linux 搭建OPENLDAP服务
作者:andy.zhang | 分类:Linux | 浏览:1194 | 日期:2015年11月13日[root@dev ~] # yum install openldap openldap-* -y [root@dev ~] # yum install nscd nss-pam-ldapd nss-* pcre pcre-* -y |
[root@dev ~] # cd /etc/openldap/ [root@dev openldap] # ll total 16 drwxr-xr-x. 2 root root 4096 Jul 13 20:10 certs -rw-r--r--. 1 root root 282 Jun 21 17:19 ldap.conf drwxr-xr-x 2 root root 4096 Jul 13 20:10 schema drwx------ 3 ldap ldap 4096 Jul 13 20:10 slapd.d |
|
[root@dev openldap] # slappasswd -s weyee {SSHA}4zVLzQItaa9wp00xF7oSynhPPNKfGyJ1
[root@dev openldap] # tail -1 /etc/openldap/slapd.conf rootpw {SSHA}6jZP4UfMlMfN0XKPch70R5+TiRCV+yT7 |
[root@dev openldap] # vim /etc/openldap/slapd.conf #以下参数大概在114行 database bdb #使用bdb数据库 suffix "dc=dev,dc=com" #定义dc,指定搜索的域 rootdn "cn=admin,dc=dev,dc=com" #定义管理员的dn,使用这个dn能登陆openldap |
[root@dev openldap] # vim /etc/openldap/slapd.conf loglevel 296 #定义日志级别 cachesize 1000 #换成条目数
|
[root@dev openldap] # vim /etc/openldap/slapd.conf #删除默认权限,将下面的内容都删除 database config access to * by dn.exact= "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none # enable server status monitoring (cn=monitor) database monitor access to * by dn.exact= "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact= "cn=Manager,dc=my-domain,dc=com" read by * none #添加新的权限(这是2.3的权限设置方式) access to * by self write by anonymous auth by * read |
[root@dev openldap] # cp /etc/rsyslog.conf /etc/rsyslog.conf_`date +%Y%m%d`.bak #往配置文件中增加如下内容 [root@dev openldap] # tail -1 /etc/rsyslog.conf local4.* /var/log/ldap .log |
#重启rsyslog服务 [root@dev openldap] # /etc/init.d/rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ] |
#创建数据文件 [root@dev openldap] # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@dev openldap] # chown ldap.ldap /var/lib/ldap/DB_CONFIG [root@dev openldap] # chmod 700 /var/lib/ldap/ [root@dev openldap] # ll /var/lib/ldap/ total 4 -rw-r--r-- 1 ldap ldap 845 Jul 13 21:05 DB_CONFIG [root@dev openldap] # egrep -v "\#|^$" /var/lib/ldap/DB_CONFIG set_cachesize 0 268435456 1 set_lg_regionmax 262144 set_lg_bsize 2097152 [root@dev openldap] # slaptest -u #检查配置文件是否正常 config file testing succeeded |
[root@dev openldap] # egrep -v "\#|^$" /var/lib/ldap/DB_CONFIG set_cachesize 0 268435456 1 set_lg_regionmax 262144 set_lg_bsize 2097152 [root@dev openldap] # slaptest -u config file testing succeeded [root@dev openldap] # egrep -v "^#|^$" /etc/openldap/slapd.conf include /etc/openldap/schema/corba .schema include /etc/openldap/schema/core .schema include /etc/openldap/schema/cosine .schema include /etc/openldap/schema/duaconf .schema include /etc/openldap/schema/dyngroup .schema include /etc/openldap/schema/inetorgperson .schema include /etc/openldap/schema/java .schema include /etc/openldap/schema/misc .schema include /etc/openldap/schema/nis .schema include /etc/openldap/schema/openldap .schema include /etc/openldap/schema/ppolicy .schema include /etc/openldap/schema/collective .schema allow bind_v2 pidfile /var/run/openldap/slapd .pid argsfile /var/run/openldap/slapd .args TLSCACertificatePath /etc/openldap/certs TLSCertificateFile "\"OpenLDAP Server\"" TLSCertificateKeyFile /etc/openldap/certs/password access to * by self write by anonymous auth by * read database bdb suffix "dc=dev,dc=com" checkpoint 1024 15 rootdn "cn=admin,dc=dev,dc=com" directory /var/lib/ldap index objectClass eq ,pres index ou,cn,mail,surname,givenname eq ,pres,sub index uidNumber,gidNumber,loginShell eq ,pres index uid,memberUid eq ,pres,sub index nisMapName,nisMapEntry eq ,pres,sub rootpw {SSHA}6jZP4UfMlMfN0XKPch70R5+TiRCV+yT7 loglevel 296 cachesize 1000 checkpoint 2048 10 |
[root@mail slapd.d]# /etc/init.d/slapd restart Stopping slapd: [FAILED] /var/lib/ldap/__db.002 is not owned by "ldap" [WARNING] /var/lib/ldap/dn2id.bdb is not owned by "ldap" [WARNING] /var/lib/ldap/__db.006 is not owned by "ldap" [WARNING] /var/lib/ldap/__db.003 is not owned by "ldap" [WARNING] /var/lib/ldap/alock is not owned by "ldap" [WARNING] /var/lib/ldap/log.0000000001 is not owned by "ldap" [WARNING] /var/lib/ldap/__db.005 is not owned by "ldap" [WARNING] /var/lib/ldap/id2entry.bdb is not owned by "ldap" [WARNING] /var/lib/ldap/__db.004 is not owned by "ldap" [WARNING] /var/lib/ldap/__db.001 is not owned by "ldap" [WARNING] Starting slapd: [FAILED]
并用chown -R ldap:ldap ./cn=config(注:用tab键补全之后显示不一样,不要紧,因为目录中含用=)
[root@mail ldap]# /etc/init.d/slapd restart Stopping slapd: [ OK ] Starting slapd: [ OK ] 看到这两个OK就证明服务可以了。 接着按装LAM(Ldap Account Manager) 前题是要先装好LAMP(或LNMP环境) |
http://pan.baidu.com/s/1o6tjDG2 到这个地址去下,版本是4.4的。 用tar解压然后 ./configure --with-httpd-user=www --with-httpd-group=www --with-web-root=/data/www.itchenyi.com/lam (注意:with-httpd-user,这里是apache的运行用户,with-httpd-group,这是apache的运行组,with-web-root,这里是LAM的所在目录,) make install 之后就到目录下,把目录的属主和属组改成apache的运行用户和组,最后把lam下的config目录下复制一份 config.conf和lam.conf 最后,把lam.conf里的关于ldap服务器的地址改成你自己的服务器地址即可。 |