环境信息
- CentOS Linux release 7.6.1810 (Core) ;
- openldap-2.4.44-21.el7_6.x86_64;
安装过程
1.安装
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
下载rpm?
wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-2.4.44-21.el7_6.x86_64.rpm
wget ftp://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.0/x86_64/os/Packages/compat-openldap-2.3.43-5.el7.x86_64.rpm
wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-clients-2.4.44-21.el7_6.x86_64.rpm
wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-servers-2.4.44-21.el7_6.x86_64.rpm
wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-servers-sql-2.4.44-21.el7_6.x86_64.rpm
wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-devel-2.4.44-21.el7_6.x86_64.rpm
2.启动
#启动
systemctl start slapd
#开机自启
systemctl enable slapd
3.查看服务是否已经启动
netstat -antup | grep -i 389
4.设置管理员密码
[root@localhost openldap]# slappasswd -h {SSHA} -s yourpassword
{SSHA}DnBJvmzxOsGdKZPdp+I6OlqbbqRGZOm7
将上面的yourpassword替换为你的密码。
5.配置OpenLDAP服务器
进入/etc/openldap/slapd.d/
目录,新建db.ldif,内容如下:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=inspur,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=inspur,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}DnBJvmzxOsGdKZPdp+I6OlqbbqRGZOm7
注意:上面的olcRootPW替换为刚才你生成的密码。
然后执行命令,将配置同步到LDAP服务器。
ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
然后新建一个monitor.ldif
文件,内容如下:
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=inspur,dc=com" read by * none
同步配置:
ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
6.设置LDAP数据库
复制数据配置文件,并更新权限:
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/*
添加cosine和nis LDAP模式:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
修改你的域生成文件/etc/openldap/base.ldif
,根据自己的要求修改
dn: dc=inspur,dc=com
dc: inspur
objectClass: top
objectClass: domain
dn: cn=ldapadm ,dc=inspur,dc=com
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager
dn: ou=People,dc=inspur,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=inspur,dc=com
objectClass: organizationalUnit
ou: Group
构建目录结构:
[root@localhost openldap]# ldapadd -x -W -D "cn=ldapadm,dc=inspur,dc=com" -f base.ldif
Enter LDAP Password:
adding new entry "dc=inspur,dc=com"
adding new entry "cn=ldapadm ,dc=inspur,dc=com"
adding new entry "ou=People,dc=inspur,dc=com"
adding new entry "ou=Group,dc=inspur,dc=com"
需要输入密码,密码为你前面设置的yourpassword
。
7.创建用户
创建一个名为lcuser
的新用户(您可以将本地用户迁移到LDAP,而不是创建新用户),新建/etc/openldap/inspur.ldif
,内容如下:
dn: uid=lcuser,ou=People,dc=inspur,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: lcuser
uid: lcuser
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/lcuser
loginShell: /bin/bash
gecos: lcuser [Admin (at) inspur]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
执行下面命令,添加用户:
[root@localhost openldap]# ldapadd -x -W -D "cn=ldapadm,dc=inspur,dc=com" -f inspur.ldif
Enter LDAP Password:
adding new entry "uid=lcuser,ou=People,dc=inspur,dc=com"
需要输入管理员密码,即前面的yourpassword。
为lcuser
设置密码:
[root@localhost openldap]# ldappasswd -s lcuser_password -W -D "cn=ldapadm,dc=inspur,dc=com" -x "uid=lcuser,ou=People,dc=inspur,dc=com"
Enter LDAP Password:
需要输入管理员密码,即前面的yourpassword,这里的lcuser_password即为lcuser用户的密码。
验证LDAP条目:
[root@localhost openldap]# ldapsearch -x cn=lcuser -b dc=inspur,dc=com
# extended LDIF
#
# LDAPv3
# base <dc=inspur,dc=com> with scope subtree
# filter: cn=lcuser
# requesting: ALL
#
# lcuser, People, inspur.com
dn: uid=lcuser,ou=People,dc=inspur,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: lcuser
uid: lcuser
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/lcuser
loginShell: /bin/bash
gecos: lcuser [Admin (at) inspur]
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
userPassword:: e1NTSEF9TVY2alVBTGF4aGY2WGlTUUxYZHhPcytmWGtKdGovVnM=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
删除条目的命令为(可选):
ldapdelete -W -D "cn=ldapadm,dc=inspur,dc=com" "uid=lcuser,ou=People,dc=inspur,dc=com"
错误解决
1.错误:liblber-2.4.so.2: cannot open shared object file: No such file or directory
[root@localhost etc]# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
liblber-2.4.so.2: cannot open shared object file: No such file or directory
Please install a package which provides this module, or
verify that the module is installed correctly.
It's possible that the above module doesn't match the
current version of Python, which is:
2.7.5 (default, Jun 20 2019, 20:27:34)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
If you cannot solve this problem yourself, please go to
the yum faq at:
http://yum.baseurl.org/wiki/Faq
解决办法:手动安装
参考:
- CentOS 7 环境下 OpenLDAP 的安装与配置;
- 在CentOS 7 / RHEL 7配置OpenLDAP服务;
- 记录 libldap-2.4.so.2: cannot open shared object file: No such file or directory;
- CentOS 6.9下OpenLDAP 的安装与配置;
最新评论
我的是ipv4网络,如何使用直播源啊!
我今天试了,不想啊,我的是新疆昌吉移动的网络。
收不到验证码电报
现在充值29起了