安装ldap:
yum install -y openldap openldap-servers openldap-clients openldap-devel
配置ldap:
cd /etc/openldap/
cp /usr/share/openldap-servers/slapd.conf.obsolete ./slapd.conf
执行下面命令创建密文密码:
slappasswd
{SSHA}KxwI67Nyx7DcIZ0CF2VZ8flzehuxKi1k
vi slap.conf:
#
# database definitions
#
database bdb
suffix "dc=asiainfo,dc=com"
checkpoint 1024 15
rootdn "cn=root,dc=asiainfo,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}KxwI67Nyx7DcIZ0CF2VZ8flzehuxKi1k
cd /var/lib/ldap
cp /usr/share/openldap-servers/DB_CONFIG.example ./DB_CONFIG
rm -rf /etc/openldap/slapd.d/*
chown -R ldap:ldap /etc/openldap/slapd.d
slaptest -u -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart
ldap添加用户:
cat /etc/passwd |grep ha_test> testpwd.in
/usr/share/migrationtools/migrate_passwd.pl testpwd.in > testpwd.ldif
ldapadd -x -D "cn=root,dc=asiainfo,dc=com" -w 123456 -f testpwd.ldif
ldapsearch -x -b 'dc=asiainfo,dc=com' |grep ha_test
ldapsearch -x -H ldap://host-10-1-236-51 -b "dc=asiainfo,dc=com" |grep uid=ha_test
ldap添加日志:
vi slapd.conf
loglevel 4095
vi /etc/rsyslog.conf
local4.* /var/log/openldap.log
ldap启动:
service rsyslog restart
service slapd restart