操作系统:Centos-7
[root@ldap ~]# uname -r
3.10.0-514.el7.x86_64
Openldap Version:
Name : openldap-serversVersion : 2.4.44
Release : 15.el7_5
Architecture: x86_64
Install Date: Wed 20 Jun 2018 11:58:33 PM EDT
主机规划:
172.16.91.254: ldap.example.com
172.16.92.254:client.example.com
部署步骤:
配置/etc/hosts对主机名进行解析:
vim /etc/hosts
172.16.92.254 ldap.example.com
172.16.91.254 client.example.com
将两台机器的防火墙与selinux全部关闭
iptables -F
systemclt stop firewalld
setenforce 0
保持机器时间同步:
步骤一:使用yum源在ldap.example.com安装软件
[root@ldap ~]# yum install openldap-servers openldap-clients openldap-devel
步骤二:
给管理员生成密码:
[root@server2 ~]# slappasswd
New password:
Re-enter new password:
{SSHA}Bf22UEHcFk1DvjqHGAlpGBV5bCfEHbk3
步骤三:
修改配置文件:
[root@ldap ~]# cd /etc/openldap/slapd.d/cn\=config/
[root@ldap cn=config]# vim olcDatabase\=\{1\}monitor.ldif
修改第六行内容,并将内容整理成为一行
6 olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none
[root@ldap cn=config]# vim olcDatabase\=\{2\}hdb.ldif
7 olcDbDirectory: /var/lib/ldap
8 olcSuffix: dc=example,dc=com
9 olcRootDN: cn=Manager,dc=example,dc=com ----设置DN,DC 域为example.com
......
23 olcRootPW: {SSHA}Bf22UEHcFk1DvjqHGAlpGBV5bCfEHbk3 ----管理员密码
24 olcTLSCertificateFile: /etc/pki/tls/certs/example.crt ----tls证书
25 olcTLSCertificateKeyFile: /etc/pki/tls/certs/example.key ----tls私钥
步骤四:拷贝数据库配置文件
[root@ldap cn=config]# cp /usr/share/o