事先说明:
①Openstack环境已准备好,backend当然是mysql的,可以用packstack安装一下,详见packstack自动化部署
②本文档是参考华为团队的资料http://blog.csdn.net/lynn_kong/article/details/10239089,赞一下(文档是openstack G版,我这里用的K版)
还有openstack官网的资料(太笼统,没什么用)
③本人对ldap是一窍不通的,所以配置中有投机取巧的地方,将就将就了吧
④环境说明:系统(RHEL7+Openstack(K)),ldap 2.4.39
一、ldap相关包安装
# yum install -y openldap* (一般源里都有吧吧)
二、修改ldap配置文件
①添加slapd.conf配置文件(现在版本ldap已经不用conf配置文件了,但还兼容,我的取巧方式之一)
# vim /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel none
modulepath /usr/libexec/openldap
moduleload back_hdb
database hdb
suffix "dc=openstack,dc=com" # openstack com等可自行设置
rootdn "cn=Manager,dc=openstack,dc=com"
rootpw shitou92 # 密码自行设置
directory /var/lib/ldap
index objectClass,cn eq
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by self write
by * none
②备份原始配置(slapd.d方式),改用slapd.conf的方式
<pre name="code" class="cpp"># mv /etc/openldap/slapd.d /etc/openldap/slap.d.bak -f
③启动ldap服务
# systemctl start slapd.service
# systemctl enable slapd.service
三、创建文件add.ldif
# vim add.ldif
dn: dc=openstack,dc=com #dc根据配置文件中的suffix修改
dc: openstack
objectClass: dcObject
objectClass: organizationalUnit
ou: openstack
dn: ou=Projects,dc=openstack,dc=com
objectClass: top
objectClass: organizationalUnit
ou: projects
dn: ou=Users,dc=openstack,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
dn: ou=Roles,dc=openstack,dc=com
objectClass: top
objectClass: organizationalUnit
ou: roles
dn: ou=Groups,dc=openstack,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: ou=Domains,dc=openstack,dc=com
objectClass: top
objectClass: organizationalUnit
ou: domains
将表导入ldap中
# ldapadd -x -c -D "cn=Manager,dc=op