OpenLDAP on Centos7

First, the Environment preparation

echo nameserver 114.114.114.114 >/etc/resolv.conf # #更改DNS
echo 192.168.0.190 hello.com >>/etc/hosts
Systemctl Disable Firewalld.service && systemctl stop Firewalld.service #关闭防火墙
Sed-i ' s//#SELINUX/selinux=disable/g '/etc/selinux/config # #永久关闭selinux
Setenforce 0
RPM-UVH http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
# #安装扩展源
Yum-y install openldap-servers openldap-clients # #安装openldap服务端和客户端
Cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config
Chown Ldap:ldap/var/lib/ldap/db_config # #授权
Systemctl start SLAPD && systemctl enable SLAPD # #启动服务, set boot boot

Two, configure the administrator password
①.slappasswd or slappasswd-s password (-s specify password)
After entering the password will generate a string of encrypted string
Example: {Ssha} 5qiqn6d4u4u9b1g8a7dkmjakjcuoa4fe #保存, it will be followed by
②.vim chrootpw.ldif
# Specify the password generated above for "Olcroo TPW "section
Dn:olcdatabase={0}config,cn=config
changetype:modify
ADD:OLCROOTPW
OLCROOTPW: the password generated above
Ldapadd-y external-h ldapi:///-F chrootpw.ldif
Ldapadd-y external-h ldapi:///-f/etc/openldap/schema/cosine . LDIF
ldapadd-y external-h ldapi:///-f/etc/openldap/schema/nis.ldif
ldapadd-y external-h ldapi:///-f/etc/o Penldap/schema/inetorgperson.ldif

Third, set up your domain name in the database
1. Generate a password
slappasswd
2.VI Chdomain.ldif
# Replace to your own domain name for ' dc=***,dc=*** ' section
# Specify the password generated above for "OLCROOTPW" sections
Dn:olcdatabase={1}monitor,cn=config
Changetype:modify
Replace:olcaccess
Olcaccess: {0}to * by dn.base= "Gidnumber=0+uidnumber=0,cn=peercred,cn=external,cn=auth"
Read by dn.base= "cn=admin,dc=hello,dc=com" read by * None

Dn:olcdatabase={2}hdb,cn=config
Changetype:modify
Replace:olcsuffix
Olcsuffix:dc=hello,dc=com

Dn:olcdatabase={2}hdb,cn=config
Changetype:modify
Replace:olcrootdn
Olcrootdn:cn=admin,dc=hello,dc=com
Dn:olcdatabase={2}hdb,cn=config
Changetype:modify
Add:olcrootpw
OLCROOTPW: The password generated in step 1

Dn:olcdatabase={2}hdb,cn=config
Changetype:modify
Add:olcaccess
Olcaccess: {0}to attrs=userpassword,shadowlastchange by
dn= "Cn=admin,dc=hello,dc=com" write by anonymous auth by self write by * None
Olcaccess: {1}to dn.base= "by * Read
Olcaccess: {2}to * by dn= ' cn=admin,dc=hello,dc=com ' write by * read
Third, ldapmodify-y external-h ldapi:///-F chdomain.ldif
Iv. VI basedomain.ldif
# Replace to your own domain name for ' dc=***,dc=*** ' section
Dn:dc=hello,dc=com
Objectclass:top
Objectclass:dcobject
Objectclass:organization
O:qiqiu com
Dc:qiqiu
Dn:cn=admin,dc=hello,dc=com
Objectclass:organizationalrole
Cn:admin
Description:directory Admin
Dn:ou=people,dc=hello,dc=com
Objectclass:organizationalunit
Ou:people
Dn:ou=group,dc=hello,dc=com
Objectclass:organizationalunit

Ou:group
5.ldapadd-x-D cn=admin,dc=hello,dc=com-w-F basedomain.ldif

OpenLDAP on Centos7