本篇内容介绍了“CentOS7如何部署OpenLDAP服务”的有关知识,在实际案例的操作过程中,不少人都会遇到这样的困境,接下来就让小编带领大家学习一下如何处理这些情况吧!希望大家仔细阅读,能够学有所成!
OpenLDAP 是一款轻量级目录访问协议(Lightweight Directory Access Protocol,LDAP),属于开源集中账号管理架构的实现,且支持众多系统版本,被广大互联网公司所采用。
安装ldap服务
[root@ldap ~]# yum install -y openldap-servers openldap-clients[root@ldap ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG[root@ldap ~]# chown ldap. /var/lib/ldap/DB_CONFIG[root@ldap ~]# systemctl start slapd[root@ldap ~]# systemctl enable slapd配置ldap服务
# 生成管理员密码
[root@ldap ~]# slappasswdNew password:Re-enter new password:{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx[root@ldap ~]# vim chrootpw.ldif# specify the password generated above for "olcRootPW" sectiondn: olcDatabase={0}config,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0modifying entry "olcDatabase={0}config,cn=config"导入基本模式
[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=cosine,cn=schema,cn=config"[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=nis,cn=schema,cn=config"[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=inetorgperson,cn=schema,cn=config"在ldap的DB中设置域名
# 生成目录管理员密码
[root@ldap ~]# slappasswdNew password:Re-enter new password:{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx[root@ldap ~]# vim chdomain.ldif# replace to your own domain name for "dc=***,dc=***" section# specify the password generated above for "olcRootPW" sectiondn: olcDatabase={1}monitor,cn=configchangetype: modifyreplace: olcAccessolcAccess: {0}to * bydn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"read by dn.base="cn=Manager,dc=jumpserver,dc=tk" read by * nonedn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=jumpserver,dc=tkdn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=Manager,dc=jumpserver,dc=tkdn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxdn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcAccessolcAccess: {0}to attrs=userPassword,shadowLastChange bydn="cn=Manager,dc=jumpserver,dc=tk" write by anonymous auth by self write by *noneolcAccess: {1}to dn.base="" by * readolcAccess: {2}to * by dn="cn=Manager,dc=jumpserver,dc=tk" write by * read[root@ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0modifying entry "olcDatabase={1}monitor,cn=config"modifying entry "olcDatabase={2}hdb,cn=config"modifying entry "olcDatabase={2}hdb,cn=config"modifying entry "olcDatabase={2}hdb,cn=config"[root@ldap ~]# vim basedomain.ldif# replace to your own domain name for "dc=***,dc=***" sectiondn: dc=jumpserver,dc=tkobjectClass: topobjectClass: dcObjectobjectclass: organizationo: Server tkdc: jumpserverdn: cn=Manager,dc=jumpserver,dc=tkobjectClass: organizationalRolecn: Managerdescription: Directory Managerdn: ou=People,dc=jumpserver,dc=tkobjectClass: organizationalUnitou: Peopledn: ou=Group,dc=jumpserver,dc=tkobjectClass: organizationalUnitou: Group[root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f basedomain.ldifEnter LDAP Password: # 输入目录管理员密码adding new entry "dc=jumpserver,dc=tk"adding new entry "cn=Manager,dc=jumpserver,dc=tk"adding new entry "ou=People,dc=jumpserver,dc=tk"adding new entry "ou=Group,dc=jumpserver,dc=tk"开放端口
# firewall-cmd --add-service=ldap --permanentsuccess# firewall-cmd --reloadsuccess添加一个用户
# 生成用户密码
[root@ldap ~]# slappasswdNew password:Re-enter new password:{SSHA}xxxxxxxxxxxxxxxxx[root@ldap ~]# vi ldapuser.ldif# create new# replace to your own domain name for "dc=***,dc=***" sectiondn: uid=test,ou=People,dc=jumpserver,dc=tkobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountcn: testsn: LinuxuserPassword: {SSHA}xxxxxxxxxxxxxxxxxloginShell: /bin/bashuidNumber: 1000gidNumber: 1000homeDirectory: /home/testdn: cn=test,ou=Group,dc=jumpserver,dc=tkobjectClass: posixGroupcn: testgidNumber: 1000memberUid: test[root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f ldapuser.ldifEnter LDAP Password:adding new entry "uid=test,ou=People,dc=jumpserver,dc=tk"adding new entry "cn=test,ou=Group,dc=jumpserver,dc=tk"[root@ldap ~]# ldapsearch -x -D "cn=Manager,dc=jumpserver,dc=tk" -W -b ""dc=jumpserver,dc=tk"“CentOS7如何部署OpenLDAP服务”的内容就介绍到这里了,感谢大家的阅读。如果想了解更多行业相关的知识可以关注编程网网站,小编将为大家输出更多高质量的实用文章!
