# Centos安装配置LDAP
图形界面LDAPAdmin安装地址:
https://nchc.dl.sourceforge.net/project/ldapadmin/ldapadmin/1.8.3/LdapAdminExe-w64-1.8.3.zip
## 环境搭建
本次安装环境:centos6.5
配置本地域名解析:
```bash
# echo "192.168.8.43 techsure.cn" >> /etc/hosts
```
解决依赖关系:
```bash
# yum grouplist
```
输出如下:
Base
Debugging Tools
Performance Tools
Compatibility libraries
Development tools
Dial-up Networking Support
Hardware monitoring utilities
如果缺少组包,需要安装
```bash
# yum groupinstall -y "Compatibility libraries"
```
## 安装openldap
```bash
# yum install -y openldap openldap-*
```
```bash
# yum install -y nscd nss-pam-ldapd nss-* pcre pcre*
```
```bash
# rpm -qa | grep openldap*
```
compat-openldap-2.3.43-2.el6.x86_64
openldap-2.4.40-12.el6.x86_64
openldap-clients-2.4.40-12.el6.x86_64
openldap-servers-sql-2.4.40-12.el6.x86_64
openldap-servers-2.4.40-12.el6.x86_64
openldap-devel-2.4.40-12.el6.x86_64
## 配置slapd.conf文件
依次执行以下命令:
```bash
# cd /etc/openldap/
```
```bash
# cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf
```
```bash
# cp slapd.conf slapd.conf.bak
```
```bash
# slappasswd -s techsure|sed -e "s#{SSHA}#rootpw\t{SSHA}#g"
```
```bash
# slappasswd -s techsure|sed -e "s#{SSHA}#rootpw\t{SSHA}#g">>/etc/openldap/slapd.conf
```
检查密码是否写入配置文件中:
```bash
# tail -1 slapd.conf
```
```bash
# vim slapd.conf
```
注释以下四行内容:
```bash
database dbb
suffix "dc=my-domain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=my-domain,dc=com"
```
添加如下内容:
```bash
database bdb
suffix "dc=techsure,dc=cn"
rootdn "cn=admin,dc=techsure,dc=cn"
```
对比修改是否成功:
```bash
# diff slapd.conf.bak slapd.conf
```
添加如下内容:
```bash
# cat >> /etc/openldap/slapd.conf<<EOF
loglevel 296
cachesize 1000
checkpoint 2018 10
EOF
```
参数说明:
> loglevel 296 # 日志级别,记录日志信息方便调试,296级别是由256(日志连接/操作/结果)、32(搜索过滤器处理)、8(连接管理)累加的结果
cachesize 1000 # 设置ldap可以换成的记录数
checkpoint 2018 10 # 可以设置把内存中的数据协会数据文件的操作上,上面设置表示每达到2048KB或者10分钟执行一次,checkpoint即写入数据文件的操作
## ldap授权及安全参数配置
```bash
# vim /etc/openldap/slapd.conf
```
删除以下内容:
```bash
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
# enable server status monitoring (cn=monitor)
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=Manager,dc=my-domain,dc=com" read
by * none
```
添加以下内容
```bash
access to *
by self write
by anonymous auth
by * read
```
## 加入日志记录
```bash
# cp /etc/rsyslog.conf /etc/rsyslog.conf.bak.$(date +%F%T)
# echo '#record ldap.log by jack 2016-07-01' >> /etc/rsyslog.conf
# echo 'local4.* /var/log/ldap.log'>> /etc/rsyslog.conf
# tail -1 /etc/rsyslog.conf
# service rsyslog restart
```
## 配置ldap数据库路径
```bash
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown ldap:ldap /var/lib/ldap/DB_CONFIG
# chmod 700 /var/lib/ldap/
```
验证配置
```bash
slaptest -u
```
## 启动服务
```bash
# /etc/init.d/slapd restart
#lsof -i :389
```
配置随机启动
```bash
# chkconfig --list slapd
```
## 测试查找内容
```bash
#ldapsearch -LLL -W -x -H ldap://techsure.cn -D "cn=admin,dc=techsure,dc=cn" -b "dc=techsure,dc=cn" "(uid=*)"
```
此处会要求输入密码,密码是上面执行的techsure,如果出现报错:ldap_bind: Invalid credentials (49),执行以下命令后再次测试:
```bash
# rm -rf /etc/openldap/slapd.d/*
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
```
## LDAPAdmin连接
6362
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
