本文详细介绍了如何在服务器上安装并配置LDAP服务,包括配置文件的设置、服务启动与验证等关键步骤。通过具体命令展示了如何复制配置文件、设置权限、启动服务及验证配置正确性。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
[root@ldap-server ldap]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldap-server ldap]# chown -R ldap:ldap /etc/openldap/
[root@ldap-server ldap]# chown -R ldap:ldap /var/lib/ldap/
[root@ldap-server ldap]# chmod 700 /var/lib/ldap/
[root@ldap-server ldap]#
[root@ldap-server ldap]# ls /var/lib/ldap/
DB_CONFIG[root@ldap-server ldap]# slaptest -u
config file testing succeeded
[root@ldap-server ldap]#
最终的配置文件[root@ldap-server ldap]# egrep -v '^#|^.*#' /etc/openldap/slapd.conf
include/etc/openldap/schema/corba.schema
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/duaconf.schema
include/etc/openldap/schema/dyngroup.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/java.schema
include/etc/openldap/schema/misc.schema
include/etc/openldap/schema/nis.schema
include/etc/openldap/schema/openldap.schema
include/etc/openldap/schema/ppolicy.schema
include/etc/openldap/schema/collective.schema
allow bind_v2pidfile/var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
access to * #此处需要修改,原来的一部分删除
by self writeby anonymous authby * read
databasebdbsuffix"dc=etiantian,dc=org"
checkpoint2048 10rootdn"cn=admin,dc=etiantian,dc=org"
loglevel296cachesize1000directory/var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
rootpw{SSHA}+OjqniWD7vyzN9D9vRbYRE6KvI3Hjrw1启动ldap[root@ldap-server ldap]# /etc/init.d/slapd restart
停止 slapd: [失败]正在启动 slapd: [确定][root@ldap-server ldap]#
[root@ldap-server ldap]# chkconfig slapd on
[root@ldap-server ldap]# chkconfig --list slapd
slapd 0:关闭1:关闭2:启用3:启用4:启用5:启用6:关闭[root@ldap-server ldap]#
[root@ldap-server ldap]# lsof -i:389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
slapd 1470 ldap 7u IPv4 11434 0t0 TCP *:ldap (LISTEN)slapd 1470 ldap 8u IPv6 11435 0t0 TCP *:ldap (LISTEN)[root@ldap-server ldap]#
[root@ldap-server ldap]# ps -ef |grep ldap
ldap 1470 1 0 10:53 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -u ldap
root 1481 1287 0 10:55 pts/0 00:00:00 grep ldap
[root@ldap-server ldap]#
[root@ldap-server ldap]# tail -f /var/log/ldap.log
Mar 25 10:59:51 ldap-server slapd[1603]: @(#) $OpenLDAP: slapd 2.4.40 (May 10 2016 23:30:49) $#012#011mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
启动校验是否正确:[root@ldap-server ldap]# ldapsearch -LLL -W -x -H ldap://etiantian.org -D "cn=admin,dc=etiantian,dc=org" -b "dc=etiantian,dc=org"
Enter LDAP Password:ldap_bind: Invalid credentials (49)[root@ldap-server ldap]#
解决办法:root@ldap-server ldap]# rm -rf /etc/openldap/slapd.d/*
[root@ldap-server ldap]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
[root@ldap-server ldap]# chown -R ldap:ldap /etc/openldap/
[root@ldap-server ldap]# /etc/init.d/slapd restart
停止 slapd: [确定]正在启动 slapd: [确定][root@ldap-server ldap]#
[root@ldap-server ldap]# ldapsearch -LLL -W -x -H ldap://etiantian.org -D "cn=admin,dc=etiantian,dc=org" -b "dc=etiantian,dc=org"
Enter LDAP Password:No such object (32) #表示正确
[root@ldap-server ldap]#
|
本文转自 小小三郎1 51CTO博客,原文链接:http://blog.51cto.com/wsxxsl/1910268,如需转载请自行联系原作者
扫一扫
4553
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
