I. prepare the environment echonameserver114.114.114.114 & gt;/etc/resolv. conf & nbs
I. environment preparation
|
Echo nameserver 114.114.114.114>/etc/resolv. conf # change DNSecho 192.168.0.190 hello.com>/etc/hosts systemctl disable firewalld. service & systemctl stop firewalld. service # disable the firewall sed-I's // # SELINUX/SELINUX = disable/g'/etc/selinux/config # permanently disable selinuxsetenforce 0 rpm-Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm # Install the extension source yum-y install openldap-servers openldap-clients # install the openldap server and client cp/usr/share/openldap-servers/DB_CONFIG.example/var/lib/ldap/ DB_CONFIG chown ldap: ldap/var/lib/ldap/DB_CONFIG # authorize systemctl start slapd & systemctl enable slapd # start the service and set startup |
2. configure the administrator password
|
①. After the slappasswd or slappasswd-s password (-s password) is entered, a string of encryption strings will be generated, for example, {SSHA} 5Qiqn6d4U4U9b1G8A7dKmJAkJcUOA4fE #. |
②. Vim chrootpw. ldif
|
# Specify the password generated abve for "olcRootPW" section dn: olcDatabase = {0} config, cn = config changetype: modify add: olcRootPW: the password ldapadd-y external-H ldapi: //-f chrootpw. ldif ldapadd-y external-H ldapi: //-f/etc/openldap/schema/cosine. ldif ldapadd-y external-H ldapi: //-f/etc/openldap/schema/nis. ldif ldapadd-y external-H ldapi: //-f/etc/openldap/schema/inetorgperson. the return value of ldif is as follows: |
3. set your domain name in the database
1. generate password
2. vi chdomain. ldif
|
# Replace to your own domain name for "dc = ***, dc = ***" section # specify the password generated above for "olcRootPW" sectiondn: olcDatabase = {1} monitor, cn = configchangetype: modifyreplace: olcAccessolcAccess: {0} to * by dn. base = "gidNumber = 0 + uidNumber = 0, cn = peercred, cn = external, cn = auth" read by dn. base = "cn = admin, dc = hello, dc = com" read by * none dn: olcDatabase = {2} hdb, cn = configchangetype: modifyreplace: olcSuffixolcSuffix: dc = hello, dc = com dn: olcDatabase = {2} hdb, cn = configchangetype: modifyreplace: olcRootDNolcRootDN: cn = admin, dc = hello, dc = comdn: olcDatabase = {2} hdb, cn = configchangetype: modifyadd: olcRootPWolcRootPW: password generated in step 1 dn: olcDatabase = {2} hdb, cn = configchangetype: modifyadd: olcAccessolcAccess: {0} to attrs = userPassword, shadowLastChange by dn = "cn = admin, dc = hello, dc = com" write by anonymous auth by self write by * noneolcAccess: {1} to dn. base = "" by * readolcAccess: {2} to * by dn = "cn = admin, dc = hello, dc = com" write by * read |
3. ldapmodify-y external-H ldapi: //-f chdomain. ldif
4. vi basedomain. ldif
|
# Replace to your own domain name for "dc = ***, dc = ***" sectiondn: dc = hello, dc = comobjectClass: topobjectClass: dcObjectobjectclass: organizationo: qiqiu comdc: qiqiudn: cn = admin, dc = hello, dc = comobjectClass: organizationalRolecn: admindescription: Directory admindn: ou = People, dc = hello, dc = comobjectClass: organizationalUnitou: leledn: ou = Group, dc = hello, dc = comobjectClass: organizationalUnitou: Group |
5. ldapadd-x-D cn = admin, dc = hello, dc = com-W-f basedomain. ldif