- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2017-5-24 18:25:56
|
显示全部楼层
Step 2: Configure OpenLDAP Server:
! T& P. `7 m0 k% B: K[root@HBC-CtrlCenter ~]# vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
, V$ O# o, [/ r, `change two lines: #change dc=yooma8 V: L- K! V# J, Q: k8 U6 I
olcSuffix: dc=yooma,dc=com
% d3 `9 x: I6 k& y3 u1 }olcRootDN: cn=root,dc=yooma,dc=com8 i, s P" i' P1 ^5 I
add one line:6 R }: D$ a$ L( Q6 g
olcRootPW: 123456 #密码根据自己需要修改
) v; S, @& a% g) {:wq!
+ t/ s& d5 j8 q5 z1 r% Z XStep 3: Configure Monitoring Database Configuration file:
% K+ K7 k& G+ {3 {, y! j* a[root@HBC-CtrlCenter ~]# vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif+ k; R8 O5 H* M- @! i' @& W0 ?5 b
#修改dn.base=""中的cn、dc项与step2中的相同4 }# ^ s5 h$ y0 }3 |) L/ |0 g
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
# i* j6 q, m! Q* S. yal,cn=auth" read by dn.base="cn=root,dc=yooma,dc=com" read by * none
# V M2 W% x$ S1 s3 d" H1 m0 f9 N:wq!
; c$ ?8 [+ V: [& d8 N! J, i2 m. yStep 4: Prepare the LDAP database: m" Z' @& b* U; [; K
[root@HBC-CtrlCenter ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
/ e& K7 a' e+ D% o0 d7 P# J[root@HBC-CtrlCenter ~]# chown -R ldap.ldap /var/lib/ldap
1 P* L l6 P) ?: m% x* k4 [* K7 ^Step 5: Test the configuration:
8 }4 C/ e- n- F! u: W5 U& k . b c2 o) {2 y/ j4 w5 c
[root@HBC-CtrlCenter ~]# slaptest -u
( Z) [6 c$ P% m0 G56e7c83d ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
D4 ^* a) |5 N+ ?- D( V56e7c83d ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
t2 u% V) p( d7 p& E$ T! oconfig file testing succeeded #验证成功6 H: L* E! Z7 `) D
Step 6: Start and enable the slapd service at boot: / d, C/ K; t/ I. h& e+ K/ ~
[root@HBC-CtrlCenter ~]# systemctl start slapd# n: z/ q: t/ m& B
[root@HBC-CtrlCenter ~]# systemctl enable slapd; I b5 \+ R8 X3 u4 A6 S& M3 n% d
Step 7: Check the LDAP activity:% x ~: E. l% O( X: X7 @' ?, e
1 o7 _: Z. D3 r \; j j[root@HBC-CtrlCenter ~]# netstat -lt | grep ldap$ Z& y& E6 g% b
tcp 0 0 0.0.0.0:ldap 0.0.0.0:* LISTEN 3 ^ U& c+ D5 {" y0 o
tcp6 0 0 [::]:ldap [::]:* LISTEN
1 e1 [1 F7 G. L# M% B8 }[root@HBC-CtrlCenter ~]# netstat -tunlp | egrep "389|636"
, w& s0 s' K- [; Z7 ptcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 18814/slapd
; Z/ a9 U2 J7 \3 ^tcp6 0 0 :::389 :::* LISTEN 18814/slapd
/ s2 p7 X0 e( I1 Q$ [/ vStep 8: To start the configuration of the LDAP server, add the follwing LDAP schemas:. j4 |! b0 ]& i/ ?- `# f; U! U
[root@HBC-CtrlCenter ~]# cd /etc/openldap/schema/
: h+ k/ t0 a7 ^6 N( z# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif+ e9 _1 G1 P- a0 d; E
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
! r i1 G5 k$ R& D- I h# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f collective.ldif
# z* C$ a0 c" q% Q# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f corba.ldif h( O1 Y: J6 j' \6 s! a/ S
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f core.ldif
+ F& x0 p4 Y, X5 J; d! e# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f duaconf.ldif$ U6 U G$ w1 n+ C. | s# T
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f dyngroup.ldif; C7 v7 g7 j$ p. v$ [, N
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f inetorgperson.ldif8 m P& t8 j$ ^6 Z- \" Z' h$ w. R
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f java.ldif. p7 [ c8 x* A3 n' D8 ~( P5 {
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f misc.ldif8 H7 x$ }8 d: G! O s2 N
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f openldap.ldif
+ h m) d" m" X# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f pmi.ldif. A N/ D8 E! [8 u$ w3 B: m' r
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f ppolicy.ldif5 z. J. {- `& k) _: i% ~$ `
##################################################$ P0 J1 K% f* Y8 H, I
# NOTE-: You can add schema files according to your need: #
# n9 ^7 C& x% M! M1 d: P ##################################################
- P: g" n. b3 \& Q6 G% W% AStep 9: Now use Migration Tools to create LDAP DIT: 9 M. l" @% O( S7 e6 s/ L9 V
[root@HBC-CtrlCenter ~]# cd /usr/share/migrationtools/' x/ t) P/ T7 k+ a5 M3 ^! ~; r8 |
[root@HBC-CtrlCenter migrationtools]# vim migrate_common.ph , x+ p+ f3 g$ }" \3 k1 O
on the Line Number 61, change "ou=Groups"1 {3 g1 | v5 L5 c }
$NAMINGCONTEXT{'group'} = "ou=Groups";$ W" L0 a' A3 S
on the Line Number 71, change your domain name
( [6 P f! O1 z5 [- Y' w. |7 N- P$DEFAULT_MAIL_DOMAIN = "yooma.com";
& V) G( @* @/ v3 S8 oon the line number 74, change your base name
; `" a* A) g) I+ L$DEFAULT_BASE = "dc=yooma,dc=com";
O* o% A3 }7 n; V2 don the line number 90, change schema value6 X6 y/ s/ b# ~ s0 S6 C, S0 m( h6 ^2 q
$EXTENDED_SCHEMA = 1;
1 D, Y: Q4 v1 s6 k: E- G4 b:wq!' O2 a+ |' I; R4 Y, Q* d( c% X2 u! S
Step 10: Generate a base.ldif file for your Domain DIT: . h2 Y q! b! K3 B7 _
[root@HBC-CtrlCenter migrationtools]# ./migrate_base.pl /root/base.ldif0 M4 b" K" e# z% y" E* `' D% V# [
Step 11: Load "base.ldif" into LDAP Database: ' w5 D. a# q# m& d; E8 M
[root@HBC-CtrlCenter migrationtools]# ldapadd -x -W -D "cn=root,dc=yooma,dc=com" -f /root/base.ldif7 g: U! x+ @' Y4 f0 K
Step 12: Now Create some users and Groups and migrate it from local database to LDAP database: + `- {0 L! r9 j) |4 m$ O1 e; a5 D
#mkdir /home/guests
& L3 ^) ?5 t6 ~! D/ T #useradd -d /home/guests/ldapuser1 ldapuser1
! V( Y1 [7 r, [0 I #useradd -d /home/guests/ldapuser2 ldapuser2
5 K) t$ r# C( J #echo 'password' | passwd --stdin ldapuser14 E3 K5 f" r+ g% K; w& F
#echo 'password' | passwd --stdin ldapuser2! Q2 {2 a) _: t1 {6 M# t+ n7 K1 B
Step 13: Now filter out these Users and Groups and it password from /etc/shadow to different file: 9 o0 Z% D' ]& a4 Q ]# d7 y
#getent passwd | tail -n 5 > /root/users
' u* h4 o& q9 h2 Q' z#getent shadow | tail -n 5 > /root/shadow4 h; a/ w* X% m& v$ q' S" _
# getent group | tail -n 5 > /root/groups/ u! V& f( ^2 x3 m- h
Step 14: Now you need to create ldif file for these users using migrationtools:
6 W3 e4 F d% }% l) W, a7 |[root@HBC-CtrlCenter ~]# cd /usr/share/migrationtools1 t8 f( {: E2 W; k' ^! e8 J2 i
[root@HBC-CtrlCenter migrationtools]# vim migrate_passwd.pl, B, [' r1 R, F6 m) F
#search /etc/shadow and replace it into /root/shadow on Line Number 188.5 W. r) ~$ K1 @5 D r$ L6 @+ k
:wq!
0 E/ G Y. G) y[root@HBC-CtrlCenter migrationtools]# ./migrate_passwd.pl /root/users > users.ldif8 k( `- F2 o9 U1 v
[root@HBC-CtrlCenter migrationtools]# ./migrate_group.pl /root/groups > groups.ldif+ u9 T: N! X% x. j( D+ O
Step 15: Upload these users and groups ldif file into LDAP Database:
( B0 r% a r& U- j. l5 z[root@HBC-CtrlCenter migrationtools]# ldapadd -x -W -D "cn=root,dc=yooma,dc=com" -f users.ldif
; h/ y( b0 U, P4 D [root@HBC-CtrlCenter migrationtools]# ldapadd -x -W -D "cn=root,dc=yooma,dc=com" -f groups.ldif
- Q$ x0 O( B& {Step 16: Now search LDAP DIT for all records:
/ s# v, P6 D6 R( u" }1 ^[root@HBC-CtrlCenter migrationtools]# ldapsearch -x -b "dc=yooma,dc=com" -H ldap://127.0.0.1
0 U9 _3 ^8 a3 e& k5 X: X3 B# @三、客户端安装配置调试( [7 o( X. q# w
[root@HBC-C1-WB-5 ~]# yum install -y nss-pam*3 }- Y4 E1 C# l
[root@HBC-C1-WB-5 ~]# authconfig-tui #chose the secend [ Use LDAP] and next! [9 n/ C1 n. B' f1 [
& J8 m7 z1 U" `/ t9 |" F8 E9 s" o/ E7 H. Q8 J6 {* _4 G
click OK.
7 S2 F, ]8 h4 m" }3 w! T# l+ h[root@HBC-C1-WB-5 ~]# su ldapuser1
6 e6 j+ w' Z" e7 M/ `1 |8 Ubash-4.2$ #测试成功
0 S9 A, Q; |' t% W |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2017-5-24 17:50:59
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜