Linux Talk (11): The construction of Ldapserver

1.LDAP Brief Introduction

Today we will introduce the Ldapserver and the client's interview, but the basic problem is the former. First we need to know what LDAP is.

In the daily conversation. You might hear some people say, "Are we going to put those things in LDAP?", or "take those data out of the LDAP database!" or "How do we integrate LDAP and relational databases?"

"。 Strictly speaking, LDAP is not a database at all, but a protocol that is used to access information stored in the Information folder (that is, the LDAP folder). More exact and formal statements should be like this: "by using LDAP." Ability to read (or store) data at the correct location in the Information folder ".

The advantages of LDAP:

(1) Cross-platform and standard protocols
(2) Easy to install, easy to maintain and easier to maintain than relational database.

What LDAP is going to store and share is usually not always changed, for example, we are now going to store our employees ' user password on the ldapserver so that we can log in with the specified user, no matter what one of them is only accessible ldapserver. Instead of just logging in to a local user on each machine, as ever. is not more convenient. So now we're going to set up a ldapserver.

2. Build Ldapserver

(1) Preparatory work

We need two main units. Can be a real machine. The other is a virtual machine, just want them to be able to communicate on the same network segment.
The version number of the two hosts is redhat6.4 (the other version number may be configured in a different way)

(2) Start configuration

1. The first one is the server, we first install the Ldapserver:


2. Copy the template of the configuration file to the configuration folder:


3. Remove the utility configuration file lapd.conf


4. Change profile permissions and users:


5. Edit the configuration file and change several places:
(1) The few lines of TLS that are encrypted at the beginning of the line stare out;

(2) This part stares out:

(3) These do such as the following changes:

To be very careful: ROOTPW must be at the beginning of this line, otherwise it is not effective!

！

。

(4) Then restart the SLDAP service:


6. Although the service is already configured, we have not created a user to share, and the following we create 100 users with a script:


Run the user creation process. However, due to the script written by the shell, the running process will be slow, patience and so on. You can view the progress of the creation in the/etc/passwd file.

We are able to see that 100 new users have been created successfully:


However, there is a problem, these users of the writing format is not directly imported to Ldapserver, so we must adopt the format conversion tool to transform the format:
Migrationtools is a format conversion tool, let's install it first:


After the installation, we jump to its folder. There are very many scripts that can be run to constrain the format:


Change several items in the migrate_common.ph:


The main import model is then set up: Divided into two parts, producing base.ldif and altering base.ldif:

Because we just set up its users and groups. All just leave these two parts, all other deletions:

Transfer the BASE.LDIF to the/ldapuser folder:


These two operations are the most critical, and we want to intercept the information from the passwd and group for the shared users and groups:


The user and group information is then converted into a format that can be placed on the Ldapserver:
Convert users:

Conversion Group:


Import the basic template first, and then import the user and group information:





After completion, restart the SLAPD service and refresh the firewall.

So far. The LDAP server without the security key is configured, and we use the server side of the other machine to access it, and switch users:


Write IP to the service side:


All right!

。 The most exciting time has come. We switch users to Myldapuser1, this user is not on the client's machine. But now you can log in.


Indicates that user sharing on the server side is successful. Can be interviewed by other machines. And the biggest advantage is that we can only change the user and group information on the server to complete the impact on the other client.

Very useful and convenient. This is only a function of the LDAP service. Later encountered will be more in-depth understanding.

Note: This service is a configuration of the RHCA phase. Assume that the first time the feeling is more difficult, more than a few times, summed up into a document. The knowledge of LDAP will deepen.

Linux Talk (11): The construction of Ldapserver