通過rpm安裝openldap

1. 準備安裝包

下載地址: https://download.csdn.net/download/greatjoe/11239861

 

2. 執行安裝命令

• 創建安裝腳本 install.sh

rpm -ivh cyrus-sasl-2.1.26-23.el7.x86_64.rpm sleep 1 
rpm -ivh cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm sleep 1 
rpm -ivh cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm sleep 1 
rpm -ivh compat-openldap-2.3.43-5.el7.x86_64.rpm sleep 1 
rpm -ivh openldap-2.4.44-21.el7_6.x86_64.rpm sleep 1 
rpm -ivh openldap-devel-2.4.44-21.el7_6.x86_64.rpm sleep 1 
rpm -ivh openldap-clients-2.4.44-21.el7_6.x86_64.rpm sleep 1 
rpm -ivh openldap-servers-2.4.44-21.el7_6.x86_64.rpm sleep 1

 

 

3. 初始化配置

  cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

 

 

4. 創建配置文件

• vim slapd.conf

#
###### SAMPLE 1 - SIMPLE DIRECTORY ############
#
# NOTES: inetorgperson picks up attributes and objectclasses
#        from all three schemas
#
# NB: RH Linux schemas in /etc/openldap
#
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema

# NO SECURITY - no access clause
# defaults to anonymous access for read
# only rootdn can write

# NO REFERRALS

# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile /var/run/openldap/slapd.pid

# enable a lot of logging - we might need it
# but generates huge logs
loglevel 	-1 

# MODULELOAD definitions
# not required (comment out) before version 2.3
moduleload back_bdb.la

# NO TLS-enabled connections

# backend definition not required

#######################################################################
# bdb database definitions
# 
# replace example and com below with a suitable domain
# 
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
suffix "dc=example, dc=com"

# root or superuser
rootdn "cn=admin,dc=embrace,dc=com"
rootpw {SSHA}ZUUX0Ts4aWo2fB0b6fnWWP4WgcWIp8fZ
# The database directory MUST exist prior to running slapd AND 
# change path as necessary
directory	/var/lib/ldap

# Indices to maintain for this directory
# unique id so equality match only
index	uid	eq
# allows general searching on commonname, givenname and email
index	cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber eq

# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15

 

修改管理員用戶

rootdn cn=admin,dc=embrace,dc=com

 

修改管理員密碼

• 通過slappasswd命令生成{SSHA}加密密碼

rootpw {SSHA}ZUUX0Ts4aWo2fB0b6fnWWP4WgcWIp8fZ

 

檢測配置有無問題

slaptest -f /etc/openldap/slapd.conf

• 可能會出現的問題

這個文件是在啓動的時候進行初始化的。我們先啓動它。

 

5. 啓動服務

1. 修改權限

chown -R ldap.ldap /var/lib/ldap/

 

     2.啓動服務

systemctl start slapd

 

    3. 再次檢查配置

  slaptest -f /etc/openldap/slapd.conf

     

   4. 檢查服務狀態

systemctl status slapd

 

6. 添加測試用戶

cat >> /tmp/createdit.ldif <<EOF
## DEFINE DIT ROOT/BASE/SUFFIX ####
## uses RFC 2377 format
## replace example and com as necessary below
## or for experimentation leave as is

## dcObject is an AUXILLIARY objectclass and MUST
## have a STRUCTURAL objectclass (organization in this case)
# this is an ENTRY sequence and is preceded by a BLANK line

dn: dc=embrace,dc=com
dc: embrace
description: My wonderful company as much text as you want to place 
 in this line up to 32K continuation data for the line above must 
 have <CR> or <CR><LF> i.e. ENTER works 
 on both Windows and *nix system - new line MUST begin with ONE SPACE
objectClass: dcObject
objectClass: organization
o: embrace.com

## FIRST Level hierarchy - people 
## uses mixed upper and lower case for objectclass
# this is an ENTRY sequence and is preceded by a BLANK line

dn: ou=people, dc=embrace,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit

## SECOND Level hierarchy
## ADD a single entry under FIRST (people) level
# this is an ENTRY sequence and is preceded by a BLANK line
# the ou: Human Resources is the department name

dn: cn=qiao,ou=people,dc=embrace,dc=com
objectclass: inetOrgPerson
cn: java
sn: java
uid: java
userpassword: 123
carlicense: HISCAR 123
homephone: 555-111-2222
mail: [email protected]
mail: [email protected]
mail: [email protected]
description: swell guy
ou: Human Resources
EOF

 

1. 執行添加命令

ldapadd -x -D "cn=admin,dc=embrace,dc=com" -f /tmp/createdit.ldif -w 123456

     2. 添加成功