环境:
系统:CentOS 6.7
openldap:2.4.40
安装:
1、导入epel源
1
2
|
wget http:
//dl
.fedoraproject.org
/pub/epel/6/x86_64/epel-release-6-8
.noarch.rpm
rpm –ivh epel-release-6-8.noarch.rpm
|
2、安装openldap
1
|
yum -y
install
openldap openldap-*
|
3、配置openldap,包括准备DB_CONFIG和slapd.conf
1
2
3
|
cd
/etc/openldap/
cp
/usr/share/openldap-servers/slapd
.conf.obsolete slapd.conf
cp
/usr/share/openldap-servers/DB_CONFIG
.example
/var/lib/ldap/DB_CONFIG
|
设置管理员密码:
1
2
|
slappasswd -s 123456
{SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
|
4、修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
1
2
3
4
5
|
database bdb
suffix
"dc=beyondh,dc=org"
checkpoint 1024 15
rootdn
"cn=admin,dc=beyondh,dc=org"
rootpw {SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
|
5、修改目录权限
1
2
|
chown
-R ldap:ldap
/etc/openldap/
chown
-R ldap:ldap
/var/lib/ldap/
|
6、启动slapd服务
1
|
/etc/init
.d
/slapd
start
|
注意一定要先启动slapd服务,第7部测试的时候才不会报错,提示某数据库文件不存在,只有启动服务后才能生产该文件。
7、测试
1
2
|
slaptest -f
/etc/openldap/slapd
.conf -F
/etc/openldap/slapd
.d/
config
file
testing succeeded
|
8、安装migrationtools
1
|
yum
install
migrationtools -y
|
9、编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置
1
2
3
|
vim
/usr/share/migrationtools/migrate_common
.ph
$DEFAULT_MAIL_DOMAIN =
"beyondh.org"
;
$DEFAULT_BASE =
"dc=beyondh,dc=org"
;
|
10、生成base.ldif、passwd.ldif、group.ldif文件
1
2
3
4
5
6
7
8
|
/usr/share/migrationtools/migrate_base
.pl >
/tmp/base
.ldif
/usr/share/migrationtools/migrate_group
.pl
/etc/group
>
/tmp/group
.ldif
/usr/share/migrationtools/migrate_group
.pl
/etc/group
>
/tmp/group
.ldif
ls
/tmp/
base.ldif group.ldif
passwd
.ldif
|
11、导入base.ldif、passwd.ldif、group.ldif文件
1
2
3
|
[root@localhost openldap]
# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/base.ldif
[root@localhost migrationtools]
# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/group.ldif
[root@localhost migrationtools]
# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/passwd.ldif
|
需要输入管理员密码
12、测试数据导入是否成功
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
[root@localhost openldap]
# ldapsearch -LLL -W -x -H ldap://beyondh.org -D "cn=admin,dc=beyondh,dc=org" -b "dc=beyondh,dc=org"
Enter LDAP Password:
dn:
dc
=beyondh,
dc
=org
dc
: beyondh
objectClass:
top
objectClass: domain
dn: ou=Hosts,
dc
=beyondh,
dc
=org
ou: Hosts
objectClass:
top
objectClass: organizationalUnit
dn: ou=Rpc,
dc
=beyondh,
dc
=org
ou: Rpc
objectClass:
top
objectClass: organizationalUnit
dn: ou=Services,
dc
=beyondh,
dc
=org
ou: Services
objectClass:
top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,
dc
=beyondh,
dc
=org
nisMapName: netgroup.byuser
objectClass:
top
objectClass: nisMap
dn: ou=Mounts,
dc
=beyondh,
dc
=org
ou: Mounts
objectClass:
top
objectClass: organizationalUnit
dn: ou=Networks,
dc
=beyondh,
dc
=org
ou: Networks
objectClass:
top
objectClass: organizationalUnit
dn: ou=People,
dc
=beyondh,
dc
=org
ou: People
objectClass:
top
objectClass: organizationalUnit
dn: ou=Group,
dc
=beyondh,
dc
=org
ou: Group
objectClass:
top
objectClass: organizationalUnit
dn: ou=Netgroup,
dc
=beyondh,
dc
=org
ou: Netgroup
objectClass:
top
objectClass: organizationalUnit
dn: ou=Protocols,
dc
=beyondh,
dc
=org
ou: Protocols
objectClass:
top
objectClass: organizationalUnit
dn: ou=Aliases,
dc
=beyondh,
dc
=org
ou: Aliases
objectClass:
top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,
dc
=beyondh,
dc
=org
nisMapName: netgroup.byhost
objectClass:
top
objectClass: nisMap
|
13、安装httpd及PhpLdapAdmin
1
|
yum -y
install
httpd phpldapadmin
|
14、 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问
1
2
3
4
|
<
Directory
/usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</
Directory
>
|
15、修改/etc/phpldapadmin/config.PHP配置用DN登录,
在397行,将
1
2
|
//
$servers->setValue(
'login'
,
'attr'
,
'dn'
);
$servers->setValue(
'login'
,
'attr'
,
'uid'
);
|
改成
1
2
|
$servers->setValue(
'login'
,
'attr'
,
'dn'
);
//
$servers->setValue(
'login'
,
'attr'
,
'uid'
);
|
16启动httpd
1
|
/etc/init
.d
/httpd
start
|
17、访问ldapadmin
18、开启日志功能
编辑/etc/rsyslog.conf 文件,加入下面一行
1
|
local4.*
/var/log/openldap
.log
|
编辑/etc/openldap/slapd.conf文件,加入下面两行
1
2
|
loglevel 296
cachesize 1000
|
重启rsyslog服务和slapd服务
1
2
3
4
5
|
/etc/init
.d
/rsyslog
restart
/etc/init
.d
/slapd
restart
ls
-l
/var/log/openldap
.log
-rw------- 1 root root 216 Mar 23 15:46
/var/log/openldap
.log
|
本文转自 曾哥最爱 51CTO博客,原文链接:http://blog.51cto.com/zengestudy/1909640,如需转载请自行联系原作者