Note: Taking Ubuntu10.04 as an example, the LDAP server and the client are the same machine. The latest openldap software server does not have a separate configuration file, but stores the configuration information in the database. 1. LDAP Server installation and configuration 1.1 install LDAP server software sudoapt-getinstallslapdldap-utils1.2 configure LDAP Server database sudoldapadd-YEXTER Note: Ubuntu 10.04 version as an example, the LDAP server and client are the same machine, the latest openldap software server does not have a separate configuration file, but stores the configuration information in the database.
1. LDAP Server installation and configuration 1.1 install the LDAP server software sudo apt-get install slapd ldap-utils
# Create the hdb database and place the files under/var/lib/ldap
Dn: olcDatabase = {1} hdb, cn = config
ObjectClass: olcDatabaseConfig
ObjectClass: olcHdbConfig
OlcDatabase: {1} hdb
OlcDbDirectory:/var/lib/ldap
OlcSuffix: dc = edu, dc = example, dc = org OlcRootDN: cn = admin, dc = edu, dc = example, dc = org OlcRootPW: {SSHA} 5EdV7cSYlP44/gEWu + x3VKAKLN2HG4VX
OlcDbConfig: {0} set_cachesize0 2097152 0
OlcDbConfig: {1} set_lk_max_objects1500
OlcDbConfig: {2} set_lk_max_locks1500
OlcDbConfig: {3} set_lk_max_lockers1500
OlcLastMod: TRUE
OlcDbCheckpoint: 51230
OlcDbIndex: uid pres, eq
OlcDbIndex: cn, sn, mail pres, eq, approx, sub
OlcDbIndex: objectClass eq import: sudo ldapadd-y external-H ldapi: //-f/var/lib/ldap/create_database.ldif note: the ciphertext following the olcRootPW parameter in the create_database.ldif file is "example". You can use the slappasswd command to obtain the ciphertext corresponding to the plaintext.
(2) Create the init_database.ldif file under/var/lib/ldap/for the initialization database:
Dn: dc = edu, dc = example, dc = org
ObjectClass: top
ObjectClass: dcObject
Objectclass: organization
O: edu.example.org
Dc: edu
# Description: LDAP root
Dn: ou = People, dc = edu, dc = example, dc = org
ObjectClass: top
ObjectClass: organizationalUnit
Ou: People
Dn: ou = Groups, dc = edu, dc = example, dc = org
ObjectClass: top
ObjectClass: organizationalUnit
Ou: Groups import: sudo ldapadd-y external-H ldapi: //-f/var/lib/ldap/init_database.ldif
(3) modify the ACL to limit access to the database. Create the acls. ldif file under/var/lib/ldap:
Dn: olcDatabase = {1} hdb, cn = config
Add: olcAccess
OlcAccess: {0} to attrs = userPassword, shadowLastChange by dn = "cn = admin, dc = edu, dc = example, dc = org "write by anonymous auth by self write by * none
OlcAccess: {1} to dn. subtree = "" *
Read OlcAccess: {2} to * by dn = "cn = admin, dc = edu, dc = example, dc = org" write *
ReadImport: sudo ldapmodify-y external-H ldapi: //-f/var/lib/ldap/acls. ldif
(4) Test the database sudo ldapsearch-x-h localhost-B dc = edu, dc = example, dc = org
1.3 Use the migration tool migrationtools (1) to install sudo apt-get install migrationtools
(2) use this tool to migrate users and groups in Linux to the LDAP server, cd/usr/share/migrationtools /. /migrate_group.pl/etc/group. /group. ldif. /migrate_passwd.pl/etc/passwd. /passwd. ldif modifies group. in ldif, the group's parent domain name is ou = Groups, dc = edu, dc = example, dc = org, and passwd is modified. in ldif, the user's parent domain name is ou = People, dc = edu, dc = example, dc = orgldapadd-x-W-D "cn = admin, dc = edu, dc = example, dc = org "-f. /group. ldifldapadd-x-W-D "cn = admin, dc = edu, dc = example, dc = org"-f. /passwd. ldif
1.4 Use the ldap server management tool ldapscripts (1) to install sudo apt-get install ldapscripts
(2) modify the Configuration file # LDAP Configuration
# DEBIAN: values from/etc/pam_ldap.conf are used.
SERVER = "ldap: // localhost"
BINDDN = "cn = admin, dc = edu, dc = example, dc = org"
# The following file contains the raw password of the binddn
# Create it with something like: echo-n 'secret'> $ BINDPWDFILE # WARNING !!!! Be careful not to make this file world-readable
# DEBIAN:/etc/pam_ldap.secret or/etc/ldap. secret are used.
BINDPWDFILE = "/etc/ldapscripts. passwd"
# For older versions of OpenLDAP, it is still possible to use
# Unsecure command-line passwords by defining the following option
# AND commenting the previous one (BINDPWDFILE takes precedence)
# BINDPWD = "secret"
# DEBIAN: values from/etc/pam_ldap.conf are used.
SUFFIX = "dc = edu, dc = example, dc = org" # Global suffix
GSUFFIX = "ou = Groups" # Groups ou (just under $ SUFFIX)
USUFFIX = "ou = People" # Users ou (just under $ SUFFIX)
# MSUFFIX = "ou = Machines" # Machines ou (just under $ SUFFIX)
# User passwords generation
# Command-line used to generate a password for added users (you may use % u for username here)
# WARNING !!!! This is evaluated, everything specified here will be run!
# Special value "" will ask for a password interactively
# PASSWORDGEN = "cat/dev/random | LC_ALL = C tr-dc 'a-zA-Z0-9 '| head-c8"
# PASSWORDGEN = "head-c8/dev/random | uencode-m-| sed-n' 2s | = * $ |; 2p '| sed-e's | + | G'-e's |/| G '"
# PASSWORDGEN = "pwgen"
# PASSWORDGEN = "echo changeme"
# PASSWORDGEN = "echo % u"
PASSWORDGEN = "" NOTE: The password written to ldapscripts. passwd is echo-n 'example '>/etc/ldapscripts. passwd, as shown in the red letter.
(3) Use sudo ldapaddgroup testgroupsudo ldapadduser testuser testgroupsudo ldapsetpasswd testuser
(4) test getent passwdgetent group
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
