Ubuntu10.04 install and configure the LDAP Service

Source: Internet
Author: User
Tags server installation and configuration openldap
Note: Taking Ubuntu10.04 as an example, the LDAP server and the client are the same machine. The latest openldap software server does not have a separate configuration file, but stores the configuration information in the database. 1. LDAP Server installation and configuration 1.1 install LDAP server software sudoapt-getinstallslapdldap-utils1.2 configure LDAP Server database sudoldapadd-YEXTER Note: Ubuntu 10.04 version as an example, the LDAP server and client are the same machine, the latest openldap software server does not have a separate configuration file, but stores the configuration information in the database.
1. LDAP Server installation and configuration

1.1 install the LDAP server software sudo apt-get install slapd ldap-utils

1.2 configure the LDAP server database sudo ldapadd-y external-H ldapi: //-f/etc/ldap/schema/cosine. ldifsudo ldapadd-y external-H ldapi: //-f/etc/ldap/schema/nis. ldifsudo ldapadd-y external-H ldapi: //-f/etc/ldap/schema/inetorgperson. ldifsudo ldapadd-y external-H ldapi: //-f/etc/ldap/schema/misc. ldif (1) Create a database and create the create_database.ldif file under/var/lib/ldap: # Load hdb backend module
Dn: cn = module {0}, cn = config
ObjectClass: olcModuleList
Cn: module
OlcModulepath:/usr/lib/ldap
OlcModuleload: {0} back_hdb

# Create the hdb database and place the files under/var/lib/ldap
Dn: olcDatabase = {1} hdb, cn = config
ObjectClass: olcDatabaseConfig
ObjectClass: olcHdbConfig
OlcDatabase: {1} hdb
OlcDbDirectory:/var/lib/ldap
OlcSuffix: dc = edu, dc = example, dc = org
OlcRootDN: cn = admin, dc = edu, dc = example, dc = org
OlcRootPW: {SSHA} 5EdV7cSYlP44/gEWu + x3VKAKLN2HG4VX


OlcDbConfig: {0} set_cachesize0 2097152 0
OlcDbConfig: {1} set_lk_max_objects1500
OlcDbConfig: {2} set_lk_max_locks1500
OlcDbConfig: {3} set_lk_max_lockers1500
OlcLastMod: TRUE
OlcDbCheckpoint: 51230
OlcDbIndex: uid pres, eq
OlcDbIndex: cn, sn, mail pres, eq, approx, sub
OlcDbIndex: objectClass eq import: sudo ldapadd-y external-H ldapi: //-f/var/lib/ldap/create_database.ldif note: the ciphertext following the olcRootPW parameter in the create_database.ldif file is "example". You can use the slappasswd command to obtain the ciphertext corresponding to the plaintext.
(2) Create the init_database.ldif file under/var/lib/ldap/for the initialization database: Dn: dc = edu, dc = example, dc = org
ObjectClass: top
ObjectClass: dcObject
Objectclass: organization
O: edu.example.org
Dc: edu
# Description: LDAP root

Dn: ou = People, dc = edu, dc = example, dc = org
ObjectClass: top
ObjectClass: organizationalUnit
Ou: People

Dn: ou = Groups, dc = edu, dc = example, dc = org
ObjectClass: top
ObjectClass: organizationalUnit
Ou: Groups import: sudo ldapadd-y external-H ldapi: //-f/var/lib/ldap/init_database.ldif
(3) modify the ACL to limit access to the database. Create the acls. ldif file under/var/lib/ldap: Dn: olcDatabase = {1} hdb, cn = config
Add: olcAccess
OlcAccess: {0} to attrs = userPassword, shadowLastChange by dn = "cn = admin, dc = edu, dc = example, dc = org "write by anonymous auth by self write by * none
OlcAccess: {1} to dn. subtree = "" * Read
OlcAccess: {2} to * by dn = "cn = admin, dc = edu, dc = example, dc = org" write * ReadImport: sudo ldapmodify-y external-H ldapi: //-f/var/lib/ldap/acls. ldif
(4) Test the database sudo ldapsearch-x-h localhost-B dc = edu, dc = example, dc = org

1.3 Use the migration tool migrationtools (1) to install sudo apt-get install migrationtools
(2) use this tool to migrate users and groups in Linux to the LDAP server, cd/usr/share/migrationtools /. /migrate_group.pl/etc/group. /group. ldif. /migrate_passwd.pl/etc/passwd. /passwd. ldif modifies group. in ldif, the group's parent domain name is ou = Groups, dc = edu, dc = example, dc = org, and passwd is modified. in ldif, the user's parent domain name is ou = People, dc = edu, dc = example, dc = orgldapadd-x-W-D "cn = admin, dc = edu, dc = example, dc = org "-f. /group. ldifldapadd-x-W-D "cn = admin, dc = edu, dc = example, dc = org"-f. /passwd. ldif

1.4 Use the ldap server management tool ldapscripts (1) to install sudo apt-get install ldapscripts
(2) modify the Configuration file # LDAP Configuration
# DEBIAN: values from/etc/pam_ldap.conf are used.
SERVER = "ldap: // localhost"
BINDDN = "cn = admin, dc = edu, dc = example, dc = org"

# The following file contains the raw password of the binddn
# Create it with something like: echo-n 'secret'> $ BINDPWDFILE
# WARNING !!!! Be careful not to make this file world-readable
# DEBIAN:/etc/pam_ldap.secret or/etc/ldap. secret are used.
BINDPWDFILE = "/etc/ldapscripts. passwd"
# For older versions of OpenLDAP, it is still possible to use
# Unsecure command-line passwords by defining the following option
# AND commenting the previous one (BINDPWDFILE takes precedence)
# BINDPWD = "secret"

# DEBIAN: values from/etc/pam_ldap.conf are used.
SUFFIX = "dc = edu, dc = example, dc = org" # Global suffix
GSUFFIX = "ou = Groups" # Groups ou (just under $ SUFFIX)
USUFFIX = "ou = People" # Users ou (just under $ SUFFIX)
# MSUFFIX = "ou = Machines" # Machines ou (just under $ SUFFIX)

# User passwords generation
# Command-line used to generate a password for added users (you may use % u for username here)
# WARNING !!!! This is evaluated, everything specified here will be run!
# Special value "" will ask for a password interactively
# PASSWORDGEN = "cat/dev/random | LC_ALL = C tr-dc 'a-zA-Z0-9 '| head-c8"
# PASSWORDGEN = "head-c8/dev/random | uencode-m-| sed-n' 2s | = * $ |; 2p '| sed-e's | + | G'-e's |/| G '"
# PASSWORDGEN = "pwgen"
# PASSWORDGEN = "echo changeme"
# PASSWORDGEN = "echo % u"
PASSWORDGEN = "" NOTE: The password written to ldapscripts. passwd is echo-n 'example '>/etc/ldapscripts. passwd, as shown in the red letter.
(3) Use sudo ldapaddgroup testgroupsudo ldapadduser testuser testgroupsudo ldapsetpasswd testuser
(4) test getent passwdgetent group
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.