目录
前言
LDAP+NFS+Autofs也是一种网络用户集中管理解决方案,相对于NIS+NFS+Autofs而言,有着更可靠的安全性。
Ldap
LDAP(Lightweight Directory Access Protocol)轻量目录访问协议,它基于X.500标准的,与X.500不同,LDAP支持TCP/IP,这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。
LDAP+NFS+autofs
ServerPost
step1.
yum install -y openldap openldap-clients openldap-serversstep2.Change the dynamic ldap config file.
mv slapd.d slapd.d.bak --> /etc/openldapstep3. Use the static ldap config file.
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.confstep4. Edit the LDAP config file in the section “database definitions” as below:
vim /etc/openldap/slapd.conf
# database definitions
################################################################
database bdb
suffix "dc=nice,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=nice,dc=com"
rootpw fanguiju
#################################################################
#the meaning is assign the domain for storage the user account.
# cn=Manager-->ManagerAccount
# dc=nice,dc=com-->storage user account domainstep5. Edit the ldap domain database config file.
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB__CONFIG
chown ldap:ldap DB_CONFIGstep6. Start ldap service
service ldap start
ldapsearch -x -b "dc=nice,dc=com"
-x #简单明文方式发送step6. Converting local user infomation into LDAP user infomation also storage the LDAP user infomation to the database file.
yum install -y migrationtools --> migrationtools is a format conversion.vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL.DOMAIN="nice.com"
$DEFAULT_BASE="dc=nice,dc=com"Create base.ldif
./migrate_base.pl > base.ldif #Converting the base info into LDAP info
#Edit the base.ldif file as below(keep base item of nice,People,Group):
dn: dc=nice,dc=com
dc: nice
objectClass: top
objectClass: domain
dn: ou=People,dc=nice,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=nice,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnitCreate user.ldif
./migrate_passwd.pl /etc/passwd > user.ldif #Converting the user info into LDAP info, if you want to keep therein some user ,you can cut the user info in the passwd file also storage it to new file.将要加入到LDAP的用户留下Create group.ldif
./migrate_group.pl /etc/group > group.ldif #Converting the group info into LDAP info, idem.step7. After converting,import the LDAP info to the DB file.
ldapadd -D "cn=Manager,dc=nice,dc=com" -W -x -f base.ldif #input password of "jmilkfan".
ldapadd -D "cn=Manager,dc=nice,dc=com" -W -x -f user.ldif
ldapadd -D "cn=Manager,dc=nice,dc=com" -W -x -f group.ldifstep8. Test the LDAP config again.
ldapsearch -x -b "dc=nice,dc=com"step9. Setup the PHP env (phpldapadmin)
yum install -y php php-ldap
tar phpldapadmin -C /var/www/html #Source code install phpldapadmin
cp /var/www/html/phpldapadmin/config/config.php.example /var/www/html/phpldapadmin/config/config.phpstep10. Login phpldapadmin via web protal.
http://localhost/phpldapadminstep11. Create TLS(Transport Layer Security 安全传输协议) and check authentication certificate.
sh certcreate.sh #create certificate by certcreate.sh scriptstep12. Write TLS authentication certificate URL to the slap.conf.
vim /etc/openldap/slapd.conf
cp XXX.crt XXX.key /etc/openldap/certs
cp XXX.crt /var/www/html --> client can download the cert filestep13. Test the LDAP in clientPort.
Add LDAP domain by imaging and login the LDAP user.
step14. Setup the NFS
vim /etc/exports
/home 192.168.0.0/24(rw,sync)Restart service
service nfs restartstep15. Setup the autofs
vim /etc/auto.master
/home /etc/auto.ldapcp /etc/auto.misc /etc/auto.ldapvim /etc/auto.ldap
* -fstype==nfs,rw LDAPServerIP:/home/&Restart service
start autofs restartstep16. Test the LNA
su - LdapUserName