An explanation of LDAP deployment under Linux

An explanation of LDAP deployment under Linux

1.LDAP Server Installation

[Email protected] ldap]# vim/etc/hosts #本地解析域名

1.1.1.13 willow.com

Installing LDAP-related software :OpenLDAP, openldap-servers, openldap-clients

[email protected] ~]# Yum install-y openldap*

[Email protected] ~]# cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf

Set the LDAP administrator password

[Email protected] ~]# slappasswd-s Willow

{Ssha} fd+4xgrsysza4jcgmjatrdzt74j2xy0s

[Email protected] openldap]# vim/etc/openldap/slapd.conf

ROOTPW {Ssha}e6mcxlhotf+exxnqzk4zqbznihhb83il

Modify the main configuration file as follows:

[Email protected] openldap]# vim/etc/openldap/slapd.conf

Database BdB

Suffix "dc=willow,dc=com"

RootDN "Cn=admin,dc=willow,dc=com"

Enable logging feature

[Email protected] openldap]# vim/etc/openldap/slapd.conf

LogLevel 296

CacheSize 1000

Checkpoint 2048 10

[Email protected] openldap]# vim/etc/openldap/slapd.conf

Access to *

by self Write

by Anonymous Auth

by * Read

Configuration log:

[Email protected] openldap]# vim/etc/rsyslog.conf

local4.*/var/log/ldap.log

[Email protected] openldap]# service Rsyslog restart

Configuration database:

[Email protected] openldap]# Cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config

[Email protected] ldap]# chown ldap.ldap/var/lib/ldap/db_config

[Email protected] ldap]# chmod 700/var/lib/ldap/db_config

[Email protected] ldap]# Slaptest-u

Config file testing succeeded

[Email protected] ldap]# service SLAPD restart

[[email protected] ldap]# lsof-i: 389

[Email protected] ldap]# netstat-tnlp| grep:389

[Email protected] ldap]# Ps-ef | grep LDAP | Grep-v grep

[Email protected] ldap]# chkconfig SLAPD on

[Email protected] ldap]# ldapsearch-lll-w-x-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-B "dc=willow,dc=com" "(uid=*)"

Enter LDAP Password:

Ldap_bind:invalid credentials (49)

[Email protected] ldap]#

[Email protected] ldap]# rm-rf/etc/openldap/slapd.d/*

[Email protected] ldap]# ls/etc/openldap/slapd.d/

[Email protected] ldap]# slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.d/

Bdb_monitor_db_open:monitoring Disabled; Configure monitor database to enable

Config file testing succeeded

[Email protected] ldap]# chown-r ldap.ldap/etc/openldap/slapd.d/

[Email protected] ldap]# service SLAPD restart

[Email protected] ldap]# ldapsearch-lll-w-x-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-B "dc=willow,dc=com" "(uid=*)"

Enter LDAP Password:

No such object (32)

[Email protected] ldap]# Useradd ldapuser1

[Email protected] ldap]# Useradd ldapuser2

[Email protected] ldap]# Useradd Ldapuser3

[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser1

[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser2

[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser3

Configuration database LDIF format file

[email protected] ldap]# Yum install-y migrationtools

[[email protected] ldap]# grep ldapuser/etc/passwd > User.txt

[[email protected] ldap]# grep ldapuser/etc/group > Group.txt

[Email protected] ldap]# vim/usr/share/migrationtools/migrate_common.ph

# Default DNS Domain

$DEFAULT _mail_domain = "willow.com";

# Default Base

$DEFAULT _base = "dc=willow,dc=com";

[Email protected] ldap]#/usr/share/migrationtools/migrate_base.pl > Base.ldif

[Email protected] ldap]# vim base.ldif #只保留以下内容

Dn:dc=willow,dc=com

Dc:willow

Objectclass:top

Objectclass:domain

Dn:ou=people,dc=willow,dc=com

Ou:people

Objectclass:top

Objectclass:organizationalunit

Dn:ou=group,dc=willow,dc=com

Ou:group

Objectclass:top

Objectclass:organizationalunit

[Email protected] ldap]#/usr/share/migrationtools/migrate_passwd.pl user.txt user.ldif

[Email protected] ldap]#/usr/share/migrationtools/migrate_group.pl group.txt group.ldif

Import Database LDIF format file

[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F base.ldif

Adding new entry "dc=willow,dc=com"

Adding new entry "ou=people,dc=willow,dc=com"

Adding new entry "ou=group,dc=willow,dc=com"

[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F user.ldif

Adding new entry "uid=ldapuser1,ou=people,dc=willow,dc=com"

Adding new entry "uid=ldapuser2,ou=people,dc=willow,dc=com"

Adding new entry "uid=ldapuser3,ou=people,dc=willow,dc=com"

[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F group.ldif

Adding new entry "cn=ldapuser1,ou=group,dc=willow,dc=com"

Adding new entry "cn=ldapuser2,ou=group,dc=willow,dc=com"

Adding new entry "cn=ldapuser3,ou=group,dc=willow,dc=com"

2.LDAP Server Web

Manage Configuration Web Management interface: using software ldap-account-manager-3.7

[email protected] ldap]# yum install httpd php php-ldap PHP-GD

[Email protected] ldap]# cd/var/www/html/

[Email protected] html]# tar xvf/root/ldap-account-manager-3.7.tar.gz

[[Email protected] html]# MV ldap-account-manager-3.7 LDAP

[Email protected] html]# cd/var/www/html/ldap/config/

[email protected] config]# CP config.cfg_sample CONFIG.CFG

[email protected] config]# CP lam.conf_sample lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# chown-r APACHE.APACHE/VAR/WWW/HTML/LDAP

[Email protected] config]# service httpd restart

Log in Via client Http://1.1.1.13/ldap

In the upper-right corner, click Lam Configuration---Edit general Settings---Default password LAM

--Set access permissions to host and modify passwords

Return to the homepage, enter the password of the admin account Willow Log in the admin page,

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/87/09/wKiom1fSD5CBD-fcAAC1NY4Q6TU668.jpg "title=" 1.jpg " alt= "Wkiom1fsd5cbd-fcaac1ny4q6tu668.jpg"/>

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/87/07/wKioL1fSDybirg3QAADIA2iR-GU276.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiol1fsdybirg3qaadia2ir-gu276.jpg "/>

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/87/09/wKiom1fSDynA3tHvAAFG5-7F9xk072.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiom1fsdyna3thvaafg5-7f9xk072.jpg "/>

3.LDAP Server SASL Authentication

[email protected] config]# Yum install-y *sasl*

View the authentication mechanism or list

SASLAUTHD 2.1.23

[Email protected] config]# saslauthd-v

Authentication mechanisms:getpwen:qt kerberos5 Pam Rimap Shadow LDAP

Enable local Shadow Authentication

[Email protected] config]# VIM/ETC/SYSCONFIG/SASLAUTHD

Mech=shadow

[[Email protected] config]# service SASLAUTHD start

[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试成功

0:ok "Success."

[Email protected] config]# testsaslauthd-u ldaptest-p redhat #ldap帐号测试失败

0:no "Authentication failed

Enable local LDAP authentication

[Email protected] config]# VIM/ETC/SYSCONFIG/SASLAUTHD

Mech=ldap

[Email protected] config]# service SASLAUTHD restart

[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试失败

0:no "Authentication failed"

[Email protected] config]# testsaslauthd-u ldaptest-p redhat #ldap帐号测试失败

0:no "Authentication failed"

Configure the file authentication file to the LDAP server

[Email protected] config]# vim/etc/saslauthd.conf

ldap_servers:ldap://willow.com/

Ldap_bind_dn:cn=admin,dc=willow,dc=com

Ldap_bind_pw:willow

Ldap_search_base:ou=people,dc=willow,dc=com

Ldap_filter:uid=%u

Ldap_password_attr:userpassword

[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试失败

0:no "Authentication failed"

[Email protected] config]# testsaslauthd-u ldaptest-p 123456 #ldap帐号测试成功

0:ok "Success."

This article is from the "Xavier Willow" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1851021

Detailed LDAP deployment under Linux