Configuration of LDAP authentication server in Linux and client pam network verification instance 1] LDAP introduction LDAP (LightweightDirectoryAccessProtocol) represents Lightweight Directory Access Protocol LDAP is a kind of non-relational database LDAP... configuration of Linux LDAP authentication server and client pam network verification instance 1] LDAP introduction LDAP (Lightweight Directory Access Protocol) lightweight Directory Access Protocol LDAP is a non-relational database LDAP with good scalability and flexibility. easy installation and configuration [2] Several important concepts dn: a record location dc: region ou of a record: Organization of a record cn/uid: the name/ID of a record. [3] how to add LDAP data to store a large student file in LDAP. Step 1: Create a "dc = ourschool, dc = org "tree root" by editing "slapd. conf "to achieve 2] build 18 systems: dnu = computer, dc = ourschool, dc = org dnu = film, dc = ourschool, dc = org... 3] set up a major in each department, such as dnu = Linux, ou = computer, dc = ourschool, dc = org... 4] add student dn: cn = xiaoming, ou = linux, ou = computer, dc = ourschool, dc = org 5] student details dn: cn = xiaoming, ou = linux, ou = computer, dc = ourschool, dc = org objectClass: organizationalPerson cn: xiaoming cn: James sn: James description: a good boy (the above is a record of information, if you save it as an LDIF file, you can import it to the LDAP database) [4] build an LDAP authentication server 1] install the server software yum-y install openldap-servers 2] compile the server configuration file (acl works with ldap to implement access control) vim/etc/openldap/slapd. conf access to * by * read by * auth access to * by self write database bdb suffix "dc = example, dc = com" rootdn "cn = admin, dc = example, dc = com "rootpw 123456 # Mode 700 recommended. (default directory permission for storing LDAP data: 700) directory/var/lib/ldap 3] create an OU using scripts, and initialize LDAPS a] vim/usr/share/openldap/migration/migrate_common.ph 71: $ DEFAULT_MAIL_DOMAIN = "example.com"; 74: $ DEFAULT_BASE = "dc = example, dc = com "; B]/usr/share/openldap/migration/migrate_base.pl>/tmp/example. ldif c] delete example. additional options in ldif (empty rows cannot be omitted) cat/tmp/example. ldif dn: dc = example, dc = com dc: example objectClass: top objectClass: domain dn: ou = People, dc = example, dc = com ou: People objectClass: top objectClass: organizationalUnit dn: ou = Group, dc = example, dc = com ou: Group objectClass: top objectClass: organizationalUnit d] create and initialize slapadd-vl/tmp/example. ldif generation Information: bdb_db_open: Warning-No DB_CONFIG file found in directory/var/lib/ldap: (2) keep Ct poor performance for suffix dc = uplooking, dc = com. added: "dc = example, dc = com" (00000001) added: "ou = People, dc = example, dc = com" (00000002) added: "ou = Group, dc = example, dc = com "(00000003) e] solve the preceding warning: cp/etc/openldap/DB_CONFIG.example/var/lib/ldap/DB_CONFIG 4. start LDAP service a. chown-R ldap/var/lib/ldap without modification. permission failed to start B] service ldap start or/etc/init. d/ldap start c] netstat-tunlp | grep: 389 authentication service listening port 389] install the graphical management program phpldapadmin a] yum-y install httpd php-ldap B] service httpd restart c] tar zxvf phpldapadmin-1.2.0.4.tgz-C/var/www /html/d] cd/var/www/html/phpldapadmin-1.2.0.4 e] vim config/config. php. example config/config. php f firefox http://localhost/phpldapadmin-1.2.0.4.tgz G] enter the user name and password to log on to cn = admin, dc = example, dc = com 123456 6. the above is the general configuration of the LDAP server.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.