Configuration of Linux LDAP authentication server and client pam network verification instance

Source: Internet
Author: User
Tags ldap lightweight directory access protocol ldap openldap
Configuration of LDAP authentication server in Linux and client pam network verification instance 1] LDAP introduction LDAP (LightweightDirectoryAccessProtocol) represents Lightweight Directory Access Protocol LDAP is a kind of non-relational database LDAP... configuration of Linux LDAP authentication server and client pam network verification instance 1] LDAP introduction LDAP (Lightweight Directory Access Protocol) lightweight Directory Access Protocol LDAP is a non-relational database LDAP with good scalability and flexibility. easy installation and configuration [2] Several important concepts dn: a record location dc: region ou of a record: Organization of a record cn/uid: the name/ID of a record. [3] how to add LDAP data to store a large student file in LDAP. Step 1: Create a "dc = ourschool, dc = org "tree root" by editing "slapd. conf "to achieve 2] build 18 systems: dnu = computer, dc = ourschool, dc = org dnu = film, dc = ourschool, dc = org... 3] set up a major in each department, such as dnu = Linux, ou = computer, dc = ourschool, dc = org... 4] add student dn: cn = xiaoming, ou = linux, ou = computer, dc = ourschool, dc = org 5] student details dn: cn = xiaoming, ou = linux, ou = computer, dc = ourschool, dc = org objectClass: organizationalPerson cn: xiaoming cn: James sn: James description: a good boy (the above is a record of information, if you save it as an LDIF file, you can import it to the LDAP database) [4] build an LDAP authentication server 1] install the server software yum-y install openldap-servers 2] compile the server configuration file (acl works with ldap to implement access control) vim/etc/openldap/slapd. conf access to * by * read by * auth access to * by self write database bdb suffix "dc = example, dc = com" rootdn "cn = admin, dc = example, dc = com "rootpw 123456 # Mode 700 recommended. (default directory permission for storing LDAP data: 700) directory/var/lib/ldap 3] create an OU using scripts, and initialize LDAPS a] vim/usr/share/openldap/migration/migrate_common.ph 71: $ DEFAULT_MAIL_DOMAIN = "example.com"; 74: $ DEFAULT_BASE = "dc = example, dc = com "; B]/usr/share/openldap/migration/migrate_base.pl>/tmp/example. ldif c] delete example. additional options in ldif (empty rows cannot be omitted) cat/tmp/example. ldif dn: dc = example, dc = com dc: example objectClass: top objectClass: domain dn: ou = People, dc = example, dc = com ou: People objectClass: top objectClass: organizationalUnit dn: ou = Group, dc = example, dc = com ou: Group objectClass: top objectClass: organizationalUnit d] create and initialize slapadd-vl/tmp/example. ldif generation Information: bdb_db_open: Warning-No DB_CONFIG file found in directory/var/lib/ldap: (2) keep Ct poor performance for suffix dc = uplooking, dc = com. added: "dc = example, dc = com" (00000001) added: "ou = People, dc = example, dc = com" (00000002) added: "ou = Group, dc = example, dc = com "(00000003) e] solve the preceding warning: cp/etc/openldap/DB_CONFIG.example/var/lib/ldap/DB_CONFIG 4. start LDAP service a. chown-R ldap/var/lib/ldap without modification. permission failed to start B] service ldap start or/etc/init. d/ldap start c] netstat-tunlp | grep: 389 authentication service listening port 389] install the graphical management program phpldapadmin a] yum-y install httpd php-ldap B] service httpd restart c] tar zxvf phpldapadmin-1.2.0.4.tgz-C/var/www /html/d] cd/var/www/html/phpldapadmin-1.2.0.4 e] vim config/config. php. example config/config. php f firefox http://localhost/phpldapadmin-1.2.0.4.tgz G] enter the user name and password to log on to cn = admin, dc = example, dc = com 123456 6. the above is the general configuration of the LDAP server.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.