CentOS6.4 install and configure LDAP, centos6.4ldap

CentOS6.4 install and configure LDAP, centos6.4ldap

1. Disable the firewall and selinux. Check Before installation.

Service iptables stop

Find/-name openldap *

LDAP is installed in centos6.4 by default, but ldap-server and ldap-client are not installed. Therefore, yum is installed in root mode.

Yum install-y openldap-servers openldap-clients

It is not recommended to compile the source code package. It is more difficult to have dependencies. Next, configure

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.confcp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIGmv /etc/openldap/slapd.d{,.bak}cd /etc/openldap/vim slapd.conf

Set administrator password

Slappasswd-s weyee # weyee is the password set by yourself. slappasswd-s weyee | sed-e "s # {SSHA} # rootpw \ t {SSHA} # g">/ etc/openldap/slapd. conf # modify weyee

Add permission

chown ldap.ldap /etc/openldap/*chown ldap.ldap /var/lib/ldap/*

Modify dc configurations

[Root @ dev openldap] # vim/etc/openldap/slapd. conf # The following parameters are about 114 rows of database bdb # Use the bdb database suffix "dc = dev, dc = com" # define dc and specify the search domain rootdn "cn = admin, dc = dev, dc = com "# define the Administrator's dn. With this dn, you can log on to openldap to optimize the ldap configuration parameter [root @ dev openldap] # vim/etc/openldap/slapd. confloglevel 296 # define the Log Level cachesize 1000 # Replace it with the number of entries checkpoint 2048 10 # indicates that the memory reaches K or 10 minutes, and the checkpoint is executed once, [root @ dev openldap] # vim/etc/openldap/slapd. conf # delete default Permission to delete all the following contents from database configaccess to * by dn. exact = "gidNumber = 0 + uidNumber = 0, cn = peercred, cn = external, cn = auth" manage by * none # enable server status monitoring (cn = monitor) database monitoraccess to * by dn. exact = "gidNumber = 0 + uidNumber = 0, cn = peercred, cn = external, cn = auth" read by dn. exact = "cn = Manager, dc = my-domain, dc = com" read by * none # Add new permissions (this is the 2.3 permission setting method) access to * by self write by anonymous auth * Read configuration syslog records ldap service logs [root @ dev openldap] # cp/etc/rsyslog. conf/etc/rsyslog. conf _ 'date + % Y % m % d '. bak # Add the following content to the configuration file [root @ dev openldap] # tail-1/etc/rsyslog. conflocal4. */var/log/ldap. log # restart the rsyslog service [root @ dev openldap] #/etc/init. d/rsyslog restartShutting down system logger: [OK] Starting system logger: [OK] configure the ldap database path # create a data file [root @ dev openldap] # cp/usr/share/openldap-servers/DB_CONFIG.exampl E/var/lib/ldap/DB_CONFIG [root @ dev openldap] # chown ldap. ldap/var/lib/ldap/DB_CONFIG [root @ dev openldap] # chmod 700/var/lib/ldap/[root @ dev openldap] # ll/var/lib/ldap/ total 4-rw-r -- r -- 1 ldap 845 Jul 13 DB_CONFIG [root @ dev openldap] # egrep-v "\#| ^ $"/var/lib/ldap/DB_CONFIG set_cachesize 0 268435456 1set_lg_regionmax 262144set_lg_bsize 2097152 [root @ dev openldap] # slaptest-u # Check whether the configuration file is correct Often config file testing succeeded start ldap service [root @ dev ~] #/Etc/init. d/slapd startStarting slapd: [OK] [root @ dev ~] # Ps aux | grep ldapldap 2012 0.3 1.9 490532 19656? Ssl/usr/sbin/slapd-h ldap: // ldapi: ///-u ldaproot 2018 0.0 0.0 103248 872 pts/0 S + grep ldap [root @ dev ~] # Netstat-tunlp | grep slapdtcp 0 0.0.0.0: 389 0.0.0.0: * LISTEN 2012/slapd tcp 0 0 ::: 389 ::* LISTEN 2012/slapd # normal port 389, encrypted 689 # added to auto-start on startup [root @ dev ~] # Chkconfig slapd on # view the log file [root @ dev ~] # Tail/var/log/ldap. log Jul 13 21:14:00 dev slapd [2011]: @ (#) $ OpenLDAP: slapd 2.4.39 (Oct 15 2014 09:51:43) $#012 # 011mockbuild@c6b8.bsys.dev.centos.org: /builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/build-servers/slapd

Restart CentOS and services

Query ldap content [root @ dev ~] # Ldapsearch-LLL-W-x-H ldap: // dev.com-D "cn = admin, dc = dev, dc = com"-B "dc = dev, dc = com "" (uid = *) "Enter LDAP Password: ldap_bind: Invalid credentials (49) # Here Error # solve the following problem: Delete the default 2.4 configuration file, regenerate the 2.3 configuration file [root @ dev ~] # Rm-rf/etc/openldap/slapd. d/* [root @ dev ~] # Slaptest-f/etc/openldap/slapd. conf-F/etc/openldap/slapd. d/55a3bf76 bdb_monitor_db_open: monitoring disabled; configure monitor database to enableconfig file testing succeeded [OK] [root @ dev ~] # Ll/etc/openldap/slapd. d/total 8drwxr-x --- 3 root 4096 Jul 13 cn = config-rw ------- 1 root 1302 Jul 13 cn = config. ldif # restart the service [root @ dev ~] #/Etc/init. d/slapd restartStopping slapd: [OK] Checking configuration files for slapd: [FAILED] 55a3bfd6 ldif_read_file: Permission denied for "/etc/openldap/slapd. d/cn = config. ldif "slaptest: bad configuration file! [Root @ dev ~] # Chown-R ldap. ldap/etc/openldap/slapd. d [root @ dev ~] #/Etc/init. d/slapd restartStopping slapd: [FAILED] Starting slapd: [OK] [root @ dev ~] # Netstat-tunlp | grep slapdtcp 0 0.0.0.0: 389 0.0.0.0: * LISTEN 5906/slapd tcp 0 0 ::: 389 ::: * LISTEN 5906/slapd # re-query ldap content [root @ dev ~] # Ldapsearch-LLL-W-x-H ldap: // dev.com-D "cn = admin, dc = dev, dc = com"-B "dc = dev, dc = com ""(

When the command is executed here

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Wait for resolution. Record it here first.

Record to this