Centos7.8源码安装openldap

最新推荐文章于 2024-05-01 21:45:46 发布

张舵主

最新推荐文章于 2024-05-01 21:45:46 发布

阅读量601

点赞数

分类专栏： Linux 文章标签： linux ldap

本文链接：https://blog.csdn.net/u011288801/article/details/109276265

版权

Linux 专栏收录该内容

3 篇文章 0 订阅

订阅专栏

openldap官网

https://www.openldap.org/
https://www.openldap.org/software/download/

系统环境准备

centos7.8系统完成最小化安装，并完成最小化安装后的基本依赖包yum安装和关闭firewalld、清空iptables以及关闭selinux的设置。

#关闭firewalld、清空iptables以及关闭selinux的设置
   systemctl disable firewalld
   iptables -F
   setenforce 0
   
   #基本依赖包yum安装
   yum -y install iptables-services
   yum -y install vim
   yum -y install gcc*
   yum -y install tcpdump
   yum -y install lrzsz
   yum -y install cmake
   yum -y install bind-utils
   yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
   yum -y install libffi-devel -y
   yum -y install libxml*
   yum -y install telnet
   yum -y install git
   yum -y install wget
   yum -y install libtool
   yum -y install libcap-devel
   yum -y install ntpdate
   
   #系统时区设置
   cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime

执行下面命令再补漏一遍，否则openldap安装可能会有问题

yum -y install vim net-tools telnet gcc libtool libtool-ltdl libtool-ltdl-devel openssl openssl-devel openssl-libs gnutls gnutls-utils guntls-devel tcp-wrappers-devel tcp-wrappers-libs libdb-devel unixODBC-devel mysql-devel cyrus-sasl cyrus-sasl-devel autogen-libopts perl-LDAP authconfig nss-pam-ldapd openslp-devel

yum -y install tcp_wrappers*
yum -y install openssh-ldap

安装openldap

在linux上执行命令下载软件
wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.54.tgz
执行以下命令解压
tar -zxvf openldap-2.4.54.tgz
进入解压后的目录，然后编译安装

./configure --prefix=/openldap-2.4.54 --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-slapd --enable-dynacl --enable-aci --enable-cleartext --enable-crypt --enable-lmpasswd --enable-spasswd --enable-modules --enable-rewrite --enable-rlookups --enable-slapi --enable-wrappers --enable-bdb --enable-dnssrv --enable-hdb --enable-ldap --enable-mdb --enable-meta --enable-monitor --enable-null --enable-passwd --enable-relay --enable-shell --enable-sock --enable-sql --enable-overlays --enable-accesslog --enable-auditlog --enable-collect --enable-constraint --enable-dds --enable-deref --enable-dyngroup --enable-dynlist --enable-memberof=yes --enable-ppolicy --enable-proxycache --enable-refint --enable-recode --enable-rwm --enable-seqmod --enable-sssvlv --enable-syncprov --enable-translucent --enable-unique --enable-valsort --with-cyrus-sasl --with-fetch=auto --with-threads --with-tls --with-yielding-select --with-mp -with-odbc=auto --with-gnu-ld --with-pic

make
make install

拷贝基本的schema到openldap的配置目录，最终查看openldap下面的schema文件列表

   [root@localhost ~]# rpm -qa|grep openssh
   openssh-clients-7.4p1-21.el7.x86_64
   openssh-7.4p1-21.el7.x86_64
   openssh-server-7.4p1-21.el7.x86_64
   openssh-ldap-7.4p1-21.el7.x86_64
   [root@localhost ~]# rpm -ql openssh-ldap-7.4p1-21.el7.x86_64
   /usr/libexec/openssh/ssh-ldap-helper
   /usr/libexec/openssh/ssh-ldap-wrapper
   /usr/share/doc/openssh-ldap-7.4p1
   /usr/share/doc/openssh-ldap-7.4p1/HOWTO.ldap-keys
   /usr/share/doc/openssh-ldap-7.4p1/ldap.conf
   /usr/share/doc/openssh-ldap-7.4p1/openssh-lpk-openldap.ldif
   /usr/share/doc/openssh-ldap-7.4p1/openssh-lpk-openldap.schema
   /usr/share/doc/openssh-ldap-7.4p1/openssh-lpk-sun.ldif
   /usr/share/doc/openssh-ldap-7.4p1/openssh-lpk-sun.schema
   /usr/share/man/man5/ssh-ldap.conf.5.gz
   /usr/share/man/man8/ssh-ldap-helper.8.gz
   [root@localhost ~]# 
   [root@localhost ~]# 
   [root@localhost ~]# cd /openldap-2.4.54/etc/openldap/schema/
   [root@localhost ~]# cp /usr/share/doc/openssh-ldap-7.4p1/openssh-lpk-openldap.* ./
   [root@localhost ~]# cp /usr/share/doc/sudo-1.8.23/schema.OpenLDAP ./sudo.schema
   [root@localhost schema]# ls /openldap-2.4.54/etc/openldap/schema/*.schema

执行下面的命令生成一个加密的密码串，执行命令后输入密码，这个密码用于登录ldap
/openldap-2.4.54/sbin/slappasswd
配置/openldap-2.4.54/etc/openldap下的slapd.conf 主配置文件，主要的内容是include一些schema文件，和配置域名、root用户及密码，其余配置为默认即可。
下面是slapd.conf 主配置文件的include部分，这个顺序必须正确，否则运行报错。

   # This file should NOT be world readable.
   #
   include         /openldap-2.4.54/etc/openldap/schema/core.schema
   include         /openldap-2.4.54/etc/openldap/schema/collective.schema
   include         /openldap-2.4.54/etc/openldap/schema/misc.schema
   include         /openldap-2.4.54/etc/openldap/schema/corba.schema
   include         /openldap-2.4.54/etc/openldap/schema/cosine.schema
   include         /openldap-2.4.54/etc/openldap/schema/nis.schema
   include         /openldap-2.4.54/etc/openldap/schema/duaconf.schema
   include         /openldap-2.4.54/etc/openldap/schema/pmi.schema
   include         /openldap-2.4.54/etc/openldap/schema/dyngroup.schema
   include         /openldap-2.4.54/etc/openldap/schema/ppolicy.schema
   include         /openldap-2.4.54/etc/openldap/schema/inetorgperson.schema
   include         /openldap-2.4.54/etc/openldap/schema/sudo.schema
   include         /openldap-2.4.54/etc/openldap/schema/openldap.schema
   include         /openldap-2.4.54/etc/openldap/schema/openssh-lpk-openldap.schema
   include         /openldap-2.4.54/etc/openldap/schema/java.schema
   
   # Define global ACLs to disable default read access.

下面是域名、用户密码设置，用户名admin，密码是123456通过slappasswd 生成的，也可以用明文。域名是zduozhu.com

   #######################################################################
   # MDB database definitions
   #######################################################################
   
   database        mdb
   maxsize         1073741824
   suffix          "dc=zduozhu,dc=com"
   rootdn          "cn=admin,dc=zduozhu,dc=com"
   # Cleartext passwords, especially for the rootdn, should
   # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
   # Use of strong authentication encouraged.
   #rootpw         secret
   rootpw          {SSHA}EtYksUYTB1QUMI2tRK5P8DKbIyIFp+66
   # The database directory MUST exist prior to running slapd AND

测试配置文件是否正确。

   [root@localhost openldap-2.4.54]# sbin/slaptest
   5f9538ff mdb_monitor_db_open: monitoring disabled; configure monitor database to enable
   config file testing succeeded
   [root@localhost openldap-2.4.54]# pwd
   /openldap-2.4.54
   [root@localhost openldap-2.4.54]#

执行命令以前台debug模式启动
/openldap-2.4.54/libexec/slapd -d 1
启动后确认系统的389端口正常占用，然后ctrl+c取消
执行如下命令启动openldap到系统后台运行
/openldap-2.4.54/libexec/slapd

  [root@localhost openldap-2.4.54]# ps -ef|grep slapd
  root     130805      1  0 16:02 ?        00:00:00 /openldap-2.4.54/libexec/slapd
  root     130834   1365  0 16:39 pts/0    00:00:00 grep --color=auto slapd
  [root@localhost openldap-2.4.54]# netstat -anp|grep slapd
  tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      130805/slapd        
  tcp6       0      0 :::389                  :::*                    LISTEN      130805/slapd        
  unix  2      [ ]         DGRAM                    119403   130805/slapd         
  [root@localhost openldap-2.4.54]#

ApacheDirectoryStudio

安装ApacheDirectoryStudio

官网http://directory.apache.org/studio/
ApacheDirectoryStudio是一个基于JAVA的GUI方式管理LDAP的平台
官网支持下载各个平台的发行版本，但都需要安装java的jdk并且要求至少是8版本及以上。

ApacheDirectoryStudio链接openldap

单击file然后新建LDAP Connection
配置openldap的IP地址和端口并测试网络链接正常。
设置用户名及密码并测试验证通过
链接成功后的页面默认如下。

导入一个基本配置的文件内容如下，文件的结尾是ldif

[root@localhost ~]# cat base.ldif 
dn: dc=zduozhu,dc=com
o: zduozhu.com
dc: zduozhu
objectClass: top
objectClass: dcobject
objectClass: organization

请添加图片描述

在这里插入图片描述

张舵主

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Centos7.8源码安装openldap

centos7.8源码安装openldap并使用ApacheDirectoryStudio管理
复制链接

扫一扫

专栏目录