溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要介紹“openldap-2.4.44 安裝教程”,在日常操作中,相信很多人在openldap-2.4.44 安裝教程問題上存在疑惑,小編查閱了各式資料,整理出簡單好用的操作方法,希望對大家解答”openldap-2.4.44 安裝教程”的疑惑有所幫助!接下來,請跟著小編一起來學習吧!
https://www.tutorialspoint.com/linux_admin/install_and_configure_open_ldap.htm
# 安裝openldap-clients/openldap-servers
[root@openldap ldap]# yum install openldap-clients openldap-servers
# 測試
[root@openldap ldap]# slaptest -u
config file testing succeeded
# 啟動
[root@openldap ldap]# service slapd start
# 修改olcSuffix/olcRootDN/olcRootPW
[root@openldap ldap]# slappasswd -s 123456
{SSHA}5AeSW/wI7nDvTcuPsRPitliGW7CfF8xV
#
# /etc/openldap/slapd.d/cn\=config/olcDatabase={2}hdb
#
[root@openldap ldap]# vi /opt/0_modify_olc_bash.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=harry,dc=com
dn: olcDatabase = {2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=harry,dc=com
dn: olcDatabase = {2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}5AeSW/wI7nDvTcuPsRPitliGW7CfF8xV
#ldapmodify 修改
[root@openldap ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/0_modify_olc_bash.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase = {2}hdb,cn=config"
modifying entry "olcDatabase = {2}hdb,cn=config"
#### setup db
[root@openldap ldap]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@openldap ldap]# chown ldap:ldap /var/lib/ldap/*
#### 添加admin/ou
[root@openldap ldap]# vi /opt/4_ldapadmin.ldif
dn: cn=Manager,dc=harry,dc=com
objectClass: organizationalRole
cn: Manager
dn: dc=harry,dc=com
dc: harry
objectClass: top
objectClass: organization
objectClass: dcObject
o: harry
dn: ou=Groups,dc=harry,dc=com
ou: Groups
objectClass: organizationalUnit
dn: ou=Users,dc=harry,dc=com
ou: Users
objectClass: organizationalUnit
[root@openldap ldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f /opt/4_ldapadmin.ldif
### 搜索校驗
[root@openldap opt]# ldapsearch -b 'dc=harry,dc=com' -H ldapi:/// -LLL
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: dc=harry,dc=com
dc: harry
objectClass: top
objectClass: domain
dn: ou=Groups,dc=harry,dc=com
ou: Groups
objectClass: organizationalUnit
dn: ou=Users,dc=harry,dc=com
ou: Users
objectClass: organizationalUnit
### 修改monitor
[root@openldap opt]# vi /opt/1_modify_monitor.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=Manager,dc=harry,dc=com" read by * none
[root@openldap ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/1_modify_monitor.ldif
######### 添加memberof
#
# 當你添加group即objectClass 是groupOfUniqueNames時。添加屬性為uniqueMember記錄,會自動為該用戶添加屬性memberOf
#
#
[root@openldap opt]# vi /opt/2_add_memberof.ldif
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof
olcModulePath: /usr/lib64/openldap
[root@openldap opt]# vi /opt/3_add_memberof_config.ldif
dn: olcOverlay=memberof,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
olcMemberOfMemberOfAD: memberOf
[root@openldap opt]# vi /opt/5_modify_refint.ldif
dn: cn=module{0},cn=config
add: olcmoduleload
olcmoduleload: refint
[root@openldap opt]# vi /opt/6_add_refint_config.ldif
dn: olcOverlay=refint,olcDatabase={2}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: refint
olcRefintAttribute: memberof uniqueMember manager owner
## 添加用戶
[root@openldap opt]# vi /opt/10_harrywu.ldif
dn: cn=harrywu,ou=Users,dc=harry,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: harrywu
uid: harrywu
uidNumber: 1000
gidNumber: 1000
givenName: Harry
sn: Wu
homeDirectory: /home/harrywu
loginShell: /bin/bash
userPassword: 123456
## 添加group => groupOfUniqueNames
[root@openldap opt]# vi /opt/11_add_u_group1.ldif
dn: cn=g1,ou=Groups,dc=harry,dc=com
objectClass: groupOfUniqueNames
cn: g1
uniqueMember: cn=harrywu,ou=Users,dc=harry,dc=com
## 校驗cn=harrywu是否新增屬性memberOf
[root@openldap opt]# ldapsearch -H ldapi:/// -b 'dc=harry,dc=com' dn memberof
...
# harrywu, Users, harry.com
dn: cn=harrywu,ou=Users,dc=harry,dc=com
memberOf: cn=g1,ou=Groups,dc=harry,dc=com
...到此,關于“openldap-2.4.44 安裝教程”的學習就結束了,希望能夠解決大家的疑惑。理論與實踐的搭配能更好的幫助大家學習,快去試試吧!若想繼續學習更多相關知識,請繼續關注億速云網站,小編會繼續努力為大家帶來更多實用的文章!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
