OpenLDAP2.4.44安装

DevOps
ldap评论185字数 5778阅读19分15秒阅读模式

安装前配置

关闭防火墙

[root@SonarQube ~]# systemctl stop firewalld
[root@SonarQube ~]# systemctl disable firewalld

关闭selinux

[root@SonarQube ~]# setenforce 0
[root@SonarQube ~]# sed -i "/^SELINUX/s/enforcing/disabled/" /etc/selinux/config

1.1 安装openldap-servers软件

安装包说明

openldap: OpenLDAP服务端和客户端用的库文件
openldap-servers: 服务端程序
openldap-clients: 客户端程序
openldap-devel: 开发包,可选
openldap-servers-sql: 支持sql模块,可选
compat-openldap: OpenLDAP 兼容性库

安装基础依赖

[root@ldap ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm

安装软件

[root@ldap ~]# yum -y install openldap openldap-servers openldap-clients compat-openldap openldap-devel

生成加密密码

[root@ldap ~]# cd /etc/openldap/
[root@ldap openldap]# ls
certs check_password.conf ldap.conf schema slapd.d
[root@ldap openldap]# mv slapd.d slapd.d.bak
[root@ldap openldap]# mkdir slapd.d
[root@ldap openldap]# slappasswd
New password: 
Re-enter new password: 
{SSHA}yh+m9gYaqtIr3FZpopxCimv613BkMGrn

配置 slapd.ldif

[root@ldap openldap]# cp /usr/share/openldap-servers/slapd.ldif ./
[root@ldap openldap]# ls
certs  check_password.conf  ldap.conf  schema  slapd.d  slapd.d.back  slapd.ldif
[root@ldap openldap]# pwd
/etc/openldap
  • 修改密码
[root@ldap openldap]# cp /usr/share/openldap-servers/slapd.ldif /etc/openldap/
[root@ldap openldap]# ls
certs check_password.conf ldap.conf schema slapd.d slapd.d.bak slapd.ldif
[root@ldap openldap]# vim /etc/openldap/slapd.ldif
olcSuffix: dc=xiodi,dc=cn
olcRootDN: cn=xiodiadmin,dc=xiodi,dc=cn
olcRootPW: {SSHA}yh+m9gYaqtIr3FZpopxCimv613BkMGrn

OpenLDAP2.4.44安装

  • schema配置文件
[root@ldap openldap]# vim slapd.ldif 
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/collective.ldif
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/pmi.ldif
include: file:///etc/openldap/schema/ppolicy.ldif

OpenLDAP2.4.44安装

  • schema配置文件在
[root@ldap openldap]# ll /etc/openldap/schema/
total 312
-r--r--r--. 1 root root  2036 Feb 23  2022 collective.ldif
-r--r--r--. 1 root root  6190 Feb 23  2022 collective.schema
-r--r--r--. 1 root root  1845 Feb 23  2022 corba.ldif
-r--r--r--. 1 root root  8063 Feb 23  2022 corba.schema
-r--r--r--. 1 root root 20612 Feb 23  2022 core.ldif
-r--r--r--. 1 root root 20499 Feb 23  2022 core.schema
-r--r--r--. 1 root root 12006 Feb 23  2022 cosine.ldif
-r--r--r--. 1 root root 73994 Feb 23  2022 cosine.schema
-r--r--r--. 1 root root  4842 Feb 23  2022 duaconf.ldif
-r--r--r--. 1 root root 10388 Feb 23  2022 duaconf.schema
-r--r--r--. 1 root root  3330 Feb 23  2022 dyngroup.ldif
-r--r--r--. 1 root root  3289 Feb 23  2022 dyngroup.schema
-r--r--r--. 1 root root  3481 Feb 23  2022 inetorgperson.ldif
-r--r--r--. 1 root root  6267 Feb 23  2022 inetorgperson.schema
-r--r--r--. 1 root root  2979 Feb 23  2022 java.ldif
-r--r--r--. 1 root root 13901 Feb 23  2022 java.schema
-r--r--r--. 1 root root  2082 Feb 23  2022 misc.ldif
-r--r--r--. 1 root root  2387 Feb 23  2022 misc.schema
-r--r--r--. 1 root root  6809 Feb 23  2022 nis.ldif
-r--r--r--. 1 root root  7640 Feb 23  2022 nis.schema
-r--r--r--. 1 root root  3308 Feb 23  2022 openldap.ldif
-r--r--r--. 1 root root  1514 Feb 23  2022 openldap.schema
-r--r--r--. 1 root root  6904 Feb 23  2022 pmi.ldif
-r--r--r--. 1 root root 20467 Feb 23  2022 pmi.schema
-r--r--r--. 1 root root  4570 Feb 23  2022 ppolicy.ldif
-r--r--r--. 1 root root 20489 Feb 23  2022 ppolicy.schema
  • 生成配置文件(拷贝默认配置)
[root@ldap openldap]# pwd
/etc/openldap
[root@ldap openldap]# slapadd -n 0 -F slapd.d -l slapd.ldif
_#################### 100.00% eta   none elapsed            none fast!         
Closing DB...
[root@ldap openldap]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldap openldap]# chown -R ldap:ldap slapd.d
[root@ldap openldap]# chown -R ldap:ldap /var/lib/ldap
[root@ldap openldap]# systemctl start slapd && systemctl status slapd
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-11-20 16:05:47 UTC; 13ms ago
     Docs: man:slapd
           man:slapd-config
           man:slapd-hdb
           man:slapd-mdb
           file:///usr/share/doc/openldap-servers/guide.html
  Process: 8765 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
  Process: 8749 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
 Main PID: 8767 (slapd)
   CGroup: /system.slice/slapd.service
           └─8767 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///

Nov 20 16:05:45 ldap systemd[1]: Starting OpenLDAP Server Daemon...
Nov 20 16:05:45 ldap runuser[8752]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 20 16:05:46 ldap runuser[8752]: pam_unix(runuser:session): session closed for user ldap
Nov 20 16:05:46 ldap slapd[8765]: @(#) $OpenLDAP: slapd 2.4.44 (Feb 23 2022 17:11:27) $
                                          mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/.../slapd
Nov 20 16:05:47 ldap slapd[8765]: tlsmc_get_pin: INFO: Please note the extracted key file will not be protected w...sions.
Nov 20 16:05:47 ldap slapd[8767]: slapd starting
Nov 20 16:05:47 ldap systemd[1]: Started OpenLDAP Server Daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ldap openldap]# systemctl enable slapd
Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /usr/lib/systemd/system/slapd.service.

配置基本域

[root@ldap openldap]# mkdir /root/ldif
[root@ldap openldap]# cd /root/ldif
[root@ldap ldif]# vim config_init.ldif
dn: dc=xiodi,dc=cn
objectclass: dcObject
objectclass: organization
o: aishangwei
dc: xiodi
[root@ldap ldif]# ldapadd -x -D "cn=xiodiadmin,dc=xiodi,dc=cn" -W -f config_init.ldif
Enter LDAP Password: 
adding new entry "dc=xiodi,dc=cn"

查询

[root@ldap ldif]# ldapsearch -x -b 'dc=xiodi,dc=cn'   '(objectClass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=xiodi,dc=cn> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
#

# xiodi.cn
dn: dc=xiodi,dc=cn
objectClass: dcObject
objectClass: organization
o: aishangwei
dc: xiodi

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

参考地址

https://youtu.be/VRpuUglfe58

https://blog.csdn.net/zangxueyuan88/article/details/112666651

继续阅读
ldap最后更新:2022-11-21
DevOps
  • 本文由 发表于 2022年11月19日 23:01:33
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
  • Openldap
评论  0  访客  0

发表评论