Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to deploy OpenLDAP services in CentOS7". Many people will encounter this dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

OpenLDAP is a lightweight directory access protocol (Lightweight Directory Access Protocol,LDAP), which belongs to the implementation of open source centralized account management architecture, and supports many system versions, which is adopted by the majority of Internet companies.

Install the ldap service [root@ldap ~] # yum install-y openldap-servers openldap-clients [root@ldap ~] # cp / usr/share/openldap-servers/DB_CONFIG.example / var/lib/ldap/DB_ config [root @ ldap ~] # chown ldap. / var/lib/ldap/DB_ config [root @ ldap ~] # systemctl start slapd [root@ldap ~] # systemctl enable slapd configure ldap service

# generate administrator password

[root@ldap ~] # slappasswdNew password:Re-enter new password: {SSHA} xxxxxxxxxxxxxxxxxxxxxxxx [root@ldap ~] # vim chrootpw.ldif# specify the password generated above for "olcRootPW" sectiondn: olcDatabase= {0} config,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA} xxxxxxxxxxxxxxxxxxxxxxxx [root@ldap ~] # ldapadd-Y EXTERNAL-H ldapi:///-f chrootpw.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0modifying entry "olcDatabase= {0} config Cn=config "Import basic mode [root@ldap ~] # ldapadd-Y EXTERNAL-H ldapi:///-f / etc/openldap/schema/cosine.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry" cn=cosine,cn=schema,cn=config "[root@ldap ~] # ldapadd-Y EXTERNAL-H ldapi:///-f / etc/openldap/schema/nis.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry" cn=nis,cn=schema Cn=config "[root@ldap ~] # ldapadd-Y EXTERNAL-H ldapi:///-f / etc/openldap/schema/inetorgperson.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry" cn=inetorgperson,cn=schema,cn=config "set the domain name in the DB of ldap

# generate directory administrator password

[root@ldap ~] # slappasswdNew password:Re-enter new password: {SSHA} xxxxxxxxxxxxxxxxxxxxxxxx [root@ldap ~] # vim chdomain.ldif# replace to your own domain name for "dc=***,dc=***" section# specify the password generated above for "olcRootPW" sectiondn: olcDatabase= {1} monitor,cn=configchangetype: modifyreplace: olcAccessolcAccess: {0} to * bydn.base= "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read bydn.base= "cn=Manager,dc=jumpserver,dc=tk" read by * nonedn: olcDatabase= {2} hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=jumpserver,dc=tkdn: olcDatabase= {2} hdb Cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=Manager,dc=jumpserver,dc=tkdn: olcDatabase= {2} hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA} xxxxxxxxxxxxxxxxxxxxxxxxdn: olcDatabase= {2} hdb,cn=configchangetype: modifyadd: olcAccessolcAccess: {0} to attrs=userPassword,shadowLastChange bydn= "cn=Manager,dc=jumpserver,dc=tk" write by anonymous auth by self write by * noneolcAccess: {1} to dn.base= "by * readolcAccess: {2} to * bydn=" cn=Manager,dc=jumpserver Dc=tk "write by * read [root@ldap] # ldapmodify-Y EXTERNAL-H ldapi:///-f chdomain.ldifSASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0modifying entry" olcDatabase= {1} monitor,cn=config "modifying entry" olcDatabase= {2} hdb,cn=config "modifying entry" olcDatabase= {2} hdb,cn=config "modifying entry" olcDatabase= {2} hdb,cn=config "[root@ldap ~] # vim basedomain.ldif# replace to your own domain name for" dc=***,dc=*** "sectiondn: dc=jumpserver Dc=tkobjectClass: topobjectClass: dcObjectobjectclass: organizationo: Server tkdc: jumpserverdn: cn=Manager,dc=jumpserver,dc=tkobjectClass: Managerdescription: Directory Managerdn: ou=People,dc=jumpserver,dc=tkobjectClass: organizationalUnitou: Peopledn: ou=Group,dc=jumpserver,dc=tkobjectClass: organizationalUnitou: Group [root@ldap ~] # ldapadd-x-D cn=Manager,dc=jumpserver,dc=tk-W-f basedomain.ldifEnter LDAP Password: # enter the directory administrator password adding new entry "dc=jumpserver,dc=tk" adding new entry "cn=Manager,dc=jumpserver,dc=tk" adding new entry "ou=People,dc=jumpserver,dc=tk" adding new entry "ou=Group,dc=jumpserver Dc=tk "Open port # firewall-cmd-- add-service=ldap-- permanentsuccess# firewall-cmd-- reloadsuccess add a user

# generate user password

[root@ldap ~] # slappasswdNew password:Re-enter new password: {SSHA} xxxxxxxxxxxxxxxxx [root@ldap ~] # vi ldapuser.ldif# create new# replace to your own domain name for "dc=***,dc=***" sectiondn: uid=test,ou=People,dc=jumpserver,dc=tkobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountcn: testsn: LinuxuserPassword: {SSHA} xxxxxxxxxxxxxxxxxloginShell: / bin/bashuidNumber: 1000gidNumber: 1000homeDirectory: / home/testdn: cn=test,ou=Group,dc=jumpserver,dc=tkobjectClass: posixGroupcn: testgidNumber: 1000memberUid: test [root@ldap ~] # ldapadd-x-D cn=Manager,dc=jumpserver Dc=tk-W-f ldapuser.ldifEnter LDAP Password:adding new entry "uid=test,ou=People,dc=jumpserver,dc=tk" adding new entry "cn=test,ou=Group,dc=jumpserver,dc=tk" [root@ldap ~] # ldapsearch-x-D "cn=Manager,dc=jumpserver,dc=tk"-W-b "dc=jumpserver,dc=tk"CentOS7 how to deploy OpenLDAP Services" ends here Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.