LDAP-源码版-部署及应用
目录
BerkeleyDB包
db-4.8.26.tar.gz兼容ldap-2.4.23,
openldap-stable-20100719-2.4.23.tgz
[root@test-1 /]#yum -y install openldap-clientsphp-ldapopenldap-servers
[root@test-1 /]#/etc/init.d/ldap stop
tar–xvfdb-4.8.26.tar.gz
[root@test-1 /]#cd build_unix/
[root@test-1 /]#../dist/configure
[root@test-1 /]#make && make install
为了防止LDAP安装出错。需要调整变量
[root@test-1 /]#CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include"
[root@test-1 /]#export CPPFLAGS
[root@test-1 /]#LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.8/lib -R/usr/local/BerkeleyDB.4.8/lib"
[root@test-1 /]#export LDFLAGS
[root@test-1 /]#LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.8/lib"
[root@test-1 /]#export LD_LIBRARY_PATH
tar–xvfopenldap-stable-20100719.tgz
[root@test-1 /]#cd openldap-2.4.23/
[root@test-1 /]#./configure --prefix=/usr/local/openldap/ --with-tls --with-cyrus-sasl --enable-spasswd --enable-kpasswd --with-kerberos --with-threads --enable-wrappers --enable-bdb
Redhat6.0安装错误的提示” could not find TCP_wrappers,”解决办法”yum–y install tcp_*
[root@test-1 /]#make depend
[root@test-1 /]#make
[root@test-1 /]#make install
[root@test-1 /]#groupadd ldap && useradd–g ldap ldap
[root@test-1 /]#chown–R ldap:ldap/usr/local/openldap/
[root@test-1 /]#ln -s/usr/local/openldap/sbin/slappasswd/usr/sbin/slappasswd-a
[root@test-1 /]#ln -s /usr/local/openldap/sbin/slaptest /usr/sbin/slaptest-a
[root@test-1 /]#ln -s/usr/local/openldap/libexec/slapd/etc/init.d/ldapd
[root@test-1 /]#ln-s/usr/local/openldap/etc/openldap/slapd.conf/etc/openldap/slapd.conf-a
[root@test-1 /]# slappasswd
{SSHA}Vi7IF78RRQnQ9EnYKn+g+i0BORpQVgj3
vim /usr/local/openldap/etc/openldap/slapd.conf
include /usr/local/openldap//etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/corba.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/java.schema
include /usr/local/openldap/etc/openldap/schema/misc.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/openldap.schema
database bdb#:使用DB
suffix"dc=zeng,dc=com"#:DN根域名
rootdn "cn=root,dc=zeng,dc=com"#:登陆帐户设置
rootpw {SSHA}Vi7IF78RRQnQ9EnYKn+g+i0BORpQVgj3#:slappasswd 加密过的密码
最末行加添加以下行
index objectClass eq,pres
index ou,cn,mail,surname,givennameeq,pres,sub
index uidNumber,gidNumber,loginShelleq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
[root@test-1 /]#cd/usr/local/openldap/var/openldap-data&&cp DB_CONFIG.example DB_CONFIG
[root@test-1 /]# slaptest#:测试配置文件是否正确
/etc/init.d/ldap start#:开始启动服务
[root@test-1 /]# ps -ef | grep ldap
root 12051 1 0 01:49 ? 00:00:00 /etc/init.d/ldap start
[root@test-1 /]#netstat -nap |grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 12051/ldap
tcp 0 0 :::389 :::* LISTEN 12051/ldap
[root@test-1 /]# ldapsearch -x -b '' -s base '(objectclass=*)'
注意:-b后面是两个单引号,用来阻止特殊字符被Shell解析。
[root@test-1 /]#unzipphpldapadmin-1.2.0.5.zip
[root@test-1/]#cp/test/phpldapadmin/config/config.php.example/test/phpldapadmin/config/config.php
mv /test/phpldapadmin/var/www/html/phpadmin
找到$servers->setValue('server','name','My LDAP Server');
将下面的子属性注释掉
$servers->setValue('server','host','localhost');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=zeng,dc=com'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=root,dc=zeng,dc=com');
$servers->setValue('login','bind_pass','secret');
[root@test-1 /]#/etc/init.d/httpd start
”主域名”树根example.com
[root@test-1 /]#vim 1.ldif
objectclass: dcobject
objectclass: organizationalUnit
dc: example
ou: example
[root@test-1 /]#ldapadd–v–c–x–D“cn=root,dc=example,dc=com”–w 123–f 1.ldif
[root@test-1 /]#vim 2.ldif
dn: ou=group,dc=example,dc=com
objectclass: organizationalUnit
ou: group
[root@test-1 /]#mkdir /tmp/test && cd /tmp/test
[root@test-1 /]#groupadd user && cat /etc/group > usergroup.in
[root@test-1 /]#cd/usr/share/openldap/migration/
[root@test-1 /]#./migrate_group.pl /tmp/test/usergroup.in> /tmp/test/usergroup.ldif
[root@test-1 /]#vim /tmp/test/usergroup.ldif
dn: cn=user,ou=group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: user
userPassword: {crypt}x
gidNumber: 500
[root@test-1 /]#ldapadd–v–c–x–D“cn=root,dc=example,dc=com”–w 123–f/tmp/test/usergroup.ldif
adding new entry "cn=user,ou=group,dc=example,dc=com"
modify complete
GID:500 和下面的用户GID一样
[root@test-1 /]#vim /tmp/test/list.user
user01 123
user02 123
user03 123
user04 123
user05 123
user06 123
[root@test-1 /]#for zeng in `awk '{print $1}' /tmp/test/list.usr`; do useradd $zeng; grep "\" /tmp/test/list.usr | awk '{print $2}' | passwd --stdin $zeng; done
passwd: all authentication tokens updated successfully.
passwd: all authentication tokens updated successfully.
passwd: all authentication tokens updated successfully.
[root@test-1 /]#cat /etc/passwd > /tmp/test/list.in
[root@test-1 /]#vim /tmp/test/list.in
user01:x:500:500::/home/user01:/bin/bash##GID改成500,加入上面的user组
user02:x:501:500::/home/user02:/bin/bash
user03:x:502:500::/home/user03:/bin/bash
user04:x:503:500::/home/user04:/bin/bash
user05:x:504:500::/home/user05:/bin/bash
user06:x:505:500::/home/user06:/bin/bash
user07:x:506:500::/home/user07:/bin/bash
[root@test-1 /]#./migrate_passwd.pl /tmp/test/list.in > /tmp/test/list.ldif
[root@test-1 /]#cat/tmp/test/list.ldif
dn: uid=user01,ou=group,dc=example,dc=com##指定正确的OU和/域
uid: user01
cn: user01
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$Za0PIA24$5uY5GiiZ4LDhYABNgmcj1/
shadowLastChange: 15075
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 501
homeDirectory: /home/user01
[root@test-1 /]#ldapadd -v -x -c -D "cn=root,dc=example,dc=com" -w 123 -f /tmp/test/list.ldif
ldap_initialize( )
add uid:user01
add cn:
user01
adding new entry "uid=user01,ou=group,dc=example,dc=com"
modify complete
[root@test-1 /]# authconfig-tui
[root@test-1 /]#vim /etc/pam.d/system-auth
session required pam_mkhomedir.so skel=/etc/skel umask=0022
407
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
