(一)安装前的准备工作

(1)略 ip设为 192.168.1.10

(2)关闭selinux及iptables

(3)挂载光盘并把它设为本地yum源(略)

--------------------------------------------------------------------------------------------------

(二)安装LDAP软件openldap、openldap-servers、openldap-clients(openldap默认已安装)

# yum install openldap-servers openldap-clients -y

--------------------------------------------------------------------------------------------------(三)修改ldap的配置文件,它的的位置在/etc/openldap/slapd.conf

修改如下内容

suffix          "dc=yichunlan99,dc=com"         #设置目录信息树的后缀
rootdn          "cn=Manager,dc=yichunlan99,dc=com"    #设置LDAP管理者的DN

rootpw          zw                                                       #设置ldap的管理密码,也可设置经过加密的密码,使用slappasswd生成加密密码后复制到这里即可

-------------------------------------------------------------------------------------------------

(四)初始化ldap数据库

初始化ldap数据库有两种方式:离线添加和在线添加两种

1、离线添加

(1)生成数据库的配置文件

# cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

(2)添加ldap项目

# slapadd

dn:dc=yichunlan99,dc=com
objectclass:dcObject
objectclass:organization
o:yichunlan99 com
dc:yichunlan99

dn:cn=Manager,dc=yichunlan99,dc=com
objectclass:organizationalRole
cn:Manager

然后ctrl+D结束添加

(3)设置权限

#chown -R ldap.ldap /var/lib/ldap/

2、在线添加

在线添加需要先启动ldap服务

#service ldap start

使用一下命令在线添加

#ldapadd -x -W -D 'cn=Manager,dc=yichunlan99,dc=com' 

然后需要设置的管理密码,按提示设置即可

-------------------------------------------------------------------------------------------------

(五)测试添加的ldap项目

#slapcat

如果能显示添加的项目,就表示添加项目成功!!

--------------------------------------------------------------------------------------------------

(六)启动ldap服务

# service ldap start

(七)将ldap服务器的本机账号输入到ldpa数据库,作为域账号使用

1、在/usr/share/openldap/migration/目录下有将本机账号转换为域账号的工具

(1)设置migrate_common.ph修改如下内容

$DEFAULT_MAIL_DOMAIN = "yichunlan99.com";

$DEFAULT_BASE = "dc=yichunlan99,dc=com";

(2)修改migrate_all_online.sh,之让其处理/etc/passwd和/etc/group两项数据即可

修改后的内容为

#echo "Migrating aliases..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_aliases.pl        $ETC_ALIASES >> $DB
#echo "Migrating fstab..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_fstab.pl          $ETC_FSTAB >> $DB
echo "Migrating groups..."
$PERL -I${INSTDIR} ${INSTDIR}migrate_group.pl           $ETC_GROUP >> $DB
echo "Migrating hosts..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_hosts.pl          $ETC_HOSTS >> $DB
echo "Migrating networks..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_networks.pl       $ETC_NETWORKS >> $DB
echo "Migrating users..."
$PERL -I${INSTDIR} ${INSTDIR}migrate_passwd.pl          $ETC_PASSWD >> $DB
echo "Migrating protocols..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_protocols.pl      $ETC_PROTOCOLS >> $DB
echo "Migrating rpcs..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_rpc.pl            $ETC_RPC >> $DB
echo "Migrating services..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_services.pl       $ETC_SERVICES >> $DB
echo "Migrating netgroups..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_netgroup.pl       $ETC_NETGROUP >> $DB
echo "Migrating netgroups (by user)..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_netgroup_byuser.pl        $ETC_NETGROUP >> $DB
echo "Migrating netgroups (by host)..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_netgroup_byhost.pl        $ETC_NETGROUP >> $DB
(3)执行migrate_all_online.sh

#./migrate_all_online.sh

Enter the X.500 naming context you wish to import into: [dc=yichunlan99,dc=com]  #直接回车
Enter the hostname of your LDAP server [ldap]: localhost     #输入localhost,因为ldap服务器就是本机
Enter the manager DN: [cn=manager,dc=yichunlan99,dc=com]:   #直接回车
Enter the credentials to bind with:   #这地方需要输入设置的ldap管理密码
Do you wish to generate a DUAConfigProfile [yes|no]? no

Importing into dc=yichunlan99,dc=com...

Creating naming context entries...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
adding new entry "dc=yichunlan99,dc=com"
ldapadd: Already exists (68)

Importing into LDAP...
adding new entry "ou=Hosts,dc=yichunlan99,dc=com"

adding new entry "ou=Rpc,dc=yichunlan99,dc=com"

adding new entry "ou=Services,dc=yichunlan99,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=yichunlan99,dc=com"

adding new entry "ou=Mounts,dc=yichunlan99,dc=com"

adding new entry "ou=Networks,dc=yichunlan99,dc=com"

adding new entry "ou=People,dc=yichunlan99,dc=com"

adding new entry "ou=Group,dc=yichunlan99,dc=com"

adding new entry "ou=Netgroup,dc=yichunlan99,dc=com"

adding new entry "ou=Protocols,dc=yichunlan99,dc=com"

adding new entry "ou=Aliases,dc=yichunlan99,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=yichunlan99,dc=com"

adding new entry "cn=root,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=bin,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=daemon,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=sys,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=adm,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=tty,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=disk,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=lp,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=mem,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=kmem,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=wheel,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=mail,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=news,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=uucp,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=man,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=games,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=gopher,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=dip,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=ftp,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=lock,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=nobody,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=users,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=audio,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=nscd,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=utmp,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=utempter,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=floppy,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=vcsa,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=rpc,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=mailnull,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=smmsp,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=pcap,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=slocate,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=ntp,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=dbus,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=avahi,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=sshd,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=rpcuser,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=nfsnobody,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=haldaemon,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=avahi-autoipd,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=oprofile,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=xfs,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=stapdev,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=stapusr,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=gdm,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=sabayon,ou=Group,dc=yichunlan99,dc=com"

adding new entry "cn=ldap,ou=Group,dc=yichunlan99,dc=com"

adding new entry "uid=root,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=bin,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=daemon,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=adm,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=lp,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=sync,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=shutdown,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=halt,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=mail,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=news,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=uucp,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=operator,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=games,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=gopher,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=ftp,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=nobody,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=nscd,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=vcsa,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=rpc,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=mailnull,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=smmsp,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=pcap,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=ntp,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=dbus,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=avahi,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=sshd,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=rpcuser,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=nfsnobody,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=haldaemon,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=avahi-autoipd,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=oprofile,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=xfs,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=gdm,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=sabayon,ou=People,dc=yichunlan99,dc=com"

adding new entry "uid=ldap,ou=People,dc=yichunlan99,dc=com"

/usr/bin/ldapadd: succeeded     #提示我们已经设置成功!!!!

------------------------------------------------------------------------------------------------

至此,ldap服务器搭建成功!!!!!