这篇文章主要介绍“openldap-2.4.44 安装教程”,在日常操作中,相信很多人在openldap-2.4.44 安装教程问题上存在疑惑,小编查阅了各式资料,整理出简单好用的操作方法,希望对大家解答”openldap-2.4.44 安装教程”的疑惑有所帮助!接下来,请跟着小编一起来学习吧!
https://www.tutorialspoint.com/linux_admin/install_and_configure_open_ldap.htm
计算
安全
数据库
网络和加速
企业服务
# 安装openldap-clients/openldap-servers
[root@openldap ldap]# yum install openldap-clients openldap-servers
# 测试
[root@openldap ldap]# slaptest -u
config file testing succeeded
# 启动
[root@openldap ldap]# service slapd start
# 修改olcSuffix/olcRootDN/olcRootPW
[root@openldap ldap]# slappasswd -s 123456
{SSHA}5AeSW/wI7nDvTcuPsRPitliGW7CfF8xV
#
# /etc/openldap/slapd.d/cn\=config/olcDatabase={2}hdb
#
[root@openldap ldap]# vi /opt/0_modify_olc_bash.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=harry,dc=com
dn: olcDatabase = {2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=harry,dc=com
dn: olcDatabase = {2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}5AeSW/wI7nDvTcuPsRPitliGW7CfF8xV
#ldapmodify 修改
[root@openldap ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/0_modify_olc_bash.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase = {2}hdb,cn=config"
modifying entry "olcDatabase = {2}hdb,cn=config"
#### setup db
[root@openldap ldap]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@openldap ldap]# chown ldap:ldap /var/lib/ldap/*
#### 添加admin/ou
[root@openldap ldap]# vi /opt/4_ldapadmin.ldif
dn: cn=Manager,dc=harry,dc=com
objectClass: organizationalRole
cn: Manager
dn: dc=harry,dc=com
dc: harry
objectClass: top
objectClass: organization
objectClass: dcObject
o: harry
dn: ou=Groups,dc=harry,dc=com
ou: Groups
objectClass: organizationalUnit
dn: ou=Users,dc=harry,dc=com
ou: Users
objectClass: organizationalUnit
[root@openldap ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f /opt/4_ldapadmin.ldif
### 搜索校验
[root@openldap opt]# ldapsearch -b 'dc=harry,dc=com' -H ldapi:/// -LLL
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: dc=harry,dc=com
dc: harry
objectClass: top
objectClass: domain
dn: ou=Groups,dc=harry,dc=com
ou: Groups
objectClass: organizationalUnit
dn: ou=Users,dc=harry,dc=com
ou: Users
objectClass: organizationalUnit
### 修改monitor
[root@openldap opt]# vi /opt/1_modify_monitor.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=Manager,dc=harry,dc=com" read by * none
[root@openldap ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/1_modify_monitor.ldif
######### 添加memberof
#
# 当你添加group即objectClass 是groupOfUniqueNames时。添加属性为uniqueMember记录,会自动为该用户添加属性memberOf
#
#
[root@openldap opt]# vi /opt/2_add_memberof.ldif
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof
olcModulePath: /usr/lib64/openldap
[root@openldap opt]# vi /opt/3_add_memberof_config.ldif
dn: olcOverlay=memberof,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
olcMemberOfMemberOfAD: memberOf
[root@openldap opt]# vi /opt/5_modify_refint.ldif
dn: cn=module{0},cn=config
add: olcmoduleload
olcmoduleload: refint
[root@openldap opt]# vi /opt/6_add_refint_config.ldif
dn: olcOverlay=refint,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: refint
olcRefintAttribute: memberof uniqueMember manager owner
## 添加用户
[root@openldap opt]# vi /opt/10_harrywu.ldif
dn: cn=harrywu,ou=Users,dc=harry,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: harrywu
uid: harrywu
uidNumber: 1000
gidNumber: 1000
givenName: Harry
sn: Wu
homeDirectory: /home/harrywu
loginShell: /bin/bash
userPassword: 123456
## 添加group => groupOfUniqueNames
[root@openldap opt]# vi /opt/11_add_u_group1.ldif
dn: cn=g1,ou=Groups,dc=harry,dc=com
objectClass: groupOfUniqueNames
cn: g1
uniqueMember: cn=harrywu,ou=Users,dc=harry,dc=com
## 校验cn=harrywu是否新增属性memberOf
[root@openldap opt]# ldapsearch -H ldapi:/// -b 'dc=harry,dc=com' dn memberof
...
# harrywu, Users, harry.com
dn: cn=harrywu,ou=Users,dc=harry,dc=com
memberOf: cn=g1,ou=Groups,dc=harry,dc=com
...到此,关于“openldap-2.4.44 安装教程”的学习就结束了,希望能够解决大家的疑惑。理论与实践的搭配能更好的帮助大家学习,快去试试吧!若想继续学习更多相关知识,请继续关注亿速云网站,小编会继续努力为大家带来更多实用的文章!
亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
原文链接:https://my.oschina.net/u/204498/blog/3118008
