Configure OPENLDAP service records under Linux __linux

Absrtact: Recent departments need to integrate all the systems, so the leadership said that through the OPENLDAP database to achieve the unified management of all systems, so the need to configure the server on the LDAP service, we choose here is the openldap service, I searched the internet a lot, the beginning has not been configured successfully, Finally, after several attempts to successfully configure the success, now make a record, convenient to see again later.

Server environment: CentOS6.4

Pre-Configuration preparation:

Turn off Iptables and SELinux first to avoid errors during configuration.

# service Iptables Stop
# setenforce 0
# Vi/etc/sysconfig/selinux

Modify Selinux=disabled, as shown below:

One: OpenLDAP service-side configuration:

(1). Install the OpenLDAP service, the Yum installation that I use here, the packages that need to be installed are as follows:

openldap-devel-2.4.23-26.el6.x86_64
openldap-clients-2.4.23-26.el6.x86_64
openldap-2.4.23-26.el6.x86_
openldap-servers-2.4.23-26.el6.x86_64

(2). Yun installation of OpenLDAP service commands are as follows: (This must be your Linux machine can be networked, otherwise it cannot be installed successfully.) )

# yum Install openldap-*-y

(3). After the installation of the OpenLDAP service completes, copy the LDAP profile to the LDAP directory:

# cd/etc/openldap/
# cp/usr/share/openldap-servers/slapd.conf.obsolete slapd.conf

(4). The CentOS6.4 version configuration file has a backup in the home directory:

# cd/etc/openldap/
# CP Slapd.conf.bak slapd.conf

(5). Create LDAP Administrator password:

# SLAPPASSWD

Here I entered the password is redhat, enter the password, return a string of ciphertext, first saved to the Clipboard

{Ssha} Ak5d0xqldrjupt3b4c1tqbnzwrtzyllt

(6). Compiling the configuration file:

# vi/etc/openldap/slapd.conf

Find 115 lines, default as shown:

The following red box for the password you just generated (after the encryption).

The Permissions section of the last few lines of the configuration file we also need to make the corresponding changes:

Save and exit.

(7). Copy db_config file to the specified directory:

# Cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config

(8). Delete all the contents below the default/ETC/OPENLDAP/SLAPD.D, otherwise you will be able to make an error when using Ldapadd:

# rm-rf/etc/openldap/slapd.d/*

(9). Start the LDAP SLAPD service and set the self-boot:

# service SLAPD Restart
# chkconfig SLAPD on

(10). Give the configuration directory the appropriate permissions:

# chown-r Ldap:ldap/var/lib/ldap
# chown-r ldap:ldap/etc/openldap/

(11). Test and generate the configuration file:

Slaptest  -f/etc/openldap/slapd.conf-f/etc/openldap/slapd.d.*

Returns config file testing succeeded, the configuration is successful.
(12). Give the generated configuration file permission and restart:

# chown-r ldap:ldap/etc/openldap/slapd.d.*
service SLAPD restart

(13). Create an account for client test login:

# useradd Ldapuser1
# passwd Ldapuser1

At this point, these users are just users on the system (stored on/etc/passwd and/etc/shadow) and are not in the LDAP database, so import these users into LDAP. However, LDAP can only recognize files in a particular format, that is, a file with an LDIF suffix (also a text file), so you cannot use/etc/passwd and/etc/shadow directly. This tool needs to be migrationtools to convert these two files into LDAP-identifiable files.

(14). Installation Configuration Migrationtools:

# yum Install Migrationtools-y

Enter Migrationtool configuration directory:

# cd/usr/share/migrationtools/

First edit migrate_common.ph:

# VI  migrate_common.ph

Find the following (approximately 70 lines):

When you have finished modifying, save and exit.

The following uses PL script to generate LDAP readable file formats for/etc/passwd and/etc/shadow, saved under/tmp/:

#./migrate_base.pl >/tmp/base.ldif
#/migrate_passwd.pl  /etc/passwd >/tmp/passwd.ldif
# migrate_group.pl  /etc/group >/tmp/group.ldif

The following three files are imported into LDAP so that the LDAP database has the users we want:

# ldapadd-x-D "cn=admin,dc=example,dc=com"-w-f/tmp/base.ldif
# ldapadd-x-D "cn=admin,dc=example,dc=com"-w-f/ Tmp/passwd.ldif
# ldapadd-x-D "cn=admin,dc=example,dc=com"-w-f/tmp/group.ldif

You are prompted to enter the LDAP password when importing here: I'm redhat.

If the process does not complain, the LDAP server is configured and restarted SLAPD complete configuration:

# Service SLAPD Restart

(15). Now install NFS, and Ldapuser1 home directory for NFS sharing:

# yum Install nfs*-y

(16). Configure NFS Sharing:

# Vi/etc/exports

Save and exit.

(17). Restart NFS Services:

# service Rpcbind Restart
# service NFS Restart

Second: OpenLDAP Client configuration:

Open the Client graphical interface command line, enter System-config-authentication, as shown in the diagram configuration:

Configure end point Apply Save exit, the system will automatically restart the SSSD service.

Configure AutoFS to enable access to the local home directory/home/ldapuser1, which is mounted under the network LDAP server 192.168.186.139:/home/ldapuser1, after ldapuser1 login success:

# Vi/etc/auto.master

Add a line:

--------------
/home   /etc/auto.misc
--------------

# Vi/etc/auto.master

Add a line:

--------------
*               -fstype=nfs                     192.168.186.139:/home/&
--------------

Restart the AutoFS service:

# Service AutoFS Reload

Login Ldapuser1 Account:

If the system does not return a Ldapuser1 home directory error message, the LDAP client configuration succeeds.

Note: If you are still unable to login here, please enter setup mode to configure LDAP login

# ID Ldapuser1

# Su-ldapuser1

# pwd
/home/ldapuser1

At this point, the OPENLDAP server and client configuration is complete, followed by a client-side connection to the OPENLDAP database.

Note: The LDAP Service requires the server and the client's time to maintain roughly the same, otherwise the log on the Ldapuser1 account may be an error, where the NTP service build omitted, you can manually modify the time of two servers to be consistent.

Three: Connect the OPENLDAP database through the Softerra LDAP Administrator 2015.1 Administration Tool:

(1). First download and your native version of the client software, I download here the 32-bit, download the address: http://www.ldapadministrator.com/download.htm, the following figure:

(2). The installation of the download is ready to connect, the connection steps are as follows:

At this point, the OPENLDAP server configuration and client Configuration connection under Linux is complete.

Reference to the online connection:

Http://www.centoscn.com/image-text/config/2013/0819/1367.html
Http://www.centoscn.com/image-text/config/2013/0819/1367.html
http://my.oschina.net/5lei/blog/193484