39
CentOS 7 简单搭建OpenLDAP服务
source link: https://www.linuxprobe.com/centos7-openldap-service.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
安装ldap服务
[root@ldap ~]# yum install -y openldap-servers openldap-clients [root@ldap ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@ldap ~]# chown ldap. /var/lib/ldap/DB_CONFIG [root@ldap ~]# systemctl start slapd [root@ldap ~]# systemctl enable slapd
配置ldap服务
# 生成管理员密码
[root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx [root@ldap ~]# vim chrootpw.ldif # specify the password generated above for "olcRootPW" section dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx [root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={0}config,cn=config"
导入基本模式
[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=cosine,cn=schema,cn=config" [root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=nis,cn=schema,cn=config" [root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=inetorgperson,cn=schema,cn=config"
在ldap的DB中设置域名
# 生成目录管理员密码
[root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx [root@ldap ~]# vim chdomain.ldif # replace to your own domain name for "dc=***,dc=***" section # specify the password generated above for "olcRootPW" section dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=jumpserver,dc=tk" read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=jumpserver,dc=tk dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=Manager,dc=jumpserver,dc=tk dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=jumpserver,dc=tk" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=Manager,dc=jumpserver,dc=tk" write by * read [root@ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}monitor,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" [root@ldap ~]# vim basedomain.ldif # replace to your own domain name for "dc=***,dc=***" section dn: dc=jumpserver,dc=tk objectClass: top objectClass: dcObject objectclass: organization o: Server tk dc: jumpserver dn: cn=Manager,dc=jumpserver,dc=tk objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=jumpserver,dc=tk objectClass: organizationalUnit ou: People dn: ou=Group,dc=jumpserver,dc=tk objectClass: organizationalUnit ou: Group [root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f basedomain.ldif Enter LDAP Password: # 输入目录管理员密码 adding new entry "dc=jumpserver,dc=tk" adding new entry "cn=Manager,dc=jumpserver,dc=tk" adding new entry "ou=People,dc=jumpserver,dc=tk" adding new entry "ou=Group,dc=jumpserver,dc=tk"
开放端口
# firewall-cmd --add-service=ldap --permanent success # firewall-cmd --reload success
添加一个用户
# 生成用户密码
[root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}xxxxxxxxxxxxxxxxx [root@ldap ~]# vi ldapuser.ldif # create new # replace to your own domain name for "dc=***,dc=***" section dn: uid=test,ou=People,dc=jumpserver,dc=tk objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: test sn: Linux userPassword: {SSHA}xxxxxxxxxxxxxxxxx loginShell: /bin/bash uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/test dn: cn=test,ou=Group,dc=jumpserver,dc=tk objectClass: posixGroup cn: test gidNumber: 1000 memberUid: test [root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f ldapuser.ldif Enter LDAP Password: adding new entry "uid=test,ou=People,dc=jumpserver,dc=tk" adding new entry "cn=test,ou=Group,dc=jumpserver,dc=tk" [root@ldap ~]# ldapsearch -x -D "cn=Manager,dc=jumpserver,dc=tk" -W -b " "dc=jumpserver,dc=tk"
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK