服务器:阿里云 centos 7.6 64位
| hostname | hhz.apacheds |
| ip | 39.106.164.213 |
环境:jdk-1.6及以上
vi /etc/profile
export JAVA_HOME=/usr/java/jdk1.8.0_181-cloudera
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar添加用户apacheds,用户组apacheds
groupadd apacheds
useradd -s /bin/sh -g apacheds apacheds下载ApacheDS
wget http://mirrors.ocf.berkeley.edu/apache//directory/apacheds/dist/2.0.0.AM25/apacheds-2.0.0.AM25-64bit.bin
[root@hhz ~]# chmod +x apacheds-2.0.0.AM25-64bit.bin
[root@hhz ~]# ./apacheds-2.0.0.AM25-64bit.bin一路回车
Unpacking the installer...
Extracting the installer...
Where do you want to install ApacheDS? [Default: /opt/apacheds-2.0.0.AM25]
Where do you want to install ApacheDS instances? [Default: /var/lib/apacheds-2.0.0.AM25]
What name do you want for the default instance? [Default: default]
Where do you want to install the startup script? [Default: /etc/init.d]
Which user do you want to run the server with (if not already existing, the specified user will be created)? [Default: apacheds]
Which group do you want to run the server with (if not already existing, the specified group will be created)? [Default: apacheds]启动:
/etc/init.d/apacheds-2.0.0.AM25-default start配置客户端远程登录,这里使用Apache Directory Studio,配置界面如下,要注意hostname一定不能写ip
设置用户名密码,默认:user:uid=admin,ou=system password:secret
点击FInish:
添加分区:
ctrl+s保存
重启ApacheDS
[root@hhz init.d]# /etc/init.d/apacheds-2.0.0.AM25-default restart
Stopping ApacheDS - default...
Stopped ApacheDS - default.
Starting ApacheDS - default...刷新新增的分区
添加组
添加用户
启动LDAPS
## 创建keystore
cd /var/lib/apacheds-2.0.0.AM25/default/conf/
keytool -genkeypair -alias apacheds -keyalg RSA -validity 7 -keystore ads.keystore
[root@hhz conf]# keytool -genkeypair -alias apacheds -keyalg RSA -validity 7 -keystore ads.keystore
输入密钥库口令:
再次输入新口令:
[1]+ 已停止 keytool -genkeypair -alias apacheds -keyalg RSA -validity 7 -keystore ads.keystore
[root@hhz conf]# keytool -genkeypair -alias apacheds -keyalg RSA -validity 7 -keystore ads.keystore
输入密钥库口令:
再次输入新口令:
您的名字与姓氏是什么?
[Unknown]: hhz.apacheds
您的组织单位名称是什么?
[Unknown]:
您的组织名称是什么?
[Unknown]:
您所在的城市或区域名称是什么?
[Unknown]:
您所在的省/市/自治区名称是什么?
[Unknown]:
该单位的双字母国家/地区代码是什么?
[Unknown]:
CN=hhz.apacheds, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown是否正确?
[否]: y
输入 <apacheds> 的密钥口令
(如果和密钥库口令相同, 按回车):
再次输入新口令:
Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore ads.keystore -destkeystore ads.keystore -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。
## 修改文件用户,否则ApacheDS没有权限读取
chown apacheds:apacheds ./ads.keystore
## 导出证书。
## 需要输入密码,密码为上一步设置的值,这里为:123456
> keytool -export -alias apacheds -keystore ads.keystore -rfc -file apacheds.cer
Enter keystore password:
Certificate stored in file <apacheds.cer>
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore ads.keystore -destkeystore ads.keystore -deststoretype pkcs12".
## 将证书导入系统证书库,实现自认证,这里的密钥库口令是默认的:changeit
[root@hhz conf]# keytool -import -file apacheds.cer -alias apacheds -keystore /usr/java/jdk1.8.0_181-cloudera/jre/lib/security/cacerts
输入密钥库口令:
所有者: CN=hhz.apacheds, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
发布者: CN=hhz.apacheds, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
序列号: 7eb9f365
有效期为 Tue May 14 17:52:01 CST 2019 至 Tue May 21 17:52:01 CST 2019
证书指纹:
MD5: 6D:CD:57:B2:09:FD:70:D2:73:9B:29:80:62:B0:53:E8
SHA1: 59:8F:B1:24:A6:65:30:BD:D5:C9:25:44:AA:55:73:B5:FB:77:99:9F
SHA256: BA:0B:09:38:DC:F8:EA:69:EC:1D:49:01:98:7D:53:9D:DA:23:C8:31:25:1C:5C:9C:06:EA:3A:F7:96:FD:C6:98
签名算法名称: SHA256withRSA
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DC 51 CD 00 33 14 D8 5D BD E3 6E 55 04 CF 77 CA .Q..3..]..nU..w.
0010: 93 30 6B 28 .0k(
]
]
是否信任此证书? [否]: y
证书已添加到密钥库中
配置证书
重启服务器
[root@hhz conf]# /etc/init.d/apacheds-2.0.0.AM25-default restart
Stopping ApacheDS - default...
Stopped ApacheDS - default.
Starting ApacheDS - default...配置Apache Directory Studio支持LDAPS连接
1279
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
