Centos6.8:(BASE:2.3.X)
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
$ uname -a Linux ldap.t4x.org 2.6.32-642.el6.x86_64 #1 SMP Tue May 10 17:27:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux $ rpm -aq|grep openldap openldap-2.4.40-16.el6.x86_64 $ cd /etc/openldap/ $ yum install cyrus-sasl cyrus-sasl-devel libtool-ltdl unixODBC openldap openldap-devel openldap-servers openldap-clients openldap-servers-sql $ yum install nscd nss-pam-ldapd nss nss-devel pcre pcre-devel $ yum install vim wget lrzsz -y $ cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf $ cp slapd.conf slapd.conf.$(date +%F) $ slappasswd -s admin | sed -e "s#{SSHA}#rootpw\t{SSHA}#g" >>slapd.conf $ echo "loglevel 296" >>slapd.conf $ echo "cachesize 1000" >>slapd.conf $ cp /etc/rsyslog.conf /etc/rsyslog.conf.$(date +%F) $ echo "local4.* /var/log/ldap.log" >> /etc/rsyslog.conf $ /etc/init.d/rsyslog restart $ rm -fr /var/lib/ldap/* $ cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG $ chown ldap.ldap /var/lib/ldap/DB_CONFIG $ slaptest -u config file testing succeeded $ rm -rf /etc/openldap/slapd.d/* $ slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ $ chown -R ldap.ldap /etc/openldap/slapd.d/* $ /etc/init.d/slapd start Starting slapd: [ OK ] $ netstat -tunlp|grep 389 tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1931/slapd tcp 0 0 :::389 :::* LISTEN 1931/slapd $ echo "10.4.0.10 ldap.t4x.org" >> /etc/hosts $ ldapsearch -LLL -w admin -x -H ldap://ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" No such object (32) $ ldapsearch -LLL -w admin -x -H ldap://ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" "(uid=*)" No such object (32) |
LDAP配置文件:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
$ grep -v "^#\|^$" /etc/openldap/slapd.conf include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificatePath /etc/openldap/certs TLSCertificateFile "\"OpenLDAP Server\"" TLSCertificateKeyFile /etc/openldap/certs/password access to * by self write by anonymous auth by * read database bdb suffix "dc=ldap,dc=t4x,dc=org" checkpoint 2048 10 rootdn "cn=admin,dc=ldap,dc=t4x,dc=org" directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub rootpw {SSHA}UtqjQw3o/g9j3WnGLaApKDHy2k2bu3fG loglevel 296 cachesize 1000 |
安装ldap-account-manager:(WEB)
|
0 1 2 3 4 5 6 7 8 9 10 11 12 |
$ yum install httpd php php-ldap php-gd # $ wget https://excellmedia.dl.sourceforge.net/project/lam/LAM/3.7/ldap-account-manager-3.7.tar.gz $ wget https://jaist.dl.sourceforge.net/project/lam/LAM/6.4/ldap-account-manager-6.4.tar.bz2 $ tar fvxj ldap-account-manager-6.4.tar.bz2 $ tar zxf ldap-account-manager-3.7.tar.gz $ mv ldap-account-manager-3.7 ldap $ cd ldap/config $ cp config.cfg_sample config.cfg $ cp lam.conf_sample lam.conf $ sed -i 's/cn=Manager/cn=admin/g' lam.conf $ sed -i 's/dc=my-domain/dc=ldap,dc=t4x/g' lam.conf $ sed -i 's/dc=com/dc=org/g' lam.conf chown -R apache.apache /var/www/html/ldap |
base:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
$ ldapsearch -LLL -w admin -x -H ldap://ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" > /tmp/base.ldif $ cat /tmp/base.ldif #最后一行空格必须存在 dn: dc=ldap,dc=t4x,dc=org objectClass: organization objectClass: dcObject dc: ldap o: ldap dn: ou=People,dc=ldap,dc=t4x,dc=org objectClass: organizationalUnit ou: People dn: ou=group,dc=ldap,dc=t4x,dc=org objectClass: organizationalUnit ou: group dn: ou=machines,dc=ldap,dc=t4x,dc=org objectClass: organizationalUnit ou: machines #最后一行空格必须存在 |
user:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
$ ldapsearch -LLL -w admin -x -H ldap://ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" "(uid=*)" > /tmp/user.ldif $ cat /tmp/user.ldif #最后一行空格必须存在 dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/byrd loginShell: /bin/bash uid: byrd cn: byrd uidNumber: 10000 gidNumber: 10000 sn: byrd description: CTO userPassword:: e1NTSEF9RnNaUHFGQVJmUTRlZEtNS2FKQUxGKy9KaUZqT2dvSW0= dn: uid=usermarkting01,ou=People,dc=ldap,dc=t4x,dc=org objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/usermarkting01 loginShell: /bin/bash uid: usermarkting01 cn: usermarkting01 uidNumber: 10001 gidNumber: 10001 sn: usermarkting01 userPassword:: e1NTSEF9U2Z1MFo4OEh3RjQ4b1FLVGlwSGNSL1pFbFR1aUJVdUI= #最后一行空格必须存在 |
all:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
$ ldapsearch -LLL -w admin -x -H ldap://ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" >/tmp/all.ldif $ cat /tmp/all.ldif #最后一行空格必须存在 dn: dc=ldap,dc=t4x,dc=org objectClass: organization objectClass: dcObject dc: ldap o: ldap dn: ou=People,dc=ldap,dc=t4x,dc=org objectClass: organizationalUnit ou: People dn: ou=group,dc=ldap,dc=t4x,dc=org objectClass: organizationalUnit ou: group dn: ou=machines,dc=ldap,dc=t4x,dc=org objectClass: organizationalUnit ou: machines dn: cn=OP,ou=group,dc=ldap,dc=t4x,dc=org objectClass: posixGroup gidNumber: 10000 cn: OP userPassword:: e1NTSEF9ZGp2Z3FNbm5IZXJwbGpIbHFhYURzUjN1dE5QYzNWTGo= description:: 6L+Q57u057uE dn: cn=Markting,ou=group,dc=ldap,dc=t4x,dc=org objectClass: posixGroup gidNumber: 10001 cn: Markting description:: 5biC5Zy66JCl6ZSA dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/byrd loginShell: /bin/bash uid: byrd cn: byrd uidNumber: 10000 gidNumber: 10000 sn: byrd description: CTO userPassword:: e1NTSEF9RnNaUHFGQVJmUTRlZEtNS2FKQUxGKy9KaUZqT2dvSW0= dn: uid=usermarkting01,ou=People,dc=ldap,dc=t4x,dc=org objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/usermarkting01 loginShell: /bin/bash uid: usermarkting01 cn: usermarkting01 uidNumber: 10001 gidNumber: 10001 sn: usermarkting01 userPassword:: e1NTSEF9U2Z1MFo4OEh3RjQ4b1FLVGlwSGNSL1pFbFR1aUJVdUI= #最后一行空格必须存在 |
用户导入测试:
|
0 1 2 3 4 |
[root@ldap config]# ldapadd -x -H ldap://ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -W -f /tmp/user.ldif Enter LDAP Password: adding new entry "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" adding new entry "uid=usermarkting01,ou=People,dc=ldap,dc=t4x,dc=org" |
用户测试:SourceByrd's Weblog-https://note.t4x.org/service/install-openldap-server/
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
$ ldapsearch -x -w admin -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -b "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" # extended LDIF # # LDAPv3 # base <uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # byrd, People, ldap.t4x.org dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/byrd loginShell: /bin/bash uid: byrd cn: byrd uidNumber: 10000 gidNumber: 10000 sn: byrd description: CTO userPassword:: e1NTSEF9RnNaUHFGQVJmUTRlZEtNS2FKQUxGKy9KaUZqT2dvSW0= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 |
测试:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
$ saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap $ grep "MECH=" /etc/sysconfig/saslauthd MECH=shadow $ testsaslauthd -uuser001 -padmin 0: NO "authentication failed" $ tail -f /var/log/messages Aug 12 15:17:16 ldap saslauthd[1849]: do_auth : auth failure: [user=user001] [service=imap] [realm=] [mech=shadow] [reason=Unknown] $ setenforce 0 $ testsaslauthd -uuser001 -padmin 0: OK "Success." $ grep "MECH=" /etc/sysconfig/saslauthd MECH=ldap $ testsaslauthd -ubyrd -padmin 0: NO "authentication failed" $ cat /etc/saslauthd.conf ldap_servers:ldap://ldap.t4x.org ldap_bind_dn: cn=admin,dc=ldap,dc=t4x,dc=org ldap_bind_pw: admin ldap_search_base: ou=People,dc=ldap,dc=t4x,dc=org ldap_filter: uid=%U ldap_password_attr: userPassword $ testsaslauthd -ubyrd -padmin 0: OK "Success." $ testsaslauthd -uusermarkting01 -padmin 0: OK "Success." |
Centos 7.5:
|
0 1 2 3 |
$ rpm -aq |grep ldap openldap-2.4.44-13.el7.x86_64 $ yum install cyrus-sasl cyrus-sasl-devel libtool-ltdl unixODBC openldap openldap-devel openldap-servers openldap-clients openldap-servers-sql $ yum install nscd nss-pam-ldapd nss nss-devel pcre pcre-devel |
错误解决:SourceByrd's Weblog-https://note.t4x.org/service/install-openldap-server/
SourceByrd's Weblog-https://note.t4x.org/service/install-openldap-server/SourceByrd's Weblog-https://note.t4x.org/service/install-openldap-server/1:ldap_bind: Invalid credentials (49)
2:additional info: objectClass: value #0 provided more than once
lnif文件最后一行缺少空格 SourceByrd's Weblog-https://note.t4x.org/service/install-openldap-server/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
