该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
安装ldap-server
一、建立文件夹
[root@localhost CentOS]# mkdir /media/CentOS
二、把光盘加载到本地
[root@localhost CentOS]# mount /dev/cdrom /media/CentOS
在使用yum进行install时,经常会出现下面的错误
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 1ac70ce6
导致安装不能进行。解决方法如下:
[root@localhost CentOS]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[root@localhost CentOS]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
三、安装以后进行配置
123 cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.confcp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIGmv /etc/openldap/slapd.d{,.bak}
四、通过vi修改slapd.conf,步骤如下:
1. 设置目录树的后缀
找到语句:
suffix "dc=my-domain,dc=com"
将其改为:
suffix " dc=mail,dc=yourdomainname,dc=com,dc=cn "
2.该语句设置LDAP管理员的DN
找到语句:vi
rootdn "cn=Manager,dc=my-domain,dc=com"
将其改为:
rootdn "cn=Manager, dc=mail,dc=yourdomainname,dc=com,dc=cn"
3.设置LDAP管理员的口令
创建LDAP管理员密码:
# slappasswd
比如密码是redhat,输入完密码后,返回一串密文,先保存到剪贴板
{SSHA}pfAJm+JJjTJpoR5YKLy
修改/etc/openldap/slapd.conf
找到语句:
rootpw secret
将其改为:
rootpw {SSHA}NX6PjTKE6OYr
口令也可以用明文
Rootpw 12345678
Makedir /etc/openldap/certs
删除默认/etc/openldap/slapd.d下面的所有内容,否则后面在使用ldapadd的时候会报错:
# rm -rf/etc/openldap/slapd.d/*
然后重启下系统(一定要重启)
启动LDAP的slapd服务,并设置自启动:
# serviceslapd restart
# chkconfigslapd on
赋予配置目录相应权限:
# chown -Rldap:ldap /var/lib/ldap
# chown -Rldap:ldap /etc/openldap/
测试并生成配置文件:
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
返回configfile testing succeeded,则配置成功。
赋予生成的配置文件予权限并重启:
# chown -Rldap:ldap /etc/openldap/slapd.d
# serviceslapd restart
关掉防火墙
12 service iptables stopchkconfig iptables off
五、建立用户(以下dn 需更换为dc=mail,dc=yourdomainname,dc=com,dc=cn):
Create a file named base.ldif containing thelines below and save it into your home directory.
dn:dc=acme,dc=local
dc:acme
objectClass:domain
Import base.ldif into your directory using thecommand below.
ldapadd-x -D "cn=manager,dc=acme,dc=local" -w password -f ~/base.ldif
Replacepassword with the root password you specified in slapd.conf.
Topopulate your directory, create a file similar to the one below and import itusing ldapadd or better yet, use a GUI tool like JXplorer, a Java based LDAPbrowser.
dn:ou=People,dc=acme,dc=local
ou:People
objectClass:organizationalUnit
dn:uid=bugsbunny,ou=People,dc=acme,dc=local
uid:bugsbunny
cn:Bugs Bunny
displayName:Bugs Bunny
givenName:Bugs
sn:Bunny
objectClass:inetOrgPerson
userPassword:password
mail:bugsbunny@acme.local
ThedisplayName attribute is required for Outlook addressbook users.
Shutdown –h now