Configuration of Linux LDAP authentication server and client pam network verification instance

Configuration of LDAP authentication server in Linux and client pam network verification instance 1] LDAP introduction LDAP (LightweightDirectoryAccessProtocol) represents Lightweight Directory Access Protocol LDAP is a kind of non-relational database LDAP... configuration of Linux LDAP authentication server and client pam network verification instance 1] LDAP introduction LDAP (Lightweight Directory Access Protocol) lightweight Directory Access Protocol LDAP is a non-relational database LDAP with good scalability and flexibility. easy installation and configuration [2] Several important concepts dn: a record location dc: region ou of a record: Organization of a record cn/uid: the name/ID of a record. [3] how to add LDAP data to store a large student file in LDAP. Step 1: Create a "dc = ourschool, dc = org "tree root" by editing "slapd. conf "to achieve 2] build 18 systems: dnu = computer, dc = ourschool, dc = org dnu = film, dc = ourschool, dc = org... 3] set up a major in each department, such as dnu = Linux, ou = computer, dc = ourschool, dc = org... 4] add student dn: cn = xiaoming, ou = linux, ou = computer, dc = ourschool, dc = org 5] student details dn: cn = xiaoming, ou = linux, ou = computer, dc = ourschool, dc = org objectClass: organizationalPerson cn: xiaoming cn: James sn: James description: a good boy (the above is a record of information, if you save it as an LDIF file, you can import it to the LDAP database) [4] build an LDAP authentication server 1] install the server software yum-y install openldap-servers 2] compile the server configuration file (acl works with ldap to implement access control) vim/etc/openldap/slapd. conf access to * by * read by * auth access to * by self write database bdb suffix "dc = example, dc = com" rootdn "cn = admin, dc = example, dc = com "rootpw 123456 # Mode 700 recommended. (default directory permission for storing LDAP data: 700) directory/var/lib/ldap 3] create an OU using scripts, and initialize LDAPS a] vim/usr/share/openldap/migration/migrate_common.ph 71: $ DEFAULT_MAIL_DOMAIN = "example.com"; 74: $ DEFAULT_BASE = "dc = example, dc = com "; B]/usr/share/openldap/migration/migrate_base.pl>/tmp/example. ldif c] delete example. additional options in ldif (empty rows cannot be omitted) cat/tmp/example. ldif dn: dc = example, dc = com dc: example objectClass: top objectClass: domain dn: ou = People, dc = example, dc = com ou: People objectClass: top objectClass: organizationalUnit dn: ou = Group, dc = example, dc = com ou: Group objectClass: top objectClass: organizationalUnit d] create and initialize slapadd-vl/tmp/example. ldif generation Information: bdb_db_open: Warning-No DB_CONFIG file found in directory/var/lib/ldap: (2) keep Ct poor performance for suffix dc = uplooking, dc = com. added: "dc = example, dc = com" (00000001) added: "ou = People, dc = example, dc = com" (00000002) added: "ou = Group, dc = example, dc = com "(00000003) e] solve the preceding warning: cp/etc/openldap/DB_CONFIG.example/var/lib/ldap/DB_CONFIG 4. start LDAP service a. chown-R ldap/var/lib/ldap without modification. permission failed to start B] service ldap start or/etc/init. d/ldap start c] netstat-tunlp | grep: 389 authentication service listening port 389] install the graphical management program phpldapadmin a] yum-y install httpd php-ldap B] service httpd restart c] tar zxvf phpldapadmin-1.2.0.4.tgz-C/var/www /html/d] cd/var/www/html/phpldapadmin-1.2.0.4 e] vim config/config. php. example config/config. php f firefox http://localhost/phpldapadmin-1.2.0.4.tgz G] enter the user name and password to log on to cn = admin, dc = example, dc = com 123456 6. the above is the general configuration of the LDAP server.