129.OpenLDA安装并配置客户端-2

129.1 导入根域及管理员账号

• root.ldif文件创建

[root@ip-xxx-xx-xx-xxx ldap]# vim root.ldif
dn: dc=fayson,dc=com
dc: fayson
objectClass: top
objectClass: domain
dn: cn=Manager,dc=fayson,dc=com
objectClass: organizationalRole
cn: Manager

• 导入根域及管理员信息

[root@ip-xxx-xx-xx-xxx ldap]# ldapadd -D "cn=Manager,dc=fayson,dc=com" -W -x -f root.ldif

• 查看是否导入成功

[root@ip-xxx-xx-xx-xxx ldap]# ldapsearch -h ip-xxx-xx-xx-xxx.ap-southeast-1.compute.internal -b "dc=fayson,dc=com" -D "cn=Manager,dc=fayson,dc=com" -W

129.2 导入基础文件及用户和用户组

• migrate_common.ph文件修改

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "fayson.com";
# Default base 
$DEFAULT_BASE = "dc=fayson,dc=com";

• OpenLdap的base.ldif文件导出

[root@ip-xxx-xx-xx-xxx ldap]# /usr/share/migrationtools/migrate_base.pl >base.ldif
[root@ip-xxx-xx-xx-xxx ldap]# ll
[root@ip-xxx-xx-xx-xxx ldap]# vim base.ldif

• 配置Fayson

dn: ou=People,dc=fayson,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=fayson,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

• 操作系统的group.ldif文件导出

[root@ip-xxx-xx-xx-xxx ldap]# /usr/share/migrationtools/migrate_group.pl /etc/group > group.ldif
[root@ip-xxx-xx-xx-xxx ldap]# ll
[root@ip-xxx-xx-xx-xxx ldap]# vim group.ldif

# 根据需要删除不需要导入OpenLDAP服务的group，如下是Fayson的配置
dn: cn=root,ou=Group,dc=fayson,dc=com
 objectClass: posixGroup
 objectClass: top
 cn: root
 userPassword: {crypt}x
 gidNumber: 0
 dn: cn=fayson,ou=Group,dc=fayson,dc=com
 objectClass: posixGroup
 objectClass: top
cn: fayson
userPassword: {crypt}x
gidNumber: 1001

• 用户的ldif文导出

[root@ip-xxx-xx-xx-xxx ldap]# /usr/share/migrationtools/migrate_passwd.pl /etc/passwd >user.ldif
[root@ip-xxx-xx-xx-xxx ldap]# ll
[root@ip-xxx-xx-xx-xxx ldap]# vim user.ldif

# 根据需要保留user.ldif文件中需要导入OpenLDAP服务的用户信息，注意用户信息与group.ldif中组的对应，否则会出现用户无相应组的问题，如下是Fayson的配置
 dn: uid=root,ou=People,dc=fayson,dc=com
 uid: root
 cn: root
 objectClass: account
 objectClass: posixAccount
 objectClass: top
 objectClass: shadowAccount
 userPassword: {crypt}!!
 shadowLastChange: 17094
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
dn: uid=fayson,ou=People,dc=fayson,dc=com
uid: fayson
cn: fayson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!!
shadowLastChange: 17566
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/fayson

• 基础文件及用户和组导入OpenLDAP

ldapadd -D "cn=Manager,dc=fayson,dc=com" -W -x -f base.ldif
ldapadd -D "cn=Manager,dc=fayson,dc=com" -W -x -f group.ldif
ldapadd -D "cn=Manager,dc=fayson,dc=com" -W -x -f user.ldif

• 查看是否导入成功

ldapsearch -h ip-xxx-xx-xx-xxx.ap-southeast-1.compute.internal -b "dc=fayson,dc=com" -D "cn=Manager,dc=fayson,dc=com" -W|grep dn

129.3 客户端配置

• 在ip-xxx-xx-xx-xxx节点安装OpenLDAP的客户端软件包

[root@ip-xxx-xx-xx-xxx ~]# yum -y install openldap-clients

• /etc/openldap/ldap.conf文件修改

[root@ip-xxx-xx-xx-xxx ~]# yum -y install openldap-clients
[root@ip-xxx-xx-xx-xxx ~]# vim /etc/openldap/ldap.conf 
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
TLS_CACERTDIR   /etc/openldap/certs
URI ldap://ip-xxx-xx-xx-xxx.ap-southeast-1.compute.internal
BASE dc=fayson,dc=com
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON    on

• 是否配置成功

[root@ip-xxx-xx-xx-xxx ~]# ldapsearch -D "cn=Manager,dc=fayson,dc=com" -W |grep dn

大数据视频推荐：
CSDN
人工智能算法竞赛实战
AIops智能运维机器学习算法实战
ELK7 stack开发运维实战
PySpark机器学习从入门到精通
AIOps智能运维实战
大数据语音推荐：
ELK7 stack开发运维
企业级大数据技术应用
大数据机器学习案例之推荐系统
自然语言处理
大数据基础
人工智能：深度学习入门到精通