/tags/openldap/Recent content in OpenLDAP on My BlogHugoen-usTue, 05 Jan 2016 00:00:00 +0000/2016/01/05/openldap%E5%AE%89%E8%A3%85%E8%AF%B4%E6%98%8E/Tue, 05 Jan 2016 00:00:00 +0000/2016/01/05/openldap%E5%AE%89%E8%A3%85%E8%AF%B4%E6%98%8E/<!-- toc --> <p>[TOC]</p> <h1 id="安装-openldap-准备">安装 openLDAP 准备</h1> <ul> <li>完成各个相互通信的节点的域名解析（DNS）</li> <li>完成 NFS 将master节点 home目录挂载到其他节点同一路径下</li> <li>服务器IP、域名、主机名：172.16.10.10 maste.example.com master</li> <li>关闭防火墙</li> </ul> <h1 id="搭建-ldap-服务器">搭建 LDAP 服务器</h1> <ul> <li>yum 下载安装</li> </ul> <pre tabindex="0"><code>$ yum install openldap* migrationtools -y </code></pre><ul> <li>设置 LDAP 管理密码</li> </ul> <pre tabindex="0"><code>$ slappasswd New password: Re-enter new password: {SSHA}b28RwTpbqZ5/kxro785tKExdK4uyOX7T ///此密码自行妥善保存 </code></pre><ul> <li>进入配置目录</li> </ul> <pre tabindex="0"><code>$ cd /etc/openldap/slapd.d/cn=config </code></pre><ul> <li>编辑文件</li> </ul> <pre tabindex="0"><code>$ vim olcDatabase={2}hdb.ldif </code></pre><pre tabindex="0"><code>替换dc=my-domain,dc=com olcSuffix: dc=sg-ai,dc=com olcRootDN: cn=Manager,dc=sg-ai,dc=com 在文档底部加上： olcRootPW: {SSHA}b28RwTpbqZ5/kxro785tKExdK4uyOX7T olcTLSCertificateFile: /etc/pki/tls/certs/sg-ai.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/sg-aikey.pem </code></pre><pre tabindex="0"><code>$ vim olcDatabase={1}monitor.ldif </code></pre><blockquote> <p>同样替换dc=my-domain,dc=com olcAccess: {0}to * by dn.base=&ldquo;gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth&rdquo; read by dn.base=&ldquo;cn=Manager,dc=linuxhelp,dc=com&rdquo; read by * none</p>