An explanation of LDAP deployment under Linux
1.LDAP Server Installation
[Email protected] ldap]# vim/etc/hosts #本地解析域名
1.1.1.13 willow.com
Installing LDAP-related software :OpenLDAP, openldap-servers, openldap-clients
[email protected] ~]# Yum install-y openldap*
[Email protected] ~]# cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf
Set the LDAP administrator password
[Email protected] ~]# slappasswd-s Willow
{Ssha} fd+4xgrsysza4jcgmjatrdzt74j2xy0s
[Email protected] openldap]# vim/etc/openldap/slapd.conf
ROOTPW {Ssha}e6mcxlhotf+exxnqzk4zqbznihhb83il
Modify the main configuration file as follows:
[Email protected] openldap]# vim/etc/openldap/slapd.conf
Database BdB
Suffix "dc=willow,dc=com"
RootDN "Cn=admin,dc=willow,dc=com"
Enable logging feature
[Email protected] openldap]# vim/etc/openldap/slapd.conf
LogLevel 296
CacheSize 1000
Checkpoint 2048 10
[Email protected] openldap]# vim/etc/openldap/slapd.conf
Access to *
by self Write
by Anonymous Auth
by * Read
Configuration log:
[Email protected] openldap]# vim/etc/rsyslog.conf
local4.*/var/log/ldap.log
[Email protected] openldap]# service Rsyslog restart
Configuration database:
[Email protected] openldap]# Cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config
[Email protected] ldap]# chown ldap.ldap/var/lib/ldap/db_config
[Email protected] ldap]# chmod 700/var/lib/ldap/db_config
[Email protected] ldap]# Slaptest-u
Config file testing succeeded
[Email protected] ldap]# service SLAPD restart
[[email protected] ldap]# lsof-i: 389
[Email protected] ldap]# netstat-tnlp| grep:389
[Email protected] ldap]# Ps-ef | grep LDAP | Grep-v grep
[Email protected] ldap]# chkconfig SLAPD on
[Email protected] ldap]# ldapsearch-lll-w-x-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-B "dc=willow,dc=com" "(uid=*)"
Enter LDAP Password:
Ldap_bind:invalid credentials (49)
[Email protected] ldap]#
[Email protected] ldap]# rm-rf/etc/openldap/slapd.d/*
[Email protected] ldap]# ls/etc/openldap/slapd.d/
[Email protected] ldap]# slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.d/
Bdb_monitor_db_open:monitoring Disabled; Configure monitor database to enable
Config file testing succeeded
[Email protected] ldap]# chown-r ldap.ldap/etc/openldap/slapd.d/
[Email protected] ldap]# service SLAPD restart
[Email protected] ldap]# ldapsearch-lll-w-x-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-B "dc=willow,dc=com" "(uid=*)"
Enter LDAP Password:
No such object (32)
[Email protected] ldap]# Useradd ldapuser1
[Email protected] ldap]# Useradd ldapuser2
[Email protected] ldap]# Useradd Ldapuser3
[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser1
[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser2
[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser3
Configuration database LDIF format file
[email protected] ldap]# Yum install-y migrationtools
[[email protected] ldap]# grep ldapuser/etc/passwd > User.txt
[[email protected] ldap]# grep ldapuser/etc/group > Group.txt
[Email protected] ldap]# vim/usr/share/migrationtools/migrate_common.ph
# Default DNS Domain
$DEFAULT _mail_domain = "willow.com";
# Default Base
$DEFAULT _base = "dc=willow,dc=com";
[Email protected] ldap]#/usr/share/migrationtools/migrate_base.pl > Base.ldif
[Email protected] ldap]# vim base.ldif #只保留以下内容
Dn:dc=willow,dc=com
Dc:willow
Objectclass:top
Objectclass:domain
Dn:ou=people,dc=willow,dc=com
Ou:people
Objectclass:top
Objectclass:organizationalunit
Dn:ou=group,dc=willow,dc=com
Ou:group
Objectclass:top
Objectclass:organizationalunit
[Email protected] ldap]#/usr/share/migrationtools/migrate_passwd.pl user.txt user.ldif
[Email protected] ldap]#/usr/share/migrationtools/migrate_group.pl group.txt group.ldif
Import Database LDIF format file
[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F base.ldif
Adding new entry "dc=willow,dc=com"
Adding new entry "ou=people,dc=willow,dc=com"
Adding new entry "ou=group,dc=willow,dc=com"
[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F user.ldif
Adding new entry "uid=ldapuser1,ou=people,dc=willow,dc=com"
Adding new entry "uid=ldapuser2,ou=people,dc=willow,dc=com"
Adding new entry "uid=ldapuser3,ou=people,dc=willow,dc=com"
[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F group.ldif
Adding new entry "cn=ldapuser1,ou=group,dc=willow,dc=com"
Adding new entry "cn=ldapuser2,ou=group,dc=willow,dc=com"
Adding new entry "cn=ldapuser3,ou=group,dc=willow,dc=com"
2.LDAP Server Web
Manage Configuration Web Management interface: using software ldap-account-manager-3.7
[email protected] ldap]# yum install httpd php php-ldap PHP-GD
[Email protected] ldap]# cd/var/www/html/
[Email protected] html]# tar xvf/root/ldap-account-manager-3.7.tar.gz
[[Email protected] html]# MV ldap-account-manager-3.7 LDAP
[Email protected] html]# cd/var/www/html/ldap/config/
[email protected] config]# CP config.cfg_sample CONFIG.CFG
[email protected] config]# CP lam.conf_sample lam.conf
[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf
[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf
[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf
[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf
[Email protected] config]# chown-r APACHE.APACHE/VAR/WWW/HTML/LDAP
[Email protected] config]# service httpd restart
Log in Via client Http://1.1.1.13/ldap
In the upper-right corner, click Lam Configuration---Edit general Settings---Default password LAM
--Set access permissions to host and modify passwords
Return to the homepage, enter the password of the admin account Willow Log in the admin page,
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/87/09/wKiom1fSD5CBD-fcAAC1NY4Q6TU668.jpg "title=" 1.jpg " alt= "Wkiom1fsd5cbd-fcaac1ny4q6tu668.jpg"/>
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/87/07/wKioL1fSDybirg3QAADIA2iR-GU276.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiol1fsdybirg3qaadia2ir-gu276.jpg "/>
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/87/09/wKiom1fSDynA3tHvAAFG5-7F9xk072.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiom1fsdyna3thvaafg5-7f9xk072.jpg "/>
3.LDAP Server SASL Authentication
[email protected] config]# Yum install-y *sasl*
View the authentication mechanism or list
SASLAUTHD 2.1.23
[Email protected] config]# saslauthd-v
Authentication mechanisms:getpwen:qt kerberos5 Pam Rimap Shadow LDAP
Enable local Shadow Authentication
[Email protected] config]# VIM/ETC/SYSCONFIG/SASLAUTHD
Mech=shadow
[[Email protected] config]# service SASLAUTHD start
[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试成功
0:ok "Success."
[Email protected] config]# testsaslauthd-u ldaptest-p redhat #ldap帐号测试失败
0:no "Authentication failed
Enable local LDAP authentication
[Email protected] config]# VIM/ETC/SYSCONFIG/SASLAUTHD
Mech=ldap
[Email protected] config]# service SASLAUTHD restart
[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试失败
0:no "Authentication failed"
[Email protected] config]# testsaslauthd-u ldaptest-p redhat #ldap帐号测试失败
0:no "Authentication failed"
Configure the file authentication file to the LDAP server
[Email protected] config]# vim/etc/saslauthd.conf
ldap_servers:ldap://willow.com/
Ldap_bind_dn:cn=admin,dc=willow,dc=com
Ldap_bind_pw:willow
Ldap_search_base:ou=people,dc=willow,dc=com
Ldap_filter:uid=%u
Ldap_password_attr:userpassword
[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试失败
0:no "Authentication failed"
[Email protected] config]# testsaslauthd-u ldaptest-p 123456 #ldap帐号测试成功
0:ok "Success."
This article is from the "Xavier Willow" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1851021
Detailed LDAP deployment under Linux