|
环境:
系统:CentOS 6.7
openldap:2.4.40
安装:
1、导入epel源
2、安装openldap
1
| yum -y install openldap openldap-*
|
3、配置openldap,包括准备DB_CONFIG和slapd.conf
1
2
3
| cd /etc/openldap/
cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
|
设置管理员密码:
1
2
| slappasswd -s 123456
{SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
|
4、修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
1
2
3
4
5
| database bdb
suffix "dc=beyondh,dc=org"
checkpoint 1024 15
rootdn "cn=admin,dc=beyondh,dc=org"
rootpw {SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
|
5、修改目录权限
1
2
| chown -R ldap:ldap /etc/openldap/
chown -R ldap:ldap /var/lib/ldap/
|
6、启动slapd服务
1
| /etc/init.d/slapd start
|
注意一定要先启动slapd服务,第7部测试的时候才不会报错,提示某数据库文件不存在,只有启动服务后才能生产该文件。
7、测试
1
2
| slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
config file testing succeeded
|
8、安装migrationtools
1
| yum install migrationtools -y
|
9、编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置
1
2
3
| vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "beyondh.org";
$DEFAULT_BASE = "dc=beyondh,dc=org";
|
10、生成base.ldif、passwd.ldif、group.ldif文件
1
2
3
4
5
6
7
8
| /usr/share/migrationtools/migrate_base.pl > /tmp/base.ldif
/usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif
/usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif
ls /tmp/
base.ldif group.ldif passwd.ldif
|
11、导入base.ldif、passwd.ldif、group.ldif文件
1
2
3
| [iyunv@localhost openldap]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/base.ldif
[iyunv@localhost migrationtools]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/group.ldif
[iyunv@localhost migrationtools]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/passwd.ldif
|
需要输入管理员密码
12、测试数据导入是否成功
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| [iyunv@localhost openldap]# ldapsearch -LLL -W -x -H ldap://beyondh.org -D "cn=admin,dc=beyondh,dc=org" -b "dc=beyondh,dc=org"
Enter LDAP Password:
dn: dc=beyondh,dc=org
dc: beyondh
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=beyondh,dc=org
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=beyondh,dc=org
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=beyondh,dc=org
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=beyondh,dc=org
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=beyondh,dc=org
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=beyondh,dc=org
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=beyondh,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=beyondh,dc=org
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=beyondh,dc=org
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=beyondh,dc=org
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=beyondh,dc=org
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=beyondh,dc=org
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap
|
13、安装httpd及PhpLdapAdmin
1
| yum -y install httpd phpldapadmin
|
14、 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问
1
2
3
4
| <Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</Directory>
|
15、修改/etc/phpldapadmin/config.PHP配置用DN登录,
在397行,将
1
2
| // $servers->setValue('login','attr','dn');
$servers->setValue('login','attr','uid');
|
改成
1
2
| $servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');
|
16启动httpd
1
| /etc/init.d/httpd start
|
17、访问ldapadmin
http://$ip/ldapadmin
18、开启日志功能
编辑/etc/rsyslog.conf 文件,加入下面一行
1
| local4.* /var/log/openldap.log
|
编辑/etc/openldap/slapd.conf文件,加入下面两行
1
2
| loglevel 296
cachesize 1000
|
重启rsyslog服务和slapd服务
1
2
3
4
5
| /etc/init.d/rsyslog restart
/etc/init.d/slapd restart
ls -l /var/log/openldap.log
-rw------- 1 root root 216 Mar 23 15:46 /var/log/openldap.log
|
|
|