网上找了好多关于LDAP统一账户管理的文件,好多都是粘贴复制,能用得上的少之又少,正好最近又用到这个,于是着手看了郭老师的视频,顺便把自己学习的过程记录下来,供大家学习参考。
1、实验环境:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@localhost ~]
# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@localhost ~]
# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.31.153 netmask 255.255.255.0 broadcast 192.168.31.255
inet6 fe80::20c:29ff:fefe:6478 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:fe:64:78 txqueuelen 1000 (Ethernet)
RX packets 37181 bytes 9238204 (8.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5520 bytes 701406 (684.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 111 bytes 9451 (9.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 111 bytes 9451 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]
#
|
2、部署过程:
yum install openldap-servers openldap-clients
dn:
changetype: modify
add/delete/replace
olcRootPW:
objectClass:
2.1、安装部署服务端和相应程序包
1
2
3
4
5
6
7
|
[root@ldapserver01 ~]
# yum install openldap-servers openldap-clients
[root@ldapserver01 ~]
# systemctl start slapd.service
[root@ldapserver01 ~]
# systemctl status slapd.service
[root@ldapserver01 ~]
# ps xua|grep slapd
ldap 2440 0.0 0.9 78592 4924 ? Ssl 02:33 0:00
/usr/sbin/slapd
-u ldap -h ldapi:
///
ldap:
///
root 2444 0.0 0.1 112644 952 pts
/0
S+ 02:33 0:00
grep
--color=auto slapd
[root@ldapserver01 ~]
#
|
查看服务端口:
1
2
3
4
5
6
7
8
9
10
|
[root@ldapserver01 ~]
# netstat -lnptp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID
/Program
name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1116
/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2215
/master
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2440
/slapd
tcp6 0 0 :::22 :::* LISTEN 1116
/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2215
/master
tcp6 0 0 :::389 :::* LISTEN 2440
/slapd
[root@ldapserver01 ~]
#
|
ldap默认端口为389,如果加密(CA +LDAP)了用端口636,这里默认端口389已经开启了
对于ldap服务命令需要注意的:
一般以slapxxxx形式出现的命令为服务端命令,而以ldapxxxx形式出现的命令为客户端命令,比如下两个:
slappasswd 服务端命令
ldappasswd 客户端命令
2.2、LDAP服务安装好之后,我们接下来给ldap服务设置密码,在OpenLDAP server上执行如下操作:
1
2
3
4
5
|
[root@ldapserver01 ~]
# slappasswd
New password:
Re-enter new password:
{SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
[root@ldapserver01 ~]
#
|
ldap服务的全局配置文件存放路径为"/etc/openldap/slapd.d/",具体如下所示:
1
2
3
4
5
6
7
8
9
|
[root@ldapserver01 ~]
# cd /etc/openldap/slapd.d/
[root@ldapserver01 slapd.d]
# ls
cn=config cn=config.ldif
[root@ldapserver01 slapd.d]
# cd cn\=config
[root@ldapserver01 cn=config]
# ls
cn=schema cn=schema.ldif olcDatabase={0}config.ldif olcDatabase={-1}frontend.ldif olcDatabase={1}monitor.ldif olcDatabase={2}hdb.ldif
[root@ldapserver01 cn=config]
# pwd
/etc/openldap/slapd
.d
/cn
=config
[root@ldapserver01 cn=config]
#
|
添加密码命令和内容,添加密码其实是对文件olcDatabase={0}config.ldif进行修改
1
2
3
4
5
6
|
cat
<< EOF |ldapadd -Y EXTERNAL -H ldapi:
///
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
EOF
|
添加密码前:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@ldapserver01 cn=config]
# cat olcDatabase\=\{0\}config.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 11f68910
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" manage by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: a9da3e02-4cd0-1037-930d-f5a0198f7b5b
creatorsName: cn=config
createTimestamp: 20171024063108Z
entryCSN: 20171024063108.064679Z
#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20171024063108Z
[root@ldapserver01 cn=config]
#
|
执行密码添加操作:
1
2
3
4
5
6
7
8
9
10
11
|
[root@ldapserver01 cn=config]
# cat << EOF |ldapadd -Y EXTERNAL -H ldapi:///
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
EOF
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry
"olcDatabase={0}config,cn=config"
[root@ldapserver01 cn=config]
#
|
添加密码之后查看:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@ldapserver01 cn=config]
# cat olcDatabase\=\{0\}config.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 ea900b11
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" manage by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: a9da3e02-4cd0-1037-930d-f5a0198f7b5b
creatorsName: cn=config
createTimestamp: 20171024063108Z
olcRootPW:: e1NTSEF9YktHdnN2QThHb2hkSldYU0Z5ZHR3STZpckk1N2JJcHI=
entryCSN: 20171024064249.681208Z
#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20171024064249Z
[root@ldapserver01 cn=config]
#
|
或者将修改的内容保存到一个文件中,然后通过命令ldapadd -Y EXTERANL -H ldapi:/// -f /tmp/slappasswd.ldif
1
2
3
4
5
6
7
|
[root@ldapserver01 cn=config]
# vim /tmp/slappasswd.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
[root@ldapserver01 cn=config]
#
[root@ldapserver01 cn=config]
# ldapadd -Y EXTERANL -H ldapi:/// -f /tmp/slappasswd.ldif
|
3、导入基本的schema文件
CentOS7默认情况下schema文件存放路径是:
1
2
3
4
5
6
7
|
[root@ldapserver01 cn=config]
# pwd
/etc/openldap/slapd
.d
/cn
=config
[root@ldapserver01 cn=config]
# ls /etc/openldap/schema/
collective.ldif corba.schema cosine.ldif duaconf.schema inetorgperson.ldif java.schema nis.ldif openldap.schema ppolicy.ldif
collective.schema core.ldif cosine.schema dyngroup.ldif inetorgperson.schema misc.ldif nis.schema pmi.ldif ppolicy.schema
corba.ldif core.schema duaconf.ldif dyngroup.schema java.ldif misc.schema openldap.ldif pmi.schema
[root@ldapserver01 cn=config]
#
|
导入基本schema文件存放路径为:/etc/openldap/slapd.d/cn=config/cn=schema
1
2
3
4
5
|
[root@ldapserver01 cn=config]
# pwd
/etc/openldap/slapd
.d
/cn
=config
[root@ldapserver01 cn=config]
# ls cn\=schema
cn={0}core.ldif
[root@ldapserver01 cn=config]
#
|
3.1、导入第一个schema文件:
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@ldapserver01 cn=config]
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry
"cn=cosine,cn=schema,cn=config"
[root@ldapserver01 cn=config]
#
[root@ldapserver01 cn=config]
# cd cn\=schema
[root@ldapserver01 cn=schema]
# ls
cn={0}core.ldif cn={1}cosine.ldif
[root@ldapserver01 cn=schema]
# pwd
/etc/openldap/slapd
.d
/cn
=config
/cn
=schema
[root@ldapserver01 cn=schema]
#
|
用同样的方式导入其他几个schema文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[root@ldapserver01 cn=schema]
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry
"cn=ppolicy,cn=schema,cn=config"
[root@ldapserver01 cn=schema]
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry
"cn=nis,cn=schema,cn=config"
[root@ldapserver01 cn=schema]
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry
"cn=dyngroup,cn=schema,cn=config"
[root@ldapserver01 cn=schema]
#
[root@ldapserver01 cn=schema]
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry
"cn=inetorgperson,cn=schema,cn=config"
[root@ldapserver01 cn=schema]
# ls
cn={0}core.ldif cn={1}cosine.ldif cn={2}ppolicy.ldif cn={3}nis.ldif cn={4}dyngroup.ldif cn={5}inetorgperson.ldif
[root@ldapserver01 cn=schema]
#
|
4、修改相关域名:修改文件为olcDatabase\=\{2\}hdb.ldif和olcDatabase\=\{1\}monitor.ldif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@ldapserver01 cn=schema]
# cd ..
[root@ldapserver01 cn=config]
# ls
cn=schema cn=schema.ldif olcDatabase={0}config.ldif olcDatabase={-1}frontend.ldif olcDatabase={1}monitor.ldif olcDatabase={2}hdb.ldif
[root@ldapserver01 cn=config]
# cat olcDatabase\=\{2\}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 41f0f60e
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory:
/var/lib/ldap
olcSuffix:
dc
=my-domain,
dc
=com
olcRootDN: cn=Manager,
dc
=my-domain,
dc
=com
olcDbIndex: objectClass
eq
,pres
olcDbIndex: ou,cn,mail,surname,givenname
eq
,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: a9da5450-4cd0-1037-930f-f5a0198f7b5b
creatorsName: cn=config
createTimestamp: 20171024063108Z
entryCSN: 20171024063108.065249Z
#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20171024063108Z
[root@ldapserver01 cn=config]
#
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@ldapserver01 cn=config]
# cat olcDatabase\=\{1\}monitor.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 80b9bea4
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth
" read by dn.base="
cn=Manager,
dc
=my-domain,
dc
=com"
read
by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: a9da455a-4cd0-1037-930e-f5a0198f7b5b
creatorsName: cn=config
createTimestamp: 20171024063108Z
entryCSN: 20171024063108.064868Z
#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20171024063108Z
[root@ldapserver01 cn=config]
#
|
具体操作命令及内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
cat
<< EOF |ldapadd -Y EXTERNAL -H ldapi:
///
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth
" read by dn.base="
cn=Manager,
dc
=ldap,
dc
=com"
read
by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix:
dc
=ldap,
dc
=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,
dc
=ldap,
dc
=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
EOF
|
4.1、操作方法:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
[root@ldapserver01 cn=config]
# cat /tmp/domain.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth
" read by dn.base="
cn=Manager,
dc
=ldap,
dc
=com"
read
by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix:
dc
=ldap,
dc
=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,
dc
=ldap,
dc
=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
[root@ldapserver01 cn=config]
# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/domain.ldif
SASL
/EXTERNAL
authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry
"olcDatabase={1}monitor,cn=config"
modifying entry
"olcDatabase={2}hdb,cn=config"
modifying entry
"olcDatabase={2}hdb,cn=config"
modifying entry
"olcDatabase={2}hdb,cn=config"
[root@ldapserver01 cn=config]
#
|
查看修改后的文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[root@ldapserver01 cn=config]
# cat olcDatabase\=\{2\}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 7160b48b
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory:
/var/lib/ldap
olcDbIndex: objectClass
eq
,pres
olcDbIndex: ou,cn,mail,surname,givenname
eq
,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: a9da5450-4cd0-1037-930f-f5a0198f7b5b
creatorsName: cn=config
createTimestamp: 20171024063108Z
olcSuffix:
dc
=ldap,
dc
=com
olcRootDN: cn=Manager,
dc
=ldap,
dc
=com
olcRootPW:: e1NTSEF9YktHdnN2QThHb2hkSldYU0Z5ZHR3STZpckk1N2JJcHI=
entryCSN: 20171024071035.422517Z
#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20171024071035Z
[root@ldapserver01 cn=config]
# cat olcDatabase\=\{1\}monitor.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 bc7ee631
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
structuralObjectClass: olcDatabaseConfig
entryUUID: a9da455a-4cd0-1037-930e-f5a0198f7b5b
creatorsName: cn=config
createTimestamp: 20171024063108Z
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth
" read by dn.base="
cn=Manager,
dc
=ldap,
dc
=com"
read
by * none
entryCSN: 20171024071035.418045Z
#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20171024071035Z
[root@ldapserver01 cn=config]
#
|
5、设置组织架构
LDAP目录以树状的层次结构来存储数据。如果你对自顶向下的DNS树或UNIX文件的目录树比较熟悉,也就很容易掌握LDAP目录树这个概念了。就象DNS的主机名那样,LDAP目录记录的标识名(Distinguished Name,简称DN)是用来读取单个记录,以及回溯到树的顶部。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
cat
<< EOF |ldapadd -x -D cn=Manager,
dc
=ldap,
dc
=com -W
dn:
dc
=ldap,
dc
=com
objectClass: dcObject
objectClass: organization
dc
: ldap
o: ldap.com
dn: ou=People,
dc
=ldap,
dc
=com
objectClass: organizationalUnit
objectClass:
top
ou: People
dn: ou=Group,
dc
=ldap,
dc
=com
objectClass: organizationalUnit
ou: Group
dn: cn=Manager,
dc
=ldap,
dc
=com
objectClass: organizationalRole
cn: Manager
dn: cn=Host,ou=Group,
dc
=ldap,
dc
=com
objectClass: posixGroup
cn: Host
gidNumber: 1010
EOF
|
5.1执行添加条目操作:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
[root@ldapserver01 cn=config]
# cat << EOF |ldapadd -x -D cn=Manager,dc=ldap,dc=com -W
> dn:
dc
=ldap,
dc
=com
> objectClass: dcObject
> objectClass: organization
>
dc
: ldap
> o: ldap.com
>
> dn: ou=People,
dc
=ldap,
dc
=com
> objectClass: organizationalUnit
> objectClass:
top
> ou: People
>
> dn: ou=Group,
dc
=ldap,
dc
=com
> objectClass: organizationalUnit
> ou: Group
>
> dn: cn=Manager,
dc
=ldap,
dc
=com
> objectClass: organizationalRole
> cn: Manager
>
> dn: cn=Host,ou=Group,
dc
=ldap,
dc
=com
> objectClass: posixGroup
> cn: Host
> gidNumber: 1010
> EOF
Enter LDAP Password:
adding new entry
"dc=ldap,dc=com"
adding new entry
"ou=People,dc=ldap,dc=com"
adding new entry
"ou=Group,dc=ldap,dc=com"
adding new entry
"cn=Manager,dc=ldap,dc=com"
adding new entry
"cn=Host,ou=Group,dc=ldap,dc=com"
[root@ldapserver01 cn=config]
#
|
查看添加的条目有两种方法
①命令方式查看,添加字段BASE和URI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
[root@ldapserver01 cn=config]
# vim /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR
/etc/openldap/certs
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
BASE
dc
=ldap,
dc
=com
URI ldap:
//192
.168.112.200
[root@ldapserver01 cn=config]
#
[root@ldapserver01 cn=config]
# ldapsearch -x -LLL
dn:
dc
=ldap,
dc
=com
objectClass: dcObject
objectClass: organization
dc
: ldap
o: ldap.com
dn: ou=People,
dc
=ldap,
dc
=com
objectClass: organizationalUnit
objectClass:
top
ou: People
dn: ou=Group,
dc
=ldap,
dc
=com
objectClass: organizationalUnit
ou: Group
dn: cn=Manager,
dc
=ldap,
dc
=com
objectClass: organizationalRole
cn: Manager
dn: cn=Host,ou=Group,
dc
=ldap,
dc
=com
objectClass: posixGroup
cn: Host
gidNumber: 1010
[root@ldapserver01 cn=config]
#
|
②url方式查看,该方式主要通过ldapadmin工具查看
www.ldapadmin.org/download/languages/index.html
③通过web界面方式查看,后面会介绍
6、添加用户:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
cat
<< EOF |ldapadd -x -D cn=Manager,
dc
=ldap,
dc
=com -W
dn: uid=user01,ou=People,
dc
=ldap,
dc
=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
homeDirectory:
/home/user01
userPassword: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
loginShell:
/bin/bash
cn: user01
uidNumber: 1000
gidNumber: 1010
sn: System Administrator
mail: user01@gmail.com
mobile: 12888888888
EOF
|
6.1 执行添加用户操作命令:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@ldapserver01 cn=config]
# cat << EOF |ldapadd -x -D cn=Manager,dc=ldap,dc=com -W
> dn: uid=user01,ou=People,
dc
=ldap,
dc
=com
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> homeDirectory:
/home/user01
> userPassword: {SSHA}bKGvsvA8GohdJWXSFydtwI6irI57bIpr
> loginShell:
/bin/bash
> cn: user01
> uidNumber: 1000
> gidNumber: 1010
> sn: System Administrator
> mail: user01@gmail.com
> mobile: 12888888888
> EOF
Enter LDAP Password:
adding new entry
"uid=user01,ou=People,dc=ldap,dc=com"
[root@ldapserver01 cn=config]
#
|
至此,一个简单的ldap服务端配置完成,接下来配置ldap客户端
本文转自027ryan 51CTO博客,原文链接:http://blog.51cto.com/ucode/1975843,如需转载请自行联系原作者