The operating system environment of this article: CentOS Linux release 7.7.1908 (Core)
Install OpenLDAP
Install OpenLDAP using the command:
Packages | Package description | openldap | The library files that the server and client must use | openldap-clients | On the LDAP server, users can add, delete, modify, and query command-line environments | openldap-servers | Used to start services and configurations, including a separate LDAP background daemon | openldap-servers-sql | Support SQL modules | compat-openldap | openldap compatibility library environment |
After installation, a user ldap and a user group ldap will be created, and this user cannot log in to /sbin/nologin. You can view it using the following command:
Check the OpenLDAP version:
@(#) $OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.
Configuration file information for OpenLDAP
- /etc/openldap/slapd.conf:OpenLDAP的主配置文件,记录根域信息,管理员名称,密码,日志,权限等
- /etc/openldap/slapd.d/*:这下面是/etc/openldap/slapd.conf配置信息生成的文件,每修改一次配置信息,这里的东西就要重新生成
- /etc/openldap/schema/*:OpenLDAP的schema存放的地方
- /var/lib/ldap/*:OpenLDAP的数据文件
- /usr/share/openldap-servers/slapd.conf.obsolete 模板配置文件
- /usr/share/openldap-servers/DB_CONFIG.example 模板数据库配置文件
Ports for OpenLDAP listening:
Default listening port: 389 (plaintext data transfer)
Encrypted listening port: 636 (ciphertext data transfer)
Note: All configuration data is saved in /etc/openldap/slapd.d/ from OpenLDAP version 2.4.23 onwards, and it is recommended to no longer use slapd.conf as a configuration file.
Configure the OpenLDAP administrator password
[root@VM_0_9_centos ~]# slappasswd -s 123456
{SSHA} JwllmtEOe2awW0EJjLsaQ3Fpioxx70nU
[root@VM_0_9_centos ~] #
After the password is set, save it and it will be used below.
Modify the olcDatabase={2}hdb.ldif file
Command:
Add a line to the file olcRootPW: {SSHA}JwllmtEOe2awW0EJjLsaQ3Fpioxx70nU, then modify the domain information:
Note: The admin in cn=admin represents the username of the OpenLDAP administrator, and olcRootPW represents the encrypted password of the OpenLDAP administrator, and the plaintext password is 123456.
Modify the olcDatabase={1}monitor.ldif file
The command is as follows:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=admin,dc=itsvse,dc=com" read by * none
Note: The dn.base in this modification is the relevant information of the administrator who modified OpenLDAP.
To verify the basic configuration of OpenLDAP, use the following command:
[root@VM_0_9_centos ~]# slaptest -u
5eef6741 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
5eef6741 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
config file testing succeeded
Prompt info config file testing succeeded indicates that the configuration is OK
LDAP database configuration
The default database used by OpenLDAP is BerkeleyDB, now let's start configuring the OpenLDAP database with the following command:
Start the LDAP service
Import schemas
Create a basic user node, database administrator
Create a new basedomain.ldif file with the following contents:
Execute the command, add configuration, here you need to pay attention to modifying the domain name for yourself to configure the domain name, and then you need to enter the password we generated above
Download the LdapAdmin management tool
Download Address:The hyperlink login is visible.
Or download it directly:
Tourists, if you want to see the hidden content of this post, please Reply
Try the link, as shown below:
(End)
Resources:
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
|
Posted on 2020-6-21 22:57:53
|
|
|
|
Posted on 2023-5-19 11:13:54