LDAP-源码版-部署及应用

                            <Alvin-zeng:孤独0-1>

目录

一、LDAP软件安装1

1.1、安装BerkeleyDB1

1.2、安装LDAP2

1.3、创建用户及设置软连接2

1.4配置LDAP文件2

1.5、测试并、查看监听端口3

1.6、安装ldapphpadmin 管理工具3

二、LDAP数据添加3

2.1、添加主域名树根example.com3

2.2、添加二级OU组织3

2.3、添加用户组4

2.4、添加用户4

2.5、配置客户端验证5














一、 LDAP软件安装

1.1、安装BerkeleyDB

db-4.8.26.tar.gz    兼容ldap-2.4.23,

openldap-stable-20100719-2.4.23.tgz

[root@test-1 /]#yum -y install openldap-clientsphp-ldapopenldap-servers

[root@test-1 /]# /etc/init.d/ldap stop

[root@test-1 /]# tar xvf db-4.8.26.tar.gz

[root@test-1 /]# cd db-4.8.26

[root@test-1 /]#cd build_unix/

[root@test-1 /]#../dist/configure

[root@test-1 /]# make && make install

为了防止LDAP安装出错。需要调整变量

[root@test-1 /]#CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include"

[root@test-1 /]#export CPPFLAGS

[root@test-1 /]#LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.8/lib -R/usr/local/BerkeleyDB.4.8/lib"

[root@test-1 /]#export LDFLAGS

[root@test-1 /]#LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.8/lib"

[root@test-1 /]#export LD_LIBRARY_PATH

1.2、安装LDAP

[root@test-1 /]#tar xvf openldap-stable-20100719.tgz

[root@test-1 /]#cd openldap-2.4.23/

[root@test-1 /]#./configure --prefix=/usr/local/openldap/ --with-tls --with-cyrus-sasl --enable-spasswd --enable-kpasswd --with-kerberos --with-threads --enable-wrappers --enable-bdb

Redhat6.0安装错误的提示” could not find TCP_wrappers,” 解决办法yum y install tcp_*


[root@test-1 /]#make depend

[root@test-1 /]#make

[root@test-1 /]#make install

1.3、创建用户及设置软连接

[root@test-1 /]# groupadd ldap && useradd g ldap ldap

[root@test-1 /]# chown R ldap:ldap /usr/local/openldap/

[root@test-1 /]#ln -s /usr/local/openldap/sbin/slappasswd/usr/sbin/slappasswd-a

[root@test-1 /]#ln -s /usr/local/openldap/sbin/slaptest /usr/sbin/slaptest-a

[root@test-1 /]# ln -s /usr/local/openldap/libexec/slapd /etc/init.d/ldapd

[root@test-1 /]#ln -s /usr/local/openldap/etc/openldap/slapd.conf  /etc/openldap/slapd.conf-a

1.4、 配置LDAP文件

[root@test-1 /]# slappasswd

{SSHA}Vi7IF78RRQnQ9EnYKn+g+i0BORpQVgj3

[root@test-1 /]#vim /usr/local/openldap/etc/openldap/slapd.conf

include         /usr/local/openldap//etc/openldap/schema/core.schema

include         /usr/local/openldap/etc/openldap/schema/corba.schema

include         /usr/local/openldap/etc/openldap/schema/cosine.schema

include         /usr/local/openldap/etc/openldap/schema/dyngroup.schema

include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema

include         /usr/local/openldap/etc/openldap/schema/java.schema

include         /usr/local/openldap/etc/openldap/schema/misc.schema

include         /usr/local/openldap/etc/openldap/schema/nis.schema

include         /usr/local/openldap/etc/openldap/schema/openldap.schema


database         bdb#:使用DB

suffix          "dc=zeng,dc=com"#:DN根域名

rootdn          "cn=root,dc=zeng,dc=com"#:登陆帐户设置

rootpw          {SSHA}Vi7IF78RRQnQ9EnYKn+g+i0BORpQVgj3  #:slappasswd 加密过的密码

最末行加添加以下行

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

[root@test-1 /]#cd /usr/local/openldap/var/openldap-data && cp DB_CONFIG.example DB_CONFIG

[root@test-1 /]# slaptest#:测试配置文件是否正确

[root@test-1 /]# /etc/init.d/ldap start#:开始启动服务

1.5、测试并、查看监听端口

[root@test-1 /]# ps -ef | grep ldap

root     12051     1  0 01:49 ?        00:00:00 /etc/init.d/ldap start

[root@test-1 /]#netstat -nap |grep 389

tcp    0   0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      12051/ldap          

tcp    0      0 :::389                      :::*                    LISTEN      12051/ldap

[root@test-1 /]# ldapsearch -x -b '' -s base '(objectclass=*)'

注意:-b 后面是两个单引号,用来阻止特殊字符被Shell 解析。

1.6、安装ldapphpadmin 管理工具

[root@test-1 /]# unzip phpldapadmin-1.2.0.5.zip

[root@test-1/]#cp /test/phpldapadmin/config/config.php.example/test/phpldapadmin/config/config.php

[root@test-1/]# mv /test/ phpldapadmin /var/www/html/phpadmin

找到$servers->setValue('server','name','My LDAP Server');

将下面的子属性注释掉

$servers->setValue('server','host','localhost');

$servers->setValue('server','port',389);

$servers->setValue('server','base',array('dc=zeng,dc=com'));

$servers->setValue('login','auth_type','session');

$servers->setValue('login','bind_id','cn=root,dc=zeng,dc=com');

$servers->setValue('login','bind_pass','secret');

[root@test-1 /]# /etc/init.d/httpd start

二、 LDAP数据添加

2.1、添加主域名树根example.com

[root@test-1 /]# vim 1.ldif

dn: dc=example,dc=com

objectclass: dcobject

objectclass: organizationalUnit

dc: example

ou: example

[root@test-1 /]#ldapadd v c x D cn=root,dc=example,dc=comw 123 f 1.ldif

2.2、添加二级OU组织

[root@test-1 /]# vim 2.ldif

dn: ou=group,dc=example,dc=com

objectclass: organizationalUnit

ou: group

2.3、添加用户组

[root@test-1 /]# mkdir /tmp/test && cd /tmp/test

[root@test-1 /]#groupadd user && cat /etc/group > usergroup.in

[root@test-1 /]#cd /usr/share/openldap/migration/

[root@test-1 /]#./migrate_group.pl /tmp/test/usergroup.in > /tmp/test/usergroup.ldif

[root@test-1 /]# vim /tmp/test/usergroup.ldif

dn: cn=user,ou=group,dc=example,dc=com

objectClass: posixGroup

objectClass: top

cn: user

userPassword: {crypt}x

gidNumber: 500

[root@test-1 /]#ldapadd v c x D cn=root,dc=example,dc=comw 123 f /tmp/test/usergroup.ldif

adding new entry "cn=user,ou=group,dc=example,dc=com"

modify complete

GID:500       和下面的用户GID一样

2.4、添加用户

[root@test-1 /]# vim /tmp/test/list.user

user01 123

user02 123

user03 123

user04 123

user05 123

user06 123

[root@test-1 /]#for zeng in `awk '{print $1}' /tmp/test/list.usr`; do useradd $zeng; grep "\<$zeng\>" /tmp/test/list.usr | awk '{print $2}' | passwd --stdin $zeng; done

passwd: all authentication tokens updated successfully.

passwd: all authentication tokens updated successfully.

passwd: all authentication tokens updated successfully.


[root@test-1 /]# cat /etc/passwd > /tmp/test/list.in

[root@test-1 /]#vim /tmp/test/list.in

user01:x:500:500::/home/user01:/bin/bash    ##GID改成500,加入上面的user

user02:x:501:500::/home/user02:/bin/bash

user03:x:502:500::/home/user03:/bin/bash

user04:x:503:500::/home/user04:/bin/bash

user05:x:504:500::/home/user05:/bin/bash

user06:x:505:500::/home/user06:/bin/bash

user07:x:506:500::/home/user07:/bin/bash

[root@test-1 /]#./migrate_passwd.pl /tmp/test/list.in > /tmp/test/list.ldif

[root@test-1 /]#cat /tmp/test/list.ldif

dn: uid=user01,ou=group,dc=example,dc=com   ##指定正确的OU/

uid: user01

cn: user01

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword: {crypt}$1$Za0PIA24$5uY5GiiZ4LDhYABNgmcj1/

shadowLastChange: 15075

shadowMin: 0

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 500

gidNumber: 501

homeDirectory: /home/user01

[root@test-1 /]#ldapadd -v -x -c -D "cn=root,dc=example,dc=com" -w 123 -f /tmp/test/list.ldif

ldap_initialize( )

add uid:
user01

add cn:

user01

adding new entry "uid=user01,ou=group,dc=example,dc=com"

modify complete

2.5、配置客户端验证

[root@test-1 /]# authconfig-tui

[root@test-1 /]#vim /etc/pam.d/system-auth

session     required      pam_mkhomedir.so skel=/etc/skel umask=0022