- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2017-5-24 18:25:56
|
显示全部楼层
Step 2: Configure OpenLDAP Server: 2 W, T2 `1 N" {1 c
[root@HBC-CtrlCenter ~]# vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif3 D2 L. s. C1 L& G& I4 t1 A* A
change two lines: #change dc=yooma
" B! g/ l. l; nolcSuffix: dc=yooma,dc=com , d8 H; o8 a* g0 n# c0 p, N
olcRootDN: cn=root,dc=yooma,dc=com$ T7 l/ N q; A' o
add one line:" ]5 A; E, j% l- q% D" h0 ]; k
olcRootPW: 123456 #密码根据自己需要修改0 P' X, t2 R7 Q" ~1 ~3 n
:wq!
. b/ v8 x1 T. w* S' l- U1 yStep 3: Configure Monitoring Database Configuration file:
1 n% d# ]) g1 F; Q; F[root@HBC-CtrlCenter ~]# vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif( H b! `+ X$ I
#修改dn.base=""中的cn、dc项与step2中的相同6 L! d8 f( ]- T F# U
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern# W8 H/ { e5 g9 a3 @. q9 Y
al,cn=auth" read by dn.base="cn=root,dc=yooma,dc=com" read by * none! o6 Q1 h" x9 C" ^
:wq!
! Z+ v8 m9 t* I' [8 KStep 4: Prepare the LDAP database:
) N5 n, T. O/ U( U8 {[root@HBC-CtrlCenter ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG2 ~$ p7 ]/ `9 ~* Y* z
[root@HBC-CtrlCenter ~]# chown -R ldap.ldap /var/lib/ldap
5 o. r' C- T' l8 Z6 k4 oStep 5: Test the configuration:" i& C5 z o5 \8 h- T. N
6 Y7 H. a* y9 z F. n3 p" I' @[root@HBC-CtrlCenter ~]# slaptest -u
3 b% C* T, I y5 L4 B& N/ s# `56e7c83d ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"0 U) _. i' L0 h
56e7c83d ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"/ T8 A. N7 D7 Y' C4 n! R
config file testing succeeded #验证成功* @) U8 |. p& k7 J {3 N& P
Step 6: Start and enable the slapd service at boot: * q& [; e! g! X+ [- Z2 V& C4 |. a
[root@HBC-CtrlCenter ~]# systemctl start slapd
9 x+ ]4 M9 s; V[root@HBC-CtrlCenter ~]# systemctl enable slapd
0 t" t$ e3 g; N! J' QStep 7: Check the LDAP activity:2 w; B* O$ S% y( m, F; n/ T$ \
+ t9 V) \" F8 u[root@HBC-CtrlCenter ~]# netstat -lt | grep ldap
: G9 @& O. m" |6 T6 Ftcp 0 0 0.0.0.0:ldap 0.0.0.0:* LISTEN & a" Q0 L7 S' o; u8 V
tcp6 0 0 [::]:ldap [::]:* LISTEN
4 y3 F& [4 B# e! Q" }8 X[root@HBC-CtrlCenter ~]# netstat -tunlp | egrep "389|636"
* S* H8 W- z& f4 t0 [* m$ Vtcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 18814/slapd % E* p% x* P" G5 k
tcp6 0 0 :::389 :::* LISTEN 18814/slapd
6 I7 D9 [, W7 n& q! E+ d" s( JStep 8: To start the configuration of the LDAP server, add the follwing LDAP schemas:4 L& `' K2 z& {$ |
[root@HBC-CtrlCenter ~]# cd /etc/openldap/schema/
1 o. y% \2 z, S/ N" J# n# r, j# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif1 l ~8 r2 I) W Y; x2 U
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif" p6 y: i" ~+ e/ a8 c4 N
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f collective.ldif
. q! t9 }3 j/ r) @# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f corba.ldif
( s3 o- N& @4 }; Q& d# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f core.ldif
6 y2 v- h/ |0 q9 B/ _: f/ R# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f duaconf.ldif. o6 E0 J/ }) ~- a
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f dyngroup.ldif
0 g% q9 j: b4 V* h# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f inetorgperson.ldif" D4 `' m' ?; G. P4 l# D
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f java.ldif
7 Q" N3 Z: k3 G; X" C# p# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f misc.ldif. P1 t3 |2 g7 f: L+ [
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f openldap.ldif% U7 m# U1 J$ A: R0 H0 a+ l
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f pmi.ldif
6 C- ?8 `* d( d5 p- [: M# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f ppolicy.ldif1 a, C g5 ^% \' B$ s6 d, k
##################################################
# J* ^8 M: ? ?' J2 I( N# c! J # NOTE-: You can add schema files according to your need: #" @ I; n! m2 Y
##################################################+ \* m# s& [: I8 N
Step 9: Now use Migration Tools to create LDAP DIT: ' |! @! s) [- Z+ ^6 ]& I
[root@HBC-CtrlCenter ~]# cd /usr/share/migrationtools/
2 X0 ]: U/ u5 M6 I( I[root@HBC-CtrlCenter migrationtools]# vim migrate_common.ph
# d6 \8 t$ a3 G+ M) J+ oon the Line Number 61, change "ou=Groups"
1 L2 O. I+ Q. u1 F% t$NAMINGCONTEXT{'group'} = "ou=Groups";
9 O% p0 e/ \1 [4 c7 ~& j E/ Q+ H3 Ion the Line Number 71, change your domain name8 L1 l" s; ]; m4 d$ }( S
$DEFAULT_MAIL_DOMAIN = "yooma.com";
. c) E5 m& l$ [8 D% von the line number 74, change your base name
0 x9 |1 \" c8 R9 v8 P/ }! F! i) Q$DEFAULT_BASE = "dc=yooma,dc=com";& G1 s' A5 `: F7 q, @, n2 k" f
on the line number 90, change schema value }2 Q4 i( F; }4 X
$EXTENDED_SCHEMA = 1;
' ? `6 y. b6 w/ {$ z:wq!
" J1 ?) D( `6 C- k% g6 fStep 10: Generate a base.ldif file for your Domain DIT:
, A; A) v: l% j, o/ q' n[root@HBC-CtrlCenter migrationtools]# ./migrate_base.pl /root/base.ldif8 w! h! V; \3 @ _, C/ T7 _
Step 11: Load "base.ldif" into LDAP Database: 0 c1 a; \) _/ k+ [' t m
[root@HBC-CtrlCenter migrationtools]# ldapadd -x -W -D "cn=root,dc=yooma,dc=com" -f /root/base.ldif
7 X+ O; v- ?: y! oStep 12: Now Create some users and Groups and migrate it from local database to LDAP database:
1 _( b& v$ e' }. f #mkdir /home/guests; {5 p/ b% {' k M3 i# j4 ]
#useradd -d /home/guests/ldapuser1 ldapuser1
% n' y$ s/ k8 \5 d #useradd -d /home/guests/ldapuser2 ldapuser2
' @0 k/ `, C* U. t: ` #echo 'password' | passwd --stdin ldapuser1
" T& {; ?3 B! U3 N #echo 'password' | passwd --stdin ldapuser2! J" F `0 r/ F6 i) I
Step 13: Now filter out these Users and Groups and it password from /etc/shadow to different file: 5 e3 @5 I y4 v- e5 O
#getent passwd | tail -n 5 > /root/users6 y! ^2 n! p2 m( ^+ E
#getent shadow | tail -n 5 > /root/shadow
+ |% ~: B. G" m5 E# getent group | tail -n 5 > /root/groups
1 W3 a4 R* x cStep 14: Now you need to create ldif file for these users using migrationtools:
, ?4 b/ d& U8 h( o; ]5 d[root@HBC-CtrlCenter ~]# cd /usr/share/migrationtools
: q+ v4 t( ~8 z2 [/ y# ^- Z[root@HBC-CtrlCenter migrationtools]# vim migrate_passwd.pl
$ W3 m0 n# @6 j0 }' s! S9 x/ o#search /etc/shadow and replace it into /root/shadow on Line Number 188.
0 m9 r2 T" T: i8 l/ A, E# q:wq!* U4 G" i* I3 H. `$ U
[root@HBC-CtrlCenter migrationtools]# ./migrate_passwd.pl /root/users > users.ldif
% i) x7 J, I$ [; j7 F[root@HBC-CtrlCenter migrationtools]# ./migrate_group.pl /root/groups > groups.ldif7 [+ F( m+ _5 X# l' M2 C
Step 15: Upload these users and groups ldif file into LDAP Database: - H( k% Z9 R; ?
[root@HBC-CtrlCenter migrationtools]# ldapadd -x -W -D "cn=root,dc=yooma,dc=com" -f users.ldif5 U" G0 l9 S' N1 u
[root@HBC-CtrlCenter migrationtools]# ldapadd -x -W -D "cn=root,dc=yooma,dc=com" -f groups.ldif) \$ a1 @1 y* H
Step 16: Now search LDAP DIT for all records: ( e4 D: V6 q! F+ i+ b
[root@HBC-CtrlCenter migrationtools]# ldapsearch -x -b "dc=yooma,dc=com" -H ldap://127.0.0.1
' J) r6 U% Z& \* |4 {/ X7 D三、客户端安装配置调试
9 i+ [/ C' E/ Y* E. z6 T4 O. g2 x[root@HBC-C1-WB-5 ~]# yum install -y nss-pam*# J$ V- }0 _8 m) K2 M1 [! C
[root@HBC-C1-WB-5 ~]# authconfig-tui #chose the secend [ Use LDAP] and next
# u$ ~. E) { ^, j1 |# L) z' R3 f0 J3 n# ~ F7 |
% R; Z! i% k. D2 Z8 |% g
click OK.: c: K" G, \! N* I$ m5 F
[root@HBC-C1-WB-5 ~]# su ldapuser1- @; Z8 V1 T3 p7 `* _
bash-4.2$ #测试成功
! F6 b X! C0 r4 T |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2017-5-24 17:50:59
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜