Openldap配置TLS加密传输(完整版——shell脚本实现[分别在客户端与服务器端执行脚本,实现TLS加密])

此脚本中只是负责实现了TLS加密配置部分,openLDAP的编译安装以及设置是前期已经配置好的!

具体的配置看上上篇文章openLDAP的编译安装以及配置

注意slapd.conf中的配置,脚本中为【suffix "dc=mirage,dc=com"   rootdn  "

cn=AuthUsers,dc=mirage,dc=com"】

ldapTls.sh


代码在此不做太多的解释,配置文档看Openldap配置TLS加密传输(完整版——手动配置)

代码的下载:链接:https://pan.baidu.com/s/1Mr_g42QnAP0nO9ZOaifixA 密码:kmlk

客户端

注意事项:

     脚本必须放在/root/workspace/clildapTls目录下:

     需要已经配置好的以下文件:

        CA.crt  CA.key  clildapTls.sh  index.txt

openssl.cnf  serial

代码(clildapTls.sh):

#!/bin/sh

# description: CLIENT LDAP TLS CONFIGURATION 

RUN_PATH="/root/workspace/clildapTls"

CLICA_PATH="/etc/pki/CA"

CLICAPRI_PATH="/etc/pki/CA/private"

CLICATLS_PATH="/etc/pki/tls/"

SERVERCERT_PATH="/usr/local/etc/openldap/certs/"

SERVEROLDLDAP_PATH="/etc/openldap"

SERVERLDAP_PATH="/usr/local/etc/openldap"
 

cp $RUN_PATH/CA.key $CLICAPRI_PATH

cp $RUN_PATH/CA.crt $CLICA_PATH

cp $RUN_PATH/index.txt $CLICA_PATH

cp $RUN_PATH/serial $CLICA_PATH

cp $RUN_PATH/openssl.cnf $CLICA_PATH
 

mkdir -p $SERVERCERT_PATH

cp $RUN_PATH/CA.crt $SERVERCERT_PATH

cp $RUN_PATH/CA.key $SERVERCERT_PATH

cp $SERVEROLDLDAP_PATH/ldap.conf $SERVERLDAP_PATH

sed -i '$a TLS_REQCERT allow' $SERVERLDAP_PATH/ldap.conf

sed -i '/^TLS_CACERTDIR/{s/etc.*$/usr\/local\/etc\/openldap\/certs/g}' $SERVERLDAP_PATH/ldap.conf

sed -i 's/^SASL_NOCANON/#&/' $SERVERLDAP_PATH/ldap.conf

cat $SERVERLDAP_PATH/ldap.conf|grep ^BASE && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a BASE dc=mirage,dc=com' $SERVERLDAP_PATH/ldap.conf;fi

cat $SERVERLDAP_PATH/ldap.conf|grep ^URI && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a URI ldaps://127.0.0.1/' $SERVERLDAP_PATH/ldap.conf;fi

服务器端

注意事项:

     脚本必须放在/root/workspace/serldapTls目录下:

     需要已经配置好的以下文件:

 CA.crt  ldapsrv02.crt  ldapsrv02.key

代码(serldapTls.sh):


#!/bin/sh

# description: SREVER LDAP TLS CONFIGURATION


RUN_PATH="/root/workspace/serldapTls"

SERVERCERT_PATH="/usr/local/etc/openldap/certs/"

SERVEROLDLDAP_PATH="/etc/openldap"

SERVERLDAP_PATH="/usr/local/etc/openldap"
 

cp $RUN_PATH/ldapsrv02.crt  $RUN_PATH/ldapsrv02.key $SERVERCERT_PATH

cp $RUN_PATH/CA.crt $SERVERCERT_PATH
 

#配置ldap.conf 文件

chown -R ldap:ldap $SERVERCERT_PATH;

cp $SERVEROLDLDAP_PATH/ldap.conf $SERVERLDAP_PATH

sed -i '/^TLS_CACERTDIR/{s/etc.*$/usr\/local\/etc\/openldap\/certs/g}' $SERVERLDAP_PATH/ldap.conf

cat $SERVERLDAP_PATH/ldap.conf|grep ^BASE && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a BASE dc=mirage,dc=com' $SERVERLDAP_PATH/ldap.conf;fi

serverIp=`ifconfig eth0 | grep 'inet addr' | sed 's/^.*addr://g' | sed 's/Bcast.*$//g'`

line=`sed -n '/^URI/=' $SERVERLDAP_PATH/ldap.conf`

if [  $line ];then

        sed -i "$line d" $SERVERLDAP_PATH/ldap.conf

        sed -i "$line iURI ldap://$serverIp" $SERVERLDAP_PATH/ldap.conf

else

        sed -i "$a URI ldap://$serverIp" $SERVERLDAP_PATH/ldap.conf

fi

sed -i 's/^SASL_NOCANON/#&/' $SERVERLDAP_PATH/ldap.conf
 

#配置slapd.conf 文件

cp $SERVERLDAP_PATH/slapd.conf.bak $SERVERLDAP_PATH/slapd.conf

cat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCACertificatePath && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCACertificatePath /usr/local/etc/openldap/certs' $SERVERLDAP_PATH/slapd.conf;fi

cat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCertificateFile && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCertificateFile   /usr/local/etc/openldap/certs/ldapsrv02.crt' $SERVERLDAP_PATH/slapd.conf;fi

cat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCertificateKeyFile && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCertificateKeyFile   /usr/local/etc/openldap/certs/ldapsrv02.key' $SERVERLDAP_PATH/slapd.conf;fi

 
#修改库文件

rm -rf $SERVERLDAP_PATH/slapd.d/*

slaptest -f $SERVERLDAP_PATH/slapd.conf -F $SERVERLDAP_PATH/slapd.d/

chown -R ldap:ldap $SERVERLDAP_PATH/slapd.d
 

#配置监听的端口

`killall slapd`

/usr/local/libexec/slapd -h "ldap://$serverIp ldaps://$serverIp"

`netstat -tunlp | grep slapd`

阅读更多
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/weixin_42167759/article/details/80695294
个人分类: 协议 Linux shell脚本
相关热词: openldap
上一篇Openldap配置TLS加密传输(完整版——shell脚本实现[即在客户端执行代码,即可实现TLS加密])
下一篇shell脚本——调试(-n / -x /-c)
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭