openldap 安装
在 CentOS 6 安装 LDAP Server
环境: CentOS 6.2, openldap 2.4.23
1.安装openldap
yum install openldap-servers openldap-clients
2.拷贝配置文件
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
3.设置LDAP管理员的口令
#slappasswd
New password:
Re-enter new password:
{SSHA}M4bEGT2uNTumymS90+R0E1m5zDM2H7vf
4.将生成的密码对应到rootpw,并设置suffix
vi /etc/openldap/slapd.conf
:%s/dc=my-domain/dc=csdn/g
rootpw {SSHA}M4bEGT2uNTumymS90+R0E1m5zDM2H7vf # 要用tab键补齐
5.启用 openldap 加密传输
cd /etc/pki/tls/certs
make slapd.pem
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Csdn Ins.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:puppet-exserver.csdn.net
Email Address []:
6.设置slapd.pem的权限,交链接到/etc/openldap/certs/slapd.pem
chmod 640 slapd.pem
chown :ldap slapd.pem
ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/certs/slapd.pem
7.开启ldaps支持
vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes
8.指定文书文件的路径
vi /etc/openldap/slapd.conf
添加以下�热荩�注释默认的TLS条目:
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
9.配置ldap.conf文件
vi /etc/openldap/ldap.conf
#加入以下�热�:
URI ldap://127.0.0.1
BASE dc=csdn,dc=net
TLS_CACERTDIR /etc/openldap/certs
TLS_REQCERT never
10.创建ldif文件
vi /root/root.ldif
#csdn
dn: dc=csdn,dc=net
dc: csdn
objectClass: dcObject
objectClass: organizationalUnit
ou: csdn
#pongo
dn: ou=pongo,dc=csdn,dc=net
ou: pongo
objectClass: organizationalUnit
rm -rf /etc/openldap/slapd.d/*
11.将ldif文件添加到ldap
slapadd -n 2 -l /root/root.ldif
12.测试并设置ldap的所属用户和组并重启slapd服务
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart
13.测试:
ldapsearch -x -ZZ -h localhost (TLS)
ldapsearch -x -H ldaps://localhost (SSL)