思享工具箱

CentOS 7 LDAP 安装配置

摘要:
///-fchrootpw.ldifSASL/EXTERNALauuthenticationstatutedSASusername:cn=config“[root@labsys00206ldap]#ldapadd YEXTERNAL Hldapi:cn=authSASLSSF:重新输入新密码:olcDatabase={1}监视器,

一,简介

二.安装配置

1. 安装openLDAP 服务

[root@labsys00206 yum.repos.d]# yum -y install openldap-servers openldap-clients
[root@labsys00206 yum.repos.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@labsys00206 yum.repos.d]# chown ldap. /var/lib/ldap/DB_CONFIG
[root@labsys00206 yum.repos.d]# systemctl start slapd 
[root@labsys00206 yum.repos.d]# systemctl enable slapd

2. 设置LDAP admin 密码

[root@labsys00206 yum.repos.d]# slappasswd
New password: 
Re-enter new password: 
{SSHA}AmiJetAxKN26zvY9DQ3jHouDixhPkCTA
[root@labsys00206 ldap]# vim chrootpw.ldif
# specify the password generated above for "olcRootPW" section

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}AmiJetAxKN26zvY9DQ3jHouDixhPkCTA


[root@labsys00206 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

3. 导入基本的架构

[root@labsys00206 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

[root@labsys00206 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"

[root@labsys00206 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"

4. 在ldap服务的DB中设置域名

[root@labsys00206 ldap]# slappasswd
New password: 
Re-enter new password: 
{SSHA}9lYleUgqu24NhGWdfLgV501GeMCimO8B
[root@labsys00206 ldap]# vim chdomain.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=contoso,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=contoso,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=contoso,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}9lYleUgqu24NhGWdfLgV501GeMCimO8B

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=contoso,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=contoso,dc=com" write by * read

[root@labsys00206 ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}monitor,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

[root@labsys00206 ldap]# vim basedomain.ldif
dn: dc=contoso,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server com
dc: contoso

dn: cn=Manager,dc=contoso,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=contoso,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=contoso,dc=com
objectClass: organizationalUnit
ou: Group

[root@labsys00206 ldap]# ldapadd -x -D cn=Manager,dc=contoso,dc=com -W -f basedomain.ldif
Enter LDAP Password: 
adding new entry "dc=contoso,dc=com"

adding new entry "cn=Manager,dc=contoso,dc=com"

adding new entry "ou=People,dc=contoso,dc=com"

adding new entry "ou=Group,dc=contoso,dc=com"

 三, 主从配置

在master上启用添加syncprov模块来实现主从复制功能点,通过ldif文件来增加syncprov模块,无需重启ldap server

[root@labsys00206 ldap]# vim  mod_syncprov.ldif
# create new

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la

[root@labsys00206 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
[root@labsys00206 ldap]# vim syncprov.ldif
# create new

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100

[root@labsys00206 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

slave配置

[root@labsys00207 ldap]# vim syncrepl.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
  provider=ldap://10.17.161.18:389/
  bindmethod=simple
  binddn="cn=Manager,dc=contoso,dc=com"
  credentials=User@123
  searchbase="dc=contoso,dc=com"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="5 5 300 +"
  attrs="*,+"
  interval=00:00:00:10

[root@labsys00207 ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"

master 添加用户

[root@labsys00206 ldap]# vim ldapuser.ldif
dn: uid=cent,ou=People,dc=contoso,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Cent
sn: Linux
userPassword: {SSHA}ybjS6OSH2UrfEdHBu59RYBW5gMIs+deu
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/cent

dn: cn=cent,ou=Group,dc=contoso,dc=com
objectClass: posixGroup
cn: Cent
gidNumber: 1000
memberUid: cent

[root@labsys00206 ldap]# ldapadd -x -D cn=Manager,dc=contoso,dc=com -W -f ldapuser.ldif 
Enter LDAP Password: 
adding new entry "uid=cent,ou=People,dc=contoso,dc=com"

adding new entry "cn=cent,ou=Group,dc=contoso,dc=com"

在slave中查看是否同步完成

[root@labsys00207 ldap]# ldapsearch -x -b 'dc=contoso,dc=com'
# extended LDIF
#
# LDAPv3
# base <dc=contoso,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# contoso.com
dn: dc=contoso,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Server com
dc: contoso

# Manager, contoso.com
dn: cn=Manager,dc=contoso,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

# People, contoso.com
dn: ou=People,dc=contoso,dc=com
objectClass: organizationalUnit
ou: People

# Group, contoso.com
dn: ou=Group,dc=contoso,dc=com
objectClass: organizationalUnit
ou: Group

# cent, People, contoso.com
dn: uid=cent,ou=People,dc=contoso,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Cent
sn: Linux
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/cent
uid: cent

# cent, Group, contoso.com
dn: cn=cent,ou=Group,dc=contoso,dc=com
objectClass: posixGroup
cn: Cent
gidNumber: 1000
memberUid: cent

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6

标签:#cn#dc#config | 浏览:237 | 发布日期:

免责声明:文章转载自《CentOS 7 LDAP 安装配置》仅用于学习参考。如对内容有疑问,请及时联系本站处理。

上篇基于wke封装的duilib的webkit浏览器控件,可以c++与js互交,源码及demo下载地址Logstash:处理多个input下篇

宿迁高防,2C2G15M,22元/月;香港BGP,2C5G5M,25元/月 雨云优惠码:MjYwNzM=

相关文章

jQuery实现星级评分

前面有一篇原生js实现星级评分 。可能覆盖面不是很广,现在给出一个jquery实现的星级评分。 Html代码    <div class="star">   <span>jQuery星级评论打分</span>   <ul>   <li><a href="javascript:;...

TP5 多入口文件配置的坑

闲话不多说,TP5(5.0.20) 在配置多入口文件的时候你是否遇到过一下的问题呢? 开发设计的需求吧网站拆分为前台、后台、API 3 个模块,对应的也需要3个入口文件,后台和API入口文件是用PATH_INFO 模式访问(关闭路由)。 在配置后台入口文件的时候,直接从前台入口文件拷贝了主要代码如下 <?php // [ 后台应用入口文件 ] //...

Laravel应用性能调优

这次性能测试方案中用到的优化技巧主要基于 Laravel 框架本身及其提供的工具。 关闭应用debugapp.debug=false 缓存配置信息php artisan config:cache 缓存路由信息php artisan router:cache 类映射加载优化php artisan optimize 自动加载优化composer dumpaut...

Software_programming_Config_HOCON

05:09:37 HOCON githubhttps://github.com/lightbend/config/blob/master/HOCON.md 相较于 XML, JSON, YAML 更强大和更人性化的配置文件格式。HOCON idea 可以从下载 HOCON 插件, 文件格式以 .conf 为后缀。如遇到IDEA 卡住,则重启 IDEA. &...

《Python》hashlib模块、configparser模块、logging模块

一、hashlib模块     Python的hashlib模块中提供了常见的摘要算法,如md5,sha1等等。     摘要算法又称哈希算法、散列算法。它通过一个函数,把任意长度的数据转换为一个长度固定的字符串(通常用16进制的字符串表示)。     不同的字符串通过这个算法计算出的密文总是不同的,相同的算法,相同的字符串,获得的结果总是相同的(不同的语...

Quartz+log4net实现控制台程序定时运行,并且记录日志

c# 控制台程序定时运行,并记录日志。 组件Quartz +log4net Quartz定时运行程序,log4net记录日志。 首先建立控制台程序“QuartzTest” 安装Quartz、log4net这两个组件。如下图流程 安装Quartz 安装log4net 安装完毕后引用里多了如下 然后在项目中添加log4net.config 并将log...

最新文章

随机推荐

思享工具箱导航