|
LDAP-源码版-部署及应用 <Alvin-zeng:孤独0-1> 目录 一、LDAP软件安装1 1.1、安装BerkeleyDB包1 1.2、安装LDAP包2 1.3、创建用户及设置软连接2 1.4、配置LDAP文件2 1.5、测试并、查看监听端口3 1.6、安装ldapphpadmin 管理工具3 二、LDAP数据添加3 2.1、添加”主域名”树根example.com3 2.2、添加二级OU组织3 2.3、添加用户组4 2.4、添加用户4 2.5、配置客户端验证5
一、 LDAP软件安装 1.1、安装BerkeleyDB包 db-4.8.26.tar.gz 兼容ldap-2.4.23, openldap-stable-20100719-2.4.23.tgz [iyunv@test-1 /]#yum -y install openldap-clientsphp-ldapopenldap-servers [iyunv@test-1 /]# /etc/init.d/ldap stop [iyunv@test-1 /]# tar –xvf db-4.8.26.tar.gz [iyunv@test-1 /]# cd db-4.8.26 [iyunv@test-1 /]#cd build_unix/ [iyunv@test-1 /]#../dist/configure [iyunv@test-1 /]# make && make install 为了防止LDAP安装出错。需要调整变量 [iyunv@test-1 /]#CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include" [iyunv@test-1 /]#export CPPFLAGS [iyunv@test-1 /]#LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.8/lib -R/usr/local/BerkeleyDB.4.8/lib" [iyunv@test-1 /]#export LDFLAGS [iyunv@test-1 /]#LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.8/lib" [iyunv@test-1 /]#export LD_LIBRARY_PATH 1.2、安装LDAP包 [iyunv@test-1 /]#tar –xvf openldap-stable-20100719.tgz [iyunv@test-1 /]#cd openldap-2.4.23/ [iyunv@test-1 /]#./configure --prefix=/usr/local/openldap/ --with-tls --with-cyrus-sasl --enable-spasswd --enable-kpasswd --with-kerberos --with-threads --enable-wrappers --enable-bdb Redhat6.0安装错误的提示” could not find TCP_wrappers,” 解决办法”yum –y install tcp_*
[iyunv@test-1 /]#make depend [iyunv@test-1 /]#make [iyunv@test-1 /]#make install 1.3、创建用户及设置软连接 [iyunv@test-1 /]# groupadd ldap && useradd –g ldap ldap [iyunv@test-1 /]# chown –R ldap:ldap /usr/local/openldap/ [iyunv@test-1 /]#ln -s /usr/local/openldap/sbin/slappasswd/usr/sbin/slappasswd-a [iyunv@test-1 /]#ln -s /usr/local/openldap/sbin/slaptest /usr/sbin/slaptest-a [iyunv@test-1 /]# ln -s /usr/local/openldap/libexec/slapd /etc/init.d/ldapd [iyunv@test-1 /]#ln -s /usr/local/openldap/etc/openldap/slapd.conf /etc/openldap/slapd.conf-a 1.4、 配置LDAP文件 [iyunv@test-1 /]# slappasswd {SSHA}Vi7IF78RRQnQ9EnYKn+g+i0BORpQVgj3 [iyunv@test-1 /]#vim /usr/local/openldap/etc/openldap/slapd.conf include /usr/local/openldap//etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/corba.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/dyngroup.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/java.schema include /usr/local/openldap/etc/openldap/schema/misc.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/openldap.schema
database bdb#:使用DB suffix "dc=zeng,dc=com"#:DN根域名 rootdn "cn=root,dc=zeng,dc=com"#:登陆帐户设置 rootpw {SSHA}Vi7IF78RRQnQ9EnYKn+g+i0BORpQVgj3 #:slappasswd 加密过的密码 最末行加添加以下行 index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub [iyunv@test-1 /]#cd /usr/local/openldap/var/openldap-data && cp DB_CONFIG.example DB_CONFIG [iyunv@test-1 /]# slaptest#:测试配置文件是否正确 [iyunv@test-1 /]# /etc/init.d/ldap start#:开始启动服务 1.5、测试并、查看监听端口 [iyunv@test-1 /]# ps -ef | grep ldap root 12051 1 0 01:49 ? 00:00:00 /etc/init.d/ldap start [iyunv@test-1 /]#netstat -nap |grep 389 tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 12051/ldap tcp 0 0 :::389 :::* LISTEN 12051/ldap [iyunv@test-1 /]# ldapsearch -x -b '' -s base '(objectclass=*)' 注意:-b 后面是两个单引号,用来阻止特殊字符被Shell 解析。 1.6、安装ldapphpadmin 管理工具 [iyunv@test-1 /]# unzip phpldapadmin-1.2.0.5.zip [iyunv@test-1/]#cp /test/phpldapadmin/config/config.php.example/test/phpldapadmin/config/config.php [iyunv@test-1/]# mv /test/ phpldapadmin /var/www/html/phpadmin 找到$servers->setValue('server','name','My LDAP Server'); 将下面的子属性注释掉 $servers->setValue('server','host','localhost'); $servers->setValue('server','port',389); $servers->setValue('server','base',array('dc=zeng,dc=com')); $servers->setValue('login','auth_type','session'); $servers->setValue('login','bind_id','cn=root,dc=zeng,dc=com'); $servers->setValue('login','bind_pass','secret'); [iyunv@test-1 /]# /etc/init.d/httpd start 二、 LDAP数据添加 2.1、添加”主域名”树根example.com [iyunv@test-1 /]# vim 1.ldif dn: dc=example,dc=com objectclass: dcobject objectclass: organizationalUnit dc: example ou: example [iyunv@test-1 /]#ldapadd –v –c –x –D “cn=root,dc=example,dc=com”–w 123 –f 1.ldif 2.2、添加二级OU组织 [iyunv@test-1 /]# vim 2.ldif dn: ou=group,dc=example,dc=com objectclass: organizationalUnit ou: group 2.3、添加用户组 [iyunv@test-1 /]# mkdir /tmp/test && cd /tmp/test [iyunv@test-1 /]#groupadd user && cat /etc/group > usergroup.in [iyunv@test-1 /]#cd /usr/share/openldap/migration/ [iyunv@test-1 /]#./migrate_group.pl /tmp/test/usergroup.in > /tmp/test/usergroup.ldif [iyunv@test-1 /]# vim /tmp/test/usergroup.ldif dn: cn=user,ou=group,dc=example,dc=com objectClass: posixGroup objectClass: top cn: user userPassword: {crypt}x gidNumber: 500 [iyunv@test-1 /]#ldapadd –v –c –x –D “cn=root,dc=example,dc=com”–w 123 –f /tmp/test/usergroup.ldif adding new entry "cn=user,ou=group,dc=example,dc=com" modify complete GID:500 和下面的用户GID一样 2.4、添加用户 [iyunv@test-1 /]# vim /tmp/test/list.user user01 123 user02 123 user03 123 user04 123 user05 123 user06 123 [iyunv@test-1 /]#for zeng in `awk '{print $1}' /tmp/test/list.usr`; do useradd $zeng; grep "\<$zeng\>" /tmp/test/list.usr | awk '{print $2}' | passwd --stdin $zeng; done passwd: all authentication tokens updated successfully. passwd: all authentication tokens updated successfully. passwd: all authentication tokens updated successfully.
[iyunv@test-1 /]# cat /etc/passwd > /tmp/test/list.in [iyunv@test-1 /]#vim /tmp/test/list.in user01:x:500:500::/home/user01:/bin/bash ##GID改成500,加入上面的user组 user02:x:501:500::/home/user02:/bin/bash user03:x:502:500::/home/user03:/bin/bash user04:x:503:500::/home/user04:/bin/bash user05:x:504:500::/home/user05:/bin/bash user06:x:505:500::/home/user06:/bin/bash user07:x:506:500::/home/user07:/bin/bash [iyunv@test-1 /]#./migrate_passwd.pl /tmp/test/list.in > /tmp/test/list.ldif [iyunv@test-1 /]#cat /tmp/test/list.ldif dn: uid=user01,ou=group,dc=example,dc=com ##指定正确的OU和/域 uid: user01 cn: user01 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$1$Za0PIA24$5uY5GiiZ4LDhYABNgmcj1/ shadowLastChange: 15075 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 500 gidNumber: 501 homeDirectory: /home/user01 [iyunv@test-1 /]#ldapadd -v -x -c -D "cn=root,dc=example,dc=com" -w 123 -f /tmp/test/list.ldif ldap_initialize( <DEFAULT> ) add uid:
user01 add cn: user01 adding new entry "uid=user01,ou=group,dc=example,dc=com" modify complete 2.5、配置客户端验证 [iyunv@test-1 /]# authconfig-tui 
[iyunv@test-1 /]#vim /etc/pam.d/system-auth session required pam_mkhomedir.so skel=/etc/skel umask=0022
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2013-7-31 09:45:05
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡