Configure LDAP Server(centos7 openldap)
1.安装openldap -server:
[root@dlp ~]# yum -y install openldap-servers openldap-clients
[root@dlp ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@dlp ~]# chown ldap. /var/lib/ldap/DB_CONFIG
[root@dlp ~]# systemctl start slapd
[root@dlp ~]# systemctl enable slapd
2.设置openldap 的admin 密码
# generate encrypted password
[root@dlp ~]# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
[root@dlp ~]# vi chrootpw.ldif
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx [root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=+uidNumber=,cn=peercred,cn=external,cn=auth
SASL SSF:
modifying entry "olcDatabase={0}config,cn=config"
3.导入基础的Schemas
[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=+uidNumber=,cn=peercred,cn=external,cn=auth
SASL SSF:
adding new entry "cn=cosine,cn=schema,cn=config" [root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=+uidNumber=,cn=peercred,cn=external,cn=auth
SASL SSF:
adding new entry "cn=nis,cn=schema,cn=config" [root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=+uidNumber=,cn=peercred,cn=external,cn=auth
SASL SSF:
adding new entry "cn=inetorgperson,cn=schema,cn=config"
4.在LDAP DB设置domain name
# generate directory manager's password
[root@dlp ~]# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
[root@dlp ~]# vi chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=srv,dc=world" read by * none dn: olcDatabase={}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=srv,dc=world dn: olcDatabase={}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=srv,dc=world dn: olcDatabase={}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx dn: olcDatabase={}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=srv,dc=world" write by anonymous auth by self write by * none
olcAccess: {}to dn.base="" by * read
olcAccess: {}to * by dn="cn=Manager,dc=srv,dc=world" write by * read [root@dlp ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=+uidNumber=,cn=peercred,cn=external,cn=auth
SASL SSF:
modifying entry "olcDatabase={1}monitor,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" [root@dlp ~]# vi basedomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
dn: dc=srv,dc=world
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
dc: Srv dn: cn=Manager,dc=srv,dc=world
objectClass: organizationalRole
cn: Manager
description: Directory Manager dn: ou=People,dc=srv,dc=world
objectClass: organizationalUnit
ou: People dn: ou=Group,dc=srv,dc=world
objectClass: organizationalUnit
ou: Group [root@dlp ~]# ldapadd -x -D cn=Manager,dc=srv,dc=world -W -f basedomain.ldif
Enter LDAP Password: # directory manager's password
adding new entry "dc=srv,dc=world" adding new entry "cn=Manager,dc=srv,dc=world" adding new entry "ou=People,dc=srv,dc=world" adding new entry "ou=Group,dc=srv,dc=world"
5.配置防火墙
[root@dlp ~]# firewall-cmd --add-service=ldap --permanent
success
[root@dlp ~]# firewall-cmd --reload
success
Configure LDAP Server(centos7 openldap)的更多相关文章
- Centos7 Openldap主从配置
转载 https://blog.csdn.net/htvxjl02/article/details/80336788 Centos7 Openldap主从配置 2018年05月16日 15:09:57 ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)
一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...
- ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[root@ldaptest openldap]# ldapadd -x -D "cn=admin,dc=ultrapower,dc=com" -W -f /tmp/base.ld ...
- LDAP环境搭建 OpenLDAP和phpLDAPadmin -- yum版
前言: 前两天公司要求做一个使用LDAP和Kerberos做一个认证授权系统,然后开始学习LDAP相关知识,期间找了不少博客按照步骤来安装,可是很多博客在配置的时候,都会遇到安装过程中一两个问题卡 ...
- Openstack中keystone与外部LDAP Server的集成
openstack中keystone鉴权的用户user和password信息,通常保存在mysql数据库的keystone库: 表local_user和表password: keystone也支持外部 ...
- How To Configure SAMBA Server And Transfer Files Between Linux & Windows
If you are reading this article it means you have a network at home or office with Windows and Linux ...
- LDAP入门与OpenLDAP使用配置
LDAP入门与OpenLDAP使用配置 1.LDAP简介 LDAP(轻量级目录访问协议,Lightweight Directory Access Protocol)是实现提供被称为目录服务的信息服务. ...
- Configure PPPoE on CentOS7
Why? I prefer using ethernet to Wifi to access internet. But, I'm afraid, sometimes I have to use Wi ...
- How to configure Samba Server share on Debian 9 Stretch Linux
Lubos Rendek Debian 13 June 2017 Contents 1. Objective 2. Operating System and Software Versions 3. ...
随机推荐
- Chart图表
这东西挺直观 封装个类 public class aaa { private string name; public string Name { get { return name; } set { ...
- 分享Kali Linux 2016.2第50周镜像文件
分享Kali Linux 2016.2第50周镜像文件Kali Linux官方于12月11日发布Kali Linux 2016.2的第50周镜像.这次保持以往规律,仍然是11个镜像文件.默认的Gnom ...
- [poj2337]求字典序最小欧拉回路
注意:找出一条欧拉回路,与判定这个图能不能一笔联通...是不同的概念 c++奇怪的编译规则...生不如死啊... string怎么用啊...cincout来救? 可以直接.length()我也是长见识 ...
- 一个列子演示vs2010 c++新特性
近日托安装雪豹的"福",格了XP装了win7,前段时间看了C++0X标准以及VS2010诱人的新特性,不禁心痒痒在线安装了VS2010,然后手写了这个列子用来测试新增的特性. st ...
- MongoDB-权限配置
启动 Mongo\bin\mongo.exe1.添加>use admin #切换到MongoDB数据库的用户表>db.addUser("Name","Pass ...
- View基础知识
一.View基础知识 View 是Android中所有控件的基类,是一种界面层的控件的一种抽象,代表了一个控件 1.View的位置参数 View的四个属性:top(左上角纵坐标) left(左 ...
- makefile 笔记
1.Makefile中命令前的@和-符号 如果make执行的命令前面加了@字符,则不显示命令本身而只显示它的结果; Android中会定义某个变量等于@,例如 hide:= @ 通常make执行的命令 ...
- Struts2二级菜单联动
http://www.cnblogs.com/wujixing/p/5194461.html ps: Java面试 http://blog.csdn.net/zhang070809/article/d ...
- C#_技巧:窗口抖动
原理 * 窗口抖动:即每隔一段很小的时间,窗口位置发生变化 * 时间控制:利用for循环||利用timer * 窗口位置发生变化:控件Left/Top属性或Location属性, 注:Left/To ...
- Java实现MySQL数据库备份(二)
权声明:本文为博主原创文章,未经博主允许不得转载. 博客<Java实现MySQL数据库备份(一)>使用I/O流的方式实现了MySQL数据库的备份,这种方法比较繁杂,下面介绍另一种备份MyS ...