04-openldap-数据库配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
[root@ldap-server ldap]
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldap-server ldap]
# chown -R ldap:ldap /etc/openldap/
[root@ldap-server ldap]
# chown -R ldap:ldap /var/lib/ldap/
[root@ldap-server ldap]
# chmod 700 /var/lib/ldap/
[root@ldap-server ldap]
#
[root@ldap-server ldap]
# ls /var/lib/ldap/
DB_CONFIG
[root@ldap-server ldap]
# slaptest -u
config
file
testing succeeded
[root@ldap-server ldap]
#
最终的配置文件
[root@ldap-server ldap]
# egrep -v '^#|^.*#' /etc/openldap/slapd.conf
include
/etc/openldap/schema/corba
.schema
include
/etc/openldap/schema/core
.schema
include
/etc/openldap/schema/cosine
.schema
include
/etc/openldap/schema/duaconf
.schema
include
/etc/openldap/schema/dyngroup
.schema
include
/etc/openldap/schema/inetorgperson
.schema
include
/etc/openldap/schema/java
.schema
include
/etc/openldap/schema/misc
.schema
include
/etc/openldap/schema/nis
.schema
include
/etc/openldap/schema/openldap
.schema
include
/etc/openldap/schema/ppolicy
.schema
include
/etc/openldap/schema/collective
.schema
allow bind_v2
pidfile
/var/run/openldap/slapd
.pid
argsfile
/var/run/openldap/slapd
.args
TLSCACertificatePath
/etc/openldap/certs
TLSCertificateFile
"\"OpenLDAP Server\""
TLSCertificateKeyFile
/etc/openldap/certs/password
access to *
#此处需要修改,原来的一部分删除
by self write
by anonymous auth
by *
read
databasebdb
suffix
"dc=etiantian,dc=org"
checkpoint2048 10
rootdn
"cn=admin,dc=etiantian,dc=org"
loglevel296
cachesize1000
directory
/var/lib/ldap
index objectClass
eq
,pres
index ou,cn,mail,surname,givenname
eq
,pres,sub
index uidNumber,gidNumber,loginShell
eq
,pres
index uid,memberUid
eq
,pres,sub
index nisMapName,nisMapEntry
eq
,pres,sub
rootpw{SSHA}+OjqniWD7vyzN9D9vRbYRE6KvI3Hjrw1
启动ldap
[root@ldap-server ldap]
# /etc/init.d/slapd restart
停止 slapd: [失败]
正在启动 slapd: [确定]
[root@ldap-server ldap]
#
[root@ldap-server ldap]
# chkconfig slapd on
[root@ldap-server ldap]
# chkconfig --list slapd
slapd 0:关闭1:关闭2:启用3:启用4:启用5:启用6:关闭
[root@ldap-server ldap]
#
[root@ldap-server ldap]
# lsof -i:389
COMMAND PID USER FD TYPE DEVICE SIZE
/OFF
NODE NAME
slapd 1470 ldap 7u IPv4 11434 0t0 TCP *:ldap (LISTEN)
slapd 1470 ldap 8u IPv6 11435 0t0 TCP *:ldap (LISTEN)
[root@ldap-server ldap]
#
[root@ldap-server ldap]
# ps -ef |grep ldap
ldap 1470 1 0 10:53 ? 00:00:00
/usr/sbin/slapd
-h ldap:
///
ldapi:
///
-u ldap
root 1481 1287 0 10:55 pts
/0
00:00:00
grep
ldap
[root@ldap-server ldap]
#
[root@ldap-server ldap]
# tail -f /var/log/ldap.log
Mar 25 10:59:51 ldap-server slapd[1603]: @(
#) $OpenLDAP: slapd 2.4.40 (May 10 2016 23:30:49) $#012#[email protected]:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
启动校验是否正确:
[root@ldap-server ldap]
# ldapsearch -LLL -W -x -H ldap://etiantian.org -D "cn=admin,dc=etiantian,dc=org" -b "dc=etiantian,dc=org"
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@ldap-server ldap]
#
解决办法:
root@ldap-server ldap]
# rm -rf /etc/openldap/slapd.d/*
[root@ldap-server ldap]
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
[root@ldap-server ldap]
# chown -R ldap:ldap /etc/openldap/
[root@ldap-server ldap]
# /etc/init.d/slapd restart
停止 slapd: [确定]
正在启动 slapd: [确定]
[root@ldap-server ldap]
#
[root@ldap-server ldap]
# ldapsearch -LLL -W -x -H ldap://etiantian.org -D "cn=admin,dc=etiantian,dc=org" -b "dc=etiantian,dc=org"
Enter LDAP Password:
No such object (32)
#表示正确
[root@ldap-server ldap]
#
|
本文转自 小小三郎1 51CTO博客,原文链接:http://blog.51cto.com/wsxxsl/1910268,如需转载请自行联系原作者