本次实验参考链接:
https://blog.csdn.net/u013577413/article/details/105193881
https://blog.csdn.net/zhoushengtao12/article/details/95346903
https://blog.csdn.net/a_drjiaoda/article/details/89674468
https://blog.csdn.net/ytangdigl/article/details/79796961
https://blog.csdn.net/weixin_34143774/article/details/92851789
万分感谢🙏
Centos7 搭建openldap
本次实验环境:
[root@myc-test ~]# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.7.1908 (Core)
Release: 7.7.1908
Codename: Core
[root@myc-test ~]# slapd -VV
@(#) $OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) $
[email protected]:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
[root@myc-test ~]# rpm -qa | grep phpldapadmin
phpldapadmin-1.2.3-10.el7.noarch
[root@myc-test ~]# php -v
PHP 5.4.16 (cli) (built: Nov 1 2019 16:04:20)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
开始正式搭建
-
关闭selinux和防火墙
[root@myc-test ~]# getenforce
Enforcing
[root@myc-test ~]# setenforce 0
[root@myc-test ~]# getenforce
Permissive
[root@myc-test ~]# firewall-cmd --state
running
[root@myc-test ~]# systemctl stop firewalld.service
[root@myc-test ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@myc-test ~]# firewall-cmd --state
not running
更新系统时间
[root@myc-test ~]# yum -y install ntp ntpdate
[root@myc-test ~]# ntpdate 0.asia.pool.ntp.org
25 Apr 16:17:54 ntpdate[2056]: step time server 203.107.6.88 offset 3699663.834363 sec
[root@myc-test ~]# hwclock --systohc
[root@myc-test ~]# date
2020年 04月 25日 星期六 16:18:07 CST
-
安装openldap,本次实验所有执行用户为root。
# yum 安装相关包
yum install -y openldap openldap-clients openldap-servers
# 复制一个默认配置到指定目录下,并授权,这一步一定要做,然后再启动服务,不然生产密码时会报错
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# 授权给ldap用户,此用户yum安装时便会自动创建
chown -R ldap. /var/lib/ldap/DB_CONFIG
# 启动服务,先启动服务,配置后面再进行修改
systemctl start slapd
systemctl enable slapd
# 查看状态,正常启动则ok
systemctl status slapd
-
修改open ldap配置
这里就是重点中的重点了,从openldap2.4.23版本开始,所有配置都保存在/etc/openldap/slapd.d目录下的cn=config文件夹内,不再使用slapd.