环境:
系统:CentOS 6.7
openldap:2.4.40
安装:
1、导入epel源
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm –ivh epel-release-6-8.noarch.rpm
2、安装openldap
yum -y install openldap openldap-*
3、配置openldap,包括准备DB_CONFIG和slapd.conf
cd /etc/openldap/ cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
设置管理员密码:
slappasswd -s 123456 {SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
4、修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
database bdb suffix "dc=beyondh,dc=org" checkpoint 1024 15 rootdn "cn=admin,dc=beyondh,dc=org" rootpw {SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
5、修改目录权限
chown -R ldap:ldap /etc/openldap/ chown -R ldap:ldap /var/lib/ldap/
6、启动slapd服务
/etc/init.d/slapd start
注意一定要先启动slapd服务,第7部测试的时候才不会报错,提示某数据库文件不存在,只有启动服务后才能生产该文件。
7、测试
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ config file testing succeeded
8、安装migrationtools
yum install migrationtools -y
9、编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置
vim /usr/share/migrationtools/migrate_common.ph $DEFAULT_MAIL_DOMAIN = "beyondh.org"; $DEFAULT_BASE = "dc=beyondh,dc=org";
10、生成base.ldif、passwd.ldif、group.ldif文件
/usr/share/migrationtools/migrate_base.pl > /tmp/base.ldif /usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif /usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif ls /tmp/ base.ldif group.ldif passwd.ldif
11、导入base.ldif、passwd.ldif、group.ldif文件
[root@localhost openldap]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/base.ldif [root@localhost migrationtools]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/group.ldif [root@localhost migrationtools]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/passwd.ldif
需要输入管理员密码
12、测试数据导入是否成功
[root@localhost openldap]# ldapsearch -LLL -W -x -H ldap://beyondh.org -D "cn=admin,dc=beyondh,dc=org" -b "dc=beyondh,dc=org" Enter LDAP Password: dn: dc=beyondh,dc=org dc: beyondh objectClass: top objectClass: domain dn: ou=Hosts,dc=beyondh,dc=org ou: Hosts objectClass: top objectClass: organizationalUnit dn: ou=Rpc,dc=beyondh,dc=org ou: Rpc objectClass: top objectClass: organizationalUnit dn: ou=Services,dc=beyondh,dc=org ou: Services objectClass: top objectClass: organizationalUnit dn: nisMapName=netgroup.byuser,dc=beyondh,dc=org nisMapName: netgroup.byuser objectClass: top objectClass: nisMap dn: ou=Mounts,dc=beyondh,dc=org ou: Mounts objectClass: top objectClass: organizationalUnit dn: ou=Networks,dc=beyondh,dc=org ou: Networks objectClass: top objectClass: organizationalUnit dn: ou=People,dc=beyondh,dc=org ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=beyondh,dc=org ou: Group objectClass: top objectClass: organizationalUnit dn: ou=Netgroup,dc=beyondh,dc=org ou: Netgroup objectClass: top objectClass: organizationalUnit dn: ou=Protocols,dc=beyondh,dc=org ou: Protocols objectClass: top objectClass: organizationalUnit dn: ou=Aliases,dc=beyondh,dc=org ou: Aliases objectClass: top objectClass: organizationalUnit dn: nisMapName=netgroup.byhost,dc=beyondh,dc=org nisMapName: netgroup.byhost objectClass: top objectClass: nisMap
13、安装httpd及PhpLdapAdmin
yum -y install httpd phpldapadmin
14、 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问
<Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</Directory>
15、修改/etc/phpldapadmin/config.PHP配置用DN登录,
在397行,将
// $servers->setValue('login','attr','dn'); $servers->setValue('login','attr','uid');
改成
$servers->setValue('login','attr','dn'); //$servers->setValue('login','attr','uid');
16启动httpd
/etc/init.d/httpd start
17、访问ldapadmin
18、开启日志功能
编辑/etc/rsyslog.conf 文件,加入下面一行
local4.* /var/log/openldap.log
编辑/etc/openldap/slapd.conf文件,加入下面两行
loglevel 296 cachesize 1000
重启rsyslog服务和slapd服务
/etc/init.d/rsyslog restart /etc/init.d/slapd restart ls -l /var/log/openldap.log -rw------- 1 root root 216 Mar 23 15:46 /var/log/openldap.log
转载于:https://blog.51cto.com/zengestudy/1909640