An explanation of LDAP deployment under Linux

Source: Internet
Author: User
Tags ldap ldapsearch stdin administrator password import database openldap rsyslog

An explanation of LDAP deployment under Linux

1.LDAP Server Installation

[Email protected] ldap]# vim/etc/hosts #本地解析域名

1.1.1.13 willow.com

Installing LDAP-related software :OpenLDAP, openldap-servers, openldap-clients

[email protected] ~]# Yum install-y openldap*

[Email protected] ~]# cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf

Set the LDAP administrator password

[Email protected] ~]# slappasswd-s Willow

{Ssha} fd+4xgrsysza4jcgmjatrdzt74j2xy0s

[Email protected] openldap]# vim/etc/openldap/slapd.conf

ROOTPW {Ssha}e6mcxlhotf+exxnqzk4zqbznihhb83il

Modify the main configuration file as follows:

[Email protected] openldap]# vim/etc/openldap/slapd.conf

Database BdB

Suffix "dc=willow,dc=com"

RootDN "Cn=admin,dc=willow,dc=com"

Enable logging feature

[Email protected] openldap]# vim/etc/openldap/slapd.conf

LogLevel 296

CacheSize 1000

Checkpoint 2048 10

[Email protected] openldap]# vim/etc/openldap/slapd.conf

Access to *

by self Write

by Anonymous Auth

by * Read

Configuration log:

[Email protected] openldap]# vim/etc/rsyslog.conf

local4.*/var/log/ldap.log

[Email protected] openldap]# service Rsyslog restart

Configuration database:

[Email protected] openldap]# Cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config

[Email protected] ldap]# chown ldap.ldap/var/lib/ldap/db_config

[Email protected] ldap]# chmod 700/var/lib/ldap/db_config

[Email protected] ldap]# Slaptest-u

Config file testing succeeded

[Email protected] ldap]# service SLAPD restart

[[email protected] ldap]# lsof-i: 389

[Email protected] ldap]# netstat-tnlp| grep:389

[Email protected] ldap]# Ps-ef | grep LDAP | Grep-v grep

[Email protected] ldap]# chkconfig SLAPD on

[Email protected] ldap]# ldapsearch-lll-w-x-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-B "dc=willow,dc=com" "(uid=*)"

Enter LDAP Password:

Ldap_bind:invalid credentials (49)

[Email protected] ldap]#

[Email protected] ldap]# rm-rf/etc/openldap/slapd.d/*

[Email protected] ldap]# ls/etc/openldap/slapd.d/

[Email protected] ldap]# slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.d/

Bdb_monitor_db_open:monitoring Disabled; Configure monitor database to enable

Config file testing succeeded

[Email protected] ldap]# chown-r ldap.ldap/etc/openldap/slapd.d/

[Email protected] ldap]# service SLAPD restart

[Email protected] ldap]# ldapsearch-lll-w-x-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-B "dc=willow,dc=com" "(uid=*)"

Enter LDAP Password:

No such object (32)

[Email protected] ldap]# Useradd ldapuser1

[Email protected] ldap]# Useradd ldapuser2

[Email protected] ldap]# Useradd Ldapuser3

[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser1

[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser2

[Email protected] ldap]# echo Redhat | passwd--stdin Ldapuser3

Configuration database LDIF format file

[email protected] ldap]# Yum install-y migrationtools

[[email protected] ldap]# grep ldapuser/etc/passwd > User.txt

[[email protected] ldap]# grep ldapuser/etc/group > Group.txt

[Email protected] ldap]# vim/usr/share/migrationtools/migrate_common.ph

# Default DNS Domain

$DEFAULT _mail_domain = "willow.com";


# Default Base

$DEFAULT _base = "dc=willow,dc=com";

[Email protected] ldap]#/usr/share/migrationtools/migrate_base.pl > Base.ldif

[Email protected] ldap]# vim base.ldif #只保留以下内容

Dn:dc=willow,dc=com

Dc:willow

Objectclass:top

Objectclass:domain


Dn:ou=people,dc=willow,dc=com

Ou:people

Objectclass:top

Objectclass:organizationalunit


Dn:ou=group,dc=willow,dc=com

Ou:group

Objectclass:top

Objectclass:organizationalunit


[Email protected] ldap]#/usr/share/migrationtools/migrate_passwd.pl user.txt user.ldif

[Email protected] ldap]#/usr/share/migrationtools/migrate_group.pl group.txt group.ldif

Import Database LDIF format file

[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F base.ldif

Adding new entry "dc=willow,dc=com"


Adding new entry "ou=people,dc=willow,dc=com"


Adding new entry "ou=group,dc=willow,dc=com"

[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F user.ldif

Adding new entry "uid=ldapuser1,ou=people,dc=willow,dc=com"


Adding new entry "uid=ldapuser2,ou=people,dc=willow,dc=com"


Adding new entry "uid=ldapuser3,ou=people,dc=willow,dc=com"

[Email protected] ldap]# ldapadd-x-W willow-h ldap://willow.com-d "cn=admin,dc=willow,dc=com"-F group.ldif

Adding new entry "cn=ldapuser1,ou=group,dc=willow,dc=com"


Adding new entry "cn=ldapuser2,ou=group,dc=willow,dc=com"


Adding new entry "cn=ldapuser3,ou=group,dc=willow,dc=com"

2.LDAP Server Web

Manage Configuration Web Management interface: using software ldap-account-manager-3.7

[email protected] ldap]# yum install httpd php php-ldap PHP-GD

[Email protected] ldap]# cd/var/www/html/

[Email protected] html]# tar xvf/root/ldap-account-manager-3.7.tar.gz

[[Email protected] html]# MV ldap-account-manager-3.7 LDAP

[Email protected] html]# cd/var/www/html/ldap/config/

[email protected] config]# CP config.cfg_sample CONFIG.CFG

[email protected] config]# CP lam.conf_sample lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# sed-i ' [email protected][email protected][email protected] ' lam.conf

[Email protected] config]# chown-r APACHE.APACHE/VAR/WWW/HTML/LDAP

[Email protected] config]# service httpd restart

Log in Via client Http://1.1.1.13/ldap

In the upper-right corner, click Lam Configuration---Edit general Settings---Default password LAM

--Set access permissions to host and modify passwords

Return to the homepage, enter the password of the admin account Willow Log in the admin page,

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/87/09/wKiom1fSD5CBD-fcAAC1NY4Q6TU668.jpg "title=" 1.jpg " alt= "Wkiom1fsd5cbd-fcaac1ny4q6tu668.jpg"/>

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/87/07/wKioL1fSDybirg3QAADIA2iR-GU276.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiol1fsdybirg3qaadia2ir-gu276.jpg "/>

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/87/09/wKiom1fSDynA3tHvAAFG5-7F9xk072.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiom1fsdyna3thvaafg5-7f9xk072.jpg "/>

3.LDAP Server SASL Authentication

[email protected] config]# Yum install-y *sasl*

View the authentication mechanism or list

SASLAUTHD 2.1.23

[Email protected] config]# saslauthd-v

Authentication mechanisms:getpwen:qt kerberos5 Pam Rimap Shadow LDAP

Enable local Shadow Authentication

[Email protected] config]# VIM/ETC/SYSCONFIG/SASLAUTHD

Mech=shadow

[[Email protected] config]# service SASLAUTHD start

[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试成功

0:ok "Success."

[Email protected] config]# testsaslauthd-u ldaptest-p redhat #ldap帐号测试失败

0:no "Authentication failed

Enable local LDAP authentication

[Email protected] config]# VIM/ETC/SYSCONFIG/SASLAUTHD

Mech=ldap

[Email protected] config]# service SASLAUTHD restart

[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试失败

0:no "Authentication failed"

[Email protected] config]# testsaslauthd-u ldaptest-p redhat #ldap帐号测试失败

0:no "Authentication failed"

Configure the file authentication file to the LDAP server

[Email protected] config]# vim/etc/saslauthd.conf

ldap_servers:ldap://willow.com/

Ldap_bind_dn:cn=admin,dc=willow,dc=com

Ldap_bind_pw:willow

Ldap_search_base:ou=people,dc=willow,dc=com

Ldap_filter:uid=%u

Ldap_password_attr:userpassword

[Email protected] config]# testsaslauthd-u willow-p redhat #本地帐号测试失败

0:no "Authentication failed"

[Email protected] config]# testsaslauthd-u ldaptest-p 123456 #ldap帐号测试成功

0:ok "Success."


This article is from the "Xavier Willow" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1851021

Detailed LDAP deployment under Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.