在 CentOS 6 安裝 LDAP Server
環境: CentOS 6.2, openldap 2.4.23
1.安裝openldap
yum install openldap-servers openldap-clients
2.拷貝配置文件
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
3.設置LDAP管理員的口令
#slappasswd
New password:
Re-enter new password:
{SSHA}M4bEGT2uNTumymS90+R0E1m5zDM2H7vf
4.將生成的密碼對應到rootpw,並設置suffix
vi /etc/openldap/slapd.conf
:%s/dc=my-domain/dc=csdn/g
rootpw {SSHA}M4bEGT2uNTumymS90+R0E1m5zDM2H7vf # 要用tab鍵補齊
5.啓用 openldap 加密傳輸
cd /etc/pki/tls/certs
make slapd.pem
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Csdn Ins.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:puppet-exserver.csdn.net
Email Address []:
6.設置slapd.pem的權限,交鏈接到/etc/openldap/certs/slapd.pem
chmod 640 slapd.pem
chown :ldap slapd.pem
ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/certs/slapd.pem
7.開啓ldaps支持
vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes
8.指定文書文件的路徑
vi /etc/openldap/slapd.conf
添加以下內容,註釋默認的TLS條目:
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
9.配置ldap.conf文件
vi /etc/openldap/ldap.conf
#加入以下內容:
URI ldap://127.0.0.1
BASE dc=csdn,dc=net
TLS_CACERTDIR /etc/openldap/certs
TLS_REQCERT never
10.創建ldif文件
vi /root/root.ldif
#csdn
dn: dc=csdn,dc=net
dc: csdn
objectClass: dcObject
objectClass: organizationalUnit
ou: csdn
#pongo
dn: ou=pongo,dc=csdn,dc=net
ou: pongo
objectClass: organizationalUnit
rm -rf /etc/openldap/slapd.d/*
11.將ldif文件添加到ldap
slapadd -n 2 -l /root/root.ldif
12.測試並設置ldap的所屬用戶和組並重啓slapd服務
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart
13.測試:
ldapsearch -x -ZZ -h localhost (TLS)
ldapsearch -x -H ldaps://localhost (SSL)