Ldap部署
安装ldap
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools
配置ladp
1.1. 生成密码
slappasswd -s admin@123
{SSHA}kOiIH5ZdFVfH5GD7DU9wTLrLBoyP+eL8
1.2. 修改域、管理员信息
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
内容如下:
olcSuffix: dc=dfcv,dc=com #修改dc名称
olcRootDN: cn=admin,dc=dfcv,dc=com #修改cn名称、dc名称
olcRootPW: {SSHA}kOiIH5ZdFVfH5GD7DU9wTLrLBoyP+eL8 #该行为新增行,指定管理员密码,该行为新增行(新增加一行)
1.3. 修改监控文件信息
vim /etc/openldap/slapd.d/cn\=config/olcDatabase={1}monitor.ldif
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=admin,dc=dfcv,dc=com" read by * none
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
1.4. 修改权限
修改ldap数据库配置目录归属用户
chown ldap:ldap -R /var/lib/ldap
修改ldap数据库配置目录权限
chmod 700 -R /var/lib/ldap
启动服务
systemctl start slapd
systemctl enable slapd
systemctl status slapd
1.5. 导入schema
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/collective.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/corba.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/duaconf.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/java.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openldap.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/pmi.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif
1.6. 修改migrate_common.ph
vim /usr/share/migrationtools/migrate_common.ph
内容如下:
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "dfcv.com";
# Default base
$DEFAULT_BASE = "dc=dfcv,dc=com";
$EXTENDED_SCHEMA = 1;
#创建基础目录
cd /etc/openldap/
# cat 2.ldif
dn: dc=dfcv,dc=com
o: ldap
objectclass: dcObject
objectclass: organization
dc:dfcv
#创建目录结构
ldapadd -x -D "cn=admin,dc=dfcv,dc=com" -W -f 2.ldif
输入admin 密码:admin@123
Enter LDAP Password:
adding new entry "dc=dfcv,dc=com"
#创建部门员工
# cat 5.ldif
dn: ou=People,dc=dfcv,dc=com
ou: People
objectClass: organizationalUnit
dn: cn=test,ou=People,dc=dfcv,dc=com
ou: People
cn: test
sn: People
objectClass: inetOrgPerson
objectClass: organizationalPerson
#创建员工
# ldapadd -x -D "cn=admin,dc=dfcv,dc=com" -W -f 5.ldif
Enter LDAP Password:
adding new entry "ou=People,dc=dfcv,dc=cn"
adding new entry "cn=test,ou=People,dc=dfcv,dc=cn"
