优米格
分享有营养的

CENTOS 7安装openldap

BraUndress.png

linux.png

环境信息

  • CentOS Linux release 7.6.1810 (Core) ;
  • openldap-2.4.44-21.el7_6.x86_64;

安装过程

1.安装

yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

下载rpm?

wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-2.4.44-21.el7_6.x86_64.rpm

wget ftp://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.0/x86_64/os/Packages/compat-openldap-2.3.43-5.el7.x86_64.rpm

wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-clients-2.4.44-21.el7_6.x86_64.rpm

wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-servers-2.4.44-21.el7_6.x86_64.rpm

wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-servers-sql-2.4.44-21.el7_6.x86_64.rpm

wget http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.6/x86_64/updates/fastbugs/openldap-devel-2.4.44-21.el7_6.x86_64.rpm

2.启动

#启动
systemctl start slapd

#开机自启
systemctl enable slapd

3.查看服务是否已经启动

netstat -antup | grep -i 389

4.设置管理员密码

[root@localhost openldap]# slappasswd -h {SSHA} -s yourpassword
{SSHA}DnBJvmzxOsGdKZPdp+I6OlqbbqRGZOm7

将上面的yourpassword替换为你的密码。

5.配置OpenLDAP服务器

进入/etc/openldap/slapd.d/目录,新建db.ldif,内容如下:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=inspur,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=inspur,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}DnBJvmzxOsGdKZPdp+I6OlqbbqRGZOm7

注意:上面的olcRootPW替换为刚才你生成的密码。

然后执行命令,将配置同步到LDAP服务器。

ldapmodify -Y EXTERNAL  -H ldapi:/// -f db.ldif

然后新建一个monitor.ldif文件,内容如下:

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=inspur,dc=com" read by * none

同步配置:

ldapmodify -Y EXTERNAL  -H ldapi:/// -f monitor.ldif

6.设置LDAP数据库

复制数据配置文件,并更新权限:

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown ldap:ldap /var/lib/ldap/*

添加cosine和nis LDAP模式:

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

修改你的域生成文件/etc/openldap/base.ldif,根据自己的要求修改

dn: dc=inspur,dc=com
dc: inspur
objectClass: top
objectClass: domain

dn: cn=ldapadm ,dc=inspur,dc=com
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager

dn: ou=People,dc=inspur,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=inspur,dc=com
objectClass: organizationalUnit
ou: Group

构建目录结构:

[root@localhost openldap]# ldapadd -x -W -D "cn=ldapadm,dc=inspur,dc=com" -f base.ldif
Enter LDAP Password: 
adding new entry "dc=inspur,dc=com"

adding new entry "cn=ldapadm ,dc=inspur,dc=com"

adding new entry "ou=People,dc=inspur,dc=com"

adding new entry "ou=Group,dc=inspur,dc=com"

需要输入密码,密码为你前面设置的yourpassword

7.创建用户

创建一个名为lcuser的新用户(您可以将本地用户迁移到LDAP,而不是创建新用户),新建/etc/openldap/inspur.ldif,内容如下:

dn: uid=lcuser,ou=People,dc=inspur,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: lcuser
uid: lcuser
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/lcuser
loginShell: /bin/bash
gecos: lcuser [Admin (at) inspur]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

执行下面命令,添加用户:

[root@localhost openldap]# ldapadd -x -W -D "cn=ldapadm,dc=inspur,dc=com" -f inspur.ldif
Enter LDAP Password: 
adding new entry "uid=lcuser,ou=People,dc=inspur,dc=com"

需要输入管理员密码,即前面的yourpassword。

lcuser设置密码:

[root@localhost openldap]# ldappasswd -s lcuser_password -W -D "cn=ldapadm,dc=inspur,dc=com" -x "uid=lcuser,ou=People,dc=inspur,dc=com"
Enter LDAP Password: 

需要输入管理员密码,即前面的yourpassword,这里的lcuser_password即为lcuser用户的密码。

验证LDAP条目:

[root@localhost openldap]# ldapsearch -x cn=lcuser -b dc=inspur,dc=com
# extended LDIF
#
# LDAPv3
# base <dc=inspur,dc=com> with scope subtree
# filter: cn=lcuser
# requesting: ALL
#

# lcuser, People, inspur.com
dn: uid=lcuser,ou=People,dc=inspur,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: lcuser
uid: lcuser
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/lcuser
loginShell: /bin/bash
gecos: lcuser [Admin (at) inspur]
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
userPassword:: e1NTSEF9TVY2alVBTGF4aGY2WGlTUUxYZHhPcytmWGtKdGovVnM=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

删除条目的命令为(可选):

ldapdelete -W -D "cn=ldapadm,dc=inspur,dc=com" "uid=lcuser,ou=People,dc=inspur,dc=com"

错误解决

1.错误:liblber-2.4.so.2: cannot open shared object file: No such file or directory

[root@localhost etc]# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

   liblber-2.4.so.2: cannot open shared object file: No such file or directory

Please install a package which provides this module, or
verify that the module is installed correctly.

It's possible that the above module doesn't match the
current version of Python, which is:
2.7.5 (default, Jun 20 2019, 20:27:34) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

If you cannot solve this problem yourself, please go to 
the yum faq at:
  http://yum.baseurl.org/wiki/Faq

解决办法:手动安装

参考:

  1. CentOS 7 环境下 OpenLDAP 的安装与配置
  2. 在CentOS 7 / RHEL 7配置OpenLDAP服务
  3. 记录 libldap-2.4.so.2: cannot open shared object file: No such file or directory
  4. CentOS 6.9下OpenLDAP 的安装与配置
赞(0)
未经允许禁止转载:优米格 » CENTOS 7安装openldap

评论 抢沙发

合作&反馈&投稿

商务合作、问题反馈、投稿,欢迎联系

广告合作侵权联系