1. Using OpenLDAP for centralized identity authentication, you can log on to the server in a centralized manner, so that the root password can be freed up, and the most important thing is to facilitate account management.
Server 172.1610.23
Client 172.1610.14
1. deployment on the server:
[[Email protected] # Yum install openldap-* # Install openldap-clients, openldap-devel, OpenLDAP, openldap-servers, openldap-servers-SQL [[email protected] # cd/etc/OpenLDAP/[[email protected] OpenLDAP] # cp/usr/share/openldap-servers/slapd. conf. obsolete slapd. conf [[email protected] OpenLDAP] # cp slapd. conf slapd. confbak [[email protected] OpenLDAP] # slappasswd # create an LDAP administrator password to obtain a string of ciphertext, which will be used [[email protected] OpenLDAP] # Vim slapd. conf # Add the administrator password obtained in the previous step as follows [[email protected] OpenLDAP] # Cat slapd. conf | grep ^ rootpwrootpw {ssha} igdbls50g/y893fhoajw5vmotywtp3fc
Modify the LDAP configuration file slapd. conf as follows:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/95/wKioL1Ph-t2wEXzgAAJ2gKpU5Jo752.jpg "Title =" 20140806174549.jpg" alt = "wKioL1Ph-t2wEXzgAAJ2gKpU5Jo752.jpg"/>
Copy the db_config File
[[Email protected] OpenLDAP] # cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config [[email protected] OpenLDAP] # rm-RF/etc /OpenLDAP/slapd. d/* # Delete the default/etc/OpenLDAP/slapd. d. [email protected] OpenLDAP] # chown-r LDAP: ldap/etc/OpenLDAP/[[email protected] OpenLDAP] # chown-r LDAP: ldap/var/lib/ldap
Restart slapd Service
[[Email protected] OpenLDAP] #/etc/init. d/slapd restartstopping slapd: [OK] Starting slapd: [OK] [[email protected] OpenLDAP] # slaptest-F/etc/OpenLDAP/slapd. conf-F/etc/OpenLDAP/slapd. d # test and generate the configuration file config file testing succeeded [[email protected] OpenLDAP] #
Create an account on the server and set the password to obtain the ldif file. After creating an account, you only need to modify the ldif file.
[[email protected] openldap]# yum install migrationtools -y[[email protected] openldap]# cd /usr/share/migrationtools/
Modify the migrate_common.ph File
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/98/wKioL1Ph_kLwMRDVAACoUtb6fIo240.jpg "Title =" 20140806180047.jpg" alt = "wkiol1ph_klwmrdvaacoutb6fio240.jpg"/>
Generate an ldif File
[[Email protected] migrationtools] #. /migrate_base.pl>/tmp/base. ldif [[email protected] migrationtools] #. /migrate_passwd.pl/etc/passwd>/tmp/passwd. ldif [[email protected] migrationtools] #. /migrate_group.pl/etc/group>/tmp/group. ldif # useless accounts can be deleted [[email protected] migrationtools] # ldapadd-X-w-d "cn = admin, Dc = v9wan, dc = com "-F/tmp/base. ldif [[email protected] migrationtools] # ldapadd-X-w-d "cn = admin, Dc = v9wan, Dc = com"-F/tmp/passwd. ldif [[email protected] migrationtools] # ldapadd-X-w-d "cn = admin, Dc = v9wan, Dc = com"-F/tmp/group. ldif [[email protected] migrationtools] #/etc/init. d/slapd restart
2. Select use LDAP for client configuration, as shown in figure
[[email protected] ~]# yum install fprintd-pam openldap-clients nss_ldap nss-pam-ldapd[[email protected] ~]# authconfig-tui
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/99/wKiom1Ph_xyhWKJtAACH0tdj0LE387.jpg "Title =" 20140806180928.jpg" alt = "wkiom1ph_xyhwkjtaach0tdj0le387.jpg"/>
Now you can log on with the newly created account.
This article from the "feet of traces" blog, please be sure to keep this source http://dingmh.blog.51cto.com/188555/1536537
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
