(一)安裝前的準備工作
(1)略 ip設爲 192.168.1.10
(2)關閉selinux及iptables
(3)掛載光盤並把它設爲本地yum源(略)
--------------------------------------------------------------------------------------------------
(二)安裝LDAP軟件openldap、openldap-servers、openldap-clients(openldap默認已安裝)
# yum install openldap-servers openldap-clients -y
--------------------------------------------------------------------------------------------------(三)修改ldap的配置文件,它的的位置在/etc/openldap/slapd.conf
修改如下內容
suffix "dc=yichunlan99,dc=com" #設置目錄信息樹的後綴
rootdn "cn=Manager,dc=yichunlan99,dc=com" #設置LDAP管理者的DN
rootpw zw #設置ldap的管理密碼,也可設置經過加密的密碼,使用slappasswd生成加密密碼後複製到這裏即可
-------------------------------------------------------------------------------------------------
(四)初始化ldap數據庫
初始化ldap數據庫有兩種方式:離線添加和在線添加兩種
1、離線添加
(1)生成數據庫的配置文件
# cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG
(2)添加ldap項目
# slapadd
dn:dc=yichunlan99,dc=com
objectclass:dcObject
objectclass:organization
o:yichunlan99 com
dc:yichunlan99
dn:cn=Manager,dc=yichunlan99,dc=com
objectclass:organizationalRole
cn:Manager
然後ctrl+D結束添加
(3)設置權限
#chown -R ldap.ldap /var/lib/ldap/
2、在線添加
在線添加需要先啓動ldap服務
#service ldap start
使用一下命令在線添加
#ldapadd -x -W -D 'cn=Manager,dc=yichunlan99,dc=com'
然後需要設置的管理密碼,按提示設置即可
-------------------------------------------------------------------------------------------------
(五)測試添加的ldap項目
#slapcat
如果能顯示添加的項目,就表示添加項目成功!!
--------------------------------------------------------------------------------------------------
(六)啓動ldap服務
# service ldap start
(七)將ldap服務器的本機賬號輸入到ldpa數據庫,作爲域賬號使用
1、在/usr/share/openldap/migration/目錄下有將本機賬號轉換爲域賬號的工具
(1)設置migrate_common.ph修改如下內容
$DEFAULT_MAIL_DOMAIN = "yichunlan99.com";
$DEFAULT_BASE = "dc=yichunlan99,dc=com";
(2)修改migrate_all_online.sh,之讓其處理/etc/passwd和/etc/group兩項數據即可
修改後的內容爲
#echo "Migrating aliases..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_aliases.pl $ETC_ALIASES >> $DB
#echo "Migrating fstab..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_fstab.pl $ETC_FSTAB >> $DB
echo "Migrating groups..."
$PERL -I${INSTDIR} ${INSTDIR}migrate_group.pl $ETC_GROUP >> $DB
echo "Migrating hosts..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_hosts.pl $ETC_HOSTS >> $DB
echo "Migrating networks..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_networks.pl $ETC_NETWORKS >> $DB
echo "Migrating users..."
$PERL -I${INSTDIR} ${INSTDIR}migrate_passwd.pl $ETC_PASSWD >> $DB
echo "Migrating protocols..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_protocols.pl $ETC_PROTOCOLS >> $DB
echo "Migrating rpcs..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_rpc.pl $ETC_RPC >> $DB
echo "Migrating services..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_services.pl $ETC_SERVICES >> $DB
echo "Migrating netgroups..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_netgroup.pl $ETC_NETGROUP >> $DB
echo "Migrating netgroups (by user)..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_netgroup_byuser.pl $ETC_NETGROUP >> $DB
echo "Migrating netgroups (by host)..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_netgroup_byhost.pl $ETC_NETGROUP >> $DB
(3)執行migrate_all_online.sh
#./migrate_all_online.sh
Enter the X.500 naming context you wish to import into: [dc=yichunlan99,dc=com] #直接回車
Enter the hostname of your LDAP server [ldap]: localhost #輸入localhost,因爲ldap服務器就是本機
Enter the manager DN: [cn=manager,dc=yichunlan99,dc=com]: #直接回車
Enter the credentials to bind with: #這地方需要輸入設置的ldap管理密碼
Do you wish to generate a DUAConfigProfile [yes|no]? no
Importing into dc=yichunlan99,dc=com...
Creating naming context entries...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
adding new entry "dc=yichunlan99,dc=com"
ldapadd: Already exists (68)
Importing into LDAP...
adding new entry "ou=Hosts,dc=yichunlan99,dc=com"
adding new entry "ou=Rpc,dc=yichunlan99,dc=com"
adding new entry "ou=Services,dc=yichunlan99,dc=com"
adding new entry "nisMapName=netgroup.byuser,dc=yichunlan99,dc=com"
adding new entry "ou=Mounts,dc=yichunlan99,dc=com"
adding new entry "ou=Networks,dc=yichunlan99,dc=com"
adding new entry "ou=People,dc=yichunlan99,dc=com"
adding new entry "ou=Group,dc=yichunlan99,dc=com"
adding new entry "ou=Netgroup,dc=yichunlan99,dc=com"
adding new entry "ou=Protocols,dc=yichunlan99,dc=com"
adding new entry "ou=Aliases,dc=yichunlan99,dc=com"
adding new entry "nisMapName=netgroup.byhost,dc=yichunlan99,dc=com"
adding new entry "cn=root,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=bin,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=daemon,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=sys,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=adm,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=tty,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=disk,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=lp,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=mem,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=kmem,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=wheel,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=mail,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=news,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=uucp,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=man,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=games,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=gopher,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=dip,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=ftp,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=lock,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=nobody,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=users,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=audio,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=nscd,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=utmp,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=utempter,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=floppy,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=vcsa,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=rpc,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=mailnull,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=smmsp,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=pcap,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=slocate,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=ntp,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=dbus,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=avahi,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=sshd,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=rpcuser,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=nfsnobody,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=haldaemon,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=avahi-autoipd,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=oprofile,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=xfs,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=stapdev,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=stapusr,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=gdm,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=sabayon,ou=Group,dc=yichunlan99,dc=com"
adding new entry "cn=ldap,ou=Group,dc=yichunlan99,dc=com"
adding new entry "uid=root,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=bin,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=daemon,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=adm,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=lp,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=sync,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=shutdown,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=halt,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=mail,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=news,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=uucp,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=operator,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=games,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=gopher,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=ftp,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=nobody,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=nscd,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=vcsa,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=rpc,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=mailnull,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=smmsp,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=pcap,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=ntp,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=dbus,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=avahi,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=sshd,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=rpcuser,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=nfsnobody,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=haldaemon,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=avahi-autoipd,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=oprofile,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=xfs,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=gdm,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=sabayon,ou=People,dc=yichunlan99,dc=com"
adding new entry "uid=ldap,ou=People,dc=yichunlan99,dc=com"
/usr/bin/ldapadd: succeeded #提示我們已經設置成功!!!!
------------------------------------------------------------------------------------------------
至此,ldap服務器搭建成功!!!!!