1. 準備安裝包
下載地址: https://download.csdn.net/download/greatjoe/11239861
2. 執行安裝命令
- 創建安裝腳本 install.sh
rpm -ivh cyrus-sasl-2.1.26-23.el7.x86_64.rpm sleep 1
rpm -ivh cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm sleep 1
rpm -ivh cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm sleep 1
rpm -ivh compat-openldap-2.3.43-5.el7.x86_64.rpm sleep 1
rpm -ivh openldap-2.4.44-21.el7_6.x86_64.rpm sleep 1
rpm -ivh openldap-devel-2.4.44-21.el7_6.x86_64.rpm sleep 1
rpm -ivh openldap-clients-2.4.44-21.el7_6.x86_64.rpm sleep 1
rpm -ivh openldap-servers-2.4.44-21.el7_6.x86_64.rpm sleep 1
3. 初始化配置
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
4. 創建配置文件
- vim slapd.conf
#
###### SAMPLE 1 - SIMPLE DIRECTORY ############
#
# NOTES: inetorgperson picks up attributes and objectclasses
# from all three schemas
#
# NB: RH Linux schemas in /etc/openldap
#
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
# NO SECURITY - no access clause
# defaults to anonymous access for read
# only rootdn can write
# NO REFERRALS
# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile /var/run/openldap/slapd.pid
# enable a lot of logging - we might need it
# but generates huge logs
loglevel -1
# MODULELOAD definitions
# not required (comment out) before version 2.3
moduleload back_bdb.la
# NO TLS-enabled connections
# backend definition not required
#######################################################################
# bdb database definitions
#
# replace example and com below with a suitable domain
#
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################
database bdb
suffix "dc=example, dc=com"
# root or superuser
rootdn "cn=admin,dc=embrace,dc=com"
rootpw {SSHA}ZUUX0Ts4aWo2fB0b6fnWWP4WgcWIp8fZ
# The database directory MUST exist prior to running slapd AND
# change path as necessary
directory /var/lib/ldap
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber eq
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
修改管理員用戶
rootdn cn=admin,dc=embrace,dc=com
修改管理員密碼
- 通過slappasswd命令生成{SSHA}加密密碼
rootpw {SSHA}ZUUX0Ts4aWo2fB0b6fnWWP4WgcWIp8fZ
檢測配置有無問題
slaptest -f /etc/openldap/slapd.conf
- 可能會出現的問題
這個文件是在啓動的時候進行初始化的。我們先啓動它。
5. 啓動服務
- 修改權限
chown -R ldap.ldap /var/lib/ldap/
2.啓動服務
systemctl start slapd
3. 再次檢查配置
slaptest -f /etc/openldap/slapd.conf
4. 檢查服務狀態
systemctl status slapd
6. 添加測試用戶
cat >> /tmp/createdit.ldif <<EOF
## DEFINE DIT ROOT/BASE/SUFFIX ####
## uses RFC 2377 format
## replace example and com as necessary below
## or for experimentation leave as is
## dcObject is an AUXILLIARY objectclass and MUST
## have a STRUCTURAL objectclass (organization in this case)
# this is an ENTRY sequence and is preceded by a BLANK line
dn: dc=embrace,dc=com
dc: embrace
description: My wonderful company as much text as you want to place
in this line up to 32K continuation data for the line above must
have <CR> or <CR><LF> i.e. ENTER works
on both Windows and *nix system - new line MUST begin with ONE SPACE
objectClass: dcObject
objectClass: organization
o: embrace.com
## FIRST Level hierarchy - people
## uses mixed upper and lower case for objectclass
# this is an ENTRY sequence and is preceded by a BLANK line
dn: ou=people, dc=embrace,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit
## SECOND Level hierarchy
## ADD a single entry under FIRST (people) level
# this is an ENTRY sequence and is preceded by a BLANK line
# the ou: Human Resources is the department name
dn: cn=qiao,ou=people,dc=embrace,dc=com
objectclass: inetOrgPerson
cn: java
sn: java
uid: java
userpassword: 123
carlicense: HISCAR 123
homephone: 555-111-2222
mail: [email protected]
mail: [email protected]
mail: [email protected]
description: swell guy
ou: Human Resources
EOF
- 執行添加命令
ldapadd -x -D "cn=admin,dc=embrace,dc=com" -f /tmp/createdit.ldif -w 123456
2. 添加成功