure NFS Server On AIX 6.1

1.创建/etc/exports文件 [[email protected] ~]# vi /etc/exports /u02/share -sec=sys:krb5p:krb5i:krb5:dh,rw,root=192.168.1.10 /u02/share:共享目录 -sec:是指数据加密方法 root=:设置192.168.1.10主机对/u02/share有读写权限:如果root后面指定的是主机名,则必须将主机名称和IP写入/etc/hosts文件,否则无法解析(通过DNS解析可以忽略).