ldap(二)-openldap

ldap(二)-openldap

一、openldap安装：

主要有3个包：openldap、openldap-servers、openldap-clients 
[root@localhost ~]# yum -y install openldap* 

二、进入openldap目录，改名或者移动slapd.d目录，否则不会读取slapd.conf文件

[root@localhost openldap]# cd /etc/openldap/;ls -l

drwxr-xr-x.  2 root root 4096 Dec 22 08:20 certs

-rw-r--r--.  1 root root  282 Aug 24 14:18 ldap.conf

-rw-r--r--.  1 root root  280 Apr 29  2013 ldap.conf.rpmnew

drwxr-xr-x.  2 root root 4096 Dec 22 08:20 schema

drwx------.  3 ldap ldap 4096 Dec 22 08:20 slapd.d
[root@localhost openldap]# mv slap.d  ~/slap.d-bak

三、创建slapd.conf文件
如果openldap此目录下没有slapd.conf.bak文件，就去openldap-servers目录下拷贝slapd.conf.obsolete，然后改名为slapd.conf

[root@localhost openldap]# cp /usr/share/openldap-servers/slapd.conf.obsolete .

[root@localhost openldap]# cp slapd.conf.obsolete slapd.conf
 
四、编辑slapd.conf文件并，生成密码：

[root@localhost openldap]# slappasswd -h {MD5}-- 生成MD5格式密码

New password: 

Re-enter new password: 

{MD5}4QrcOUm6Wau+VuBX8g+IPg==

修改

slapd.conf

配置文件：

114 database        bdb

115 suffix          "dc=minzheng,dc=changsha"

116 checkpoint      1024 15

117 rootdn          "cn=manager,dc=minzheng,dc=changsha"

118 # Cleartext passwords, especially for the rootdn, should

119 # be avoided.  See slappasswd(8) and slapd.conf(5) for details.

120 # Use of strong authentication encouraged.

121 # rootpw                secret

122   rootpw                

{MD5}4QrcOUm6Wau+VuBX8g+IPg==

 
 

五

、测试配置文件

[root@localhost openldap]# slaptest -u -f slapd.conf

config file testing succeeded

 

 
 

六

、

创建数据库文件
[root@localhost openldap]# cd /var/lib/ldap/
[root@localhost ldap]# cp /usr/share/openldap-servers/DB_CONFIG.example .
[root@localhost ldap]# mv DB_CONFIG.example  DB_CONFIG 
 

七

、

启动 LDAP 服务 ，自动创建数据库文件

[root@localhost ldap]# service slapd start

Starting slapd:                                            [  OK  ]
 
八、安装迁移工具migrationtools
[root@localhost ldap]# yum -y install migrationtools 

 

[root@localhost migrationtools]# cd /usr/share/migrationtools/;ls -l *.pl

-rwxr-xr-x. 1 root root  2652 Aug 24  2010 migrate_aliases.pl

-rwxr-xr-x. 1 root root  3278 Aug 24  2010 migrate_automount.pl

-rwxr-xr-x. 1 root root  2608 Aug 24  2010 migrate_base.pl

-rwxr-xr-x. 1 root root  2952 Aug 24  2010 migrate_fstab.pl

-rwxr-xr-x. 1 root root  2714 Aug 24  2010 migrate_group.pl

-rwxr-xr-x. 1 root root  2751 Aug 24  2010 migrate_hosts.pl

-rwxr-xr-x. 1 root root  2856 Aug 24  2010 migrate_netgroup_byhost.pl

-rwxr-xr-x. 1 root root  2856 Aug 24  2010 migrate_netgroup_byuser.pl

-rwxr-xr-x. 1 root root  3879 Aug 24  2010 migrate_netgroup.pl

-rwxr-xr-x. 1 root root  2840 Aug 24  2010 migrate_networks.pl

-rwxr-xr-x. 1 root root  5635 Aug 24  2010 migrate_passwd.pl

-rwxr-xr-x. 1 root root  2428 Aug 24  2010 migrate_profile.pl

-rwxr-xr-x. 1 root root  2873 Aug 24  2010 migrate_protocols.pl

-rwxr-xr-x. 1 root root  2854 Aug 24  2010 migrate_rpc.pl

-rwxr-xr-x. 1 root root 10248 Aug 24  2010 migrate_services.pl

-rwxr-xr-x. 1 root root  3419 Aug 24  2010 migrate_slapd_c onf.pl

[root@localhost migrationtools]# vim migrate_common.ph 
70 # Default DNS domain$DEFAULT_MAIL_DOMAIN = "padl.com";

71 $DEFAULT_MAIL_DOMAIN = "minzheng.changsha";--对应slapd.conf中的配置信息

72 # Default base 

73 $DEFAULT_BASE = "dc=minzheng,dc=changsha";

运行脚本 migrate_base.pl，它会创建根项，并为 Hosts、Networks、Group和 People 等创建低一级的组织单元，指定为base.ldif文件

[root@localhost migrationtools]# ./migrate_base.pl > base.ldif

[root@localhost migrationtools]# ls -l *.ldif

-rw-r--r--. 1 root root 274 Dec 22 09:10 base.ldif

编辑 base.ldif文件：
[root@localhost migrationtools]# vim base.ldif 

dn: dc=minzheng,dc=changsha

dc: minzheng

objectClass: top

objectClass: domain

dn: ou=People,dc=minzheng,dc=changsha

ou: People

objectClass: top

objectClass: organizationalUnit

dn: ou=Group,dc=minzheng,dc=changsha

ou: Group

objectClass: top

objectClass: organizationalUnit
 
导入base.ldif数据文件：

[root@localhost migrationtools]# ldapadd -x -D "cn=manager,dc=minzheng,dc=changsha" -W -x -f base.ldif

Enter LDAP Password: --输入上面设置好的密码

adding new entry "dc=minzheng,dc=changsha"

adding new entry "ou=People,dc=minzheng,dc=changsha"

adding new entry "ou=Group,dc=minzheng,dc=changsha"

九、测试
[root@localhost migrationtools]# ldapsearch -x -b "ou=People,dc=minzheng,dc=changsha"

# extended LDIF

#

# LDAPv3

# base <ou=People,dc=minzheng,dc=changsha> with scope subtree

# filter: (objectclass=*)

# requesting: ALL

#

# People, minzheng.changsha

dn: ou=People,dc=minzheng,dc=changsha

ou: People

objectClass: top

objectClass: organizationalUnit

# search result

search: 2

result: 0 Success

# numResponses: 2

# numEntries: 1