ldap server configuration

Preface

ldap(Lightweight Directory Access Protocol), a lightweight directory access protocol, stores data in a tree like hierarchy and is a special database system. ldap is often used for unified account management in a large LAN

text

Next, configure the ldap server
1. Install components required for ldap:

yum install ldap ldap-servers ldap-clients migrationtools

2. Modify the ldap configuration file

cd /etc/openldap
vim slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
    #Modify two lines of olcSuffix and olcRootDN
    olcSuffix: dc=centos,dc=com //dc is composed of domain name
    olcRootDN: cn=root,dc=centos,dc=com //cn is the name, which can be customized
vim  slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
    #Modify the next line of olcAccess
    al,cn=auth" read by dn.base="cn=root,dc=centos,dc=com"     read by * none //Modify cn,dc as before

3. Prepare the ldap database, which is located in / var/lib/ldap / directory by default, so you only need to copy the database configuration file of the package

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/* //In fact, the default has been modified, but still pay attention to

4. Test whether the slap configuration file is correct

slaptest -u //The config file testing succeeded appears

5. Start the slapd service

systemctl start slapd
systemctl enable slapd //If necessary, it can be set to start automatically

6. Import cosine and nis modules into ldap database

cd /etc/openldap/schema/
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif

7. Use migration tools to create ldif file

cd /usr/share/migrationtools/
vim migrate_common.ph //Change the global properties of migrationtools
    $NAMINGCONTEXT{'group'} = "ou=Groups"; //61 elements
    $DEFAULT_MAIL_DOMAIN = "centos.com"; //71 elements
    $DEFAULT_BASE = "dc=centos,dc=com"; //74 elements
    $EXTENDED_SCHEMA = 1; //90 elements
./migrate_base.pl > /root/base.ldif //Generate base.ldif
ldapadd -x -W -D 'cn=root,dc=centos,dc=com' -f /root/base.ldif

8. Add system account to ldap database
Add system account

mkdir -p /home/guests/ldapuser{1,2}
useradd -d /home/guests/ldapuser1 ldapuser1
useradd -d /home/guests/ldapuser2 ldapuser2
echo '123456' | passwd --stdin ldapuser1
echo '123456' | passwd --stdin ldapuser2

Redirect the information of the added account to the / root / directory for use by the migration tools

getent passwd | tail -n2 > /root/passwd
getent shadow | tail -n2 > /root/shadow
getent groups | tail -n2 > /root/groups

Modifying the migrationtools configuration

vim /usr/share/migrationtools/migrate_passwd.pl
    #Change / etc/passwd to / root/shadow
    open(SHADOW, "/root/shadow") || return;

Create ldif file

./migrate_passwd.pl /root/users > /root/users.ldif
./migrate_group.pl /root/groups > /root/groups.ldif

Add the user's ldif file to the ldap database

ldapadd -x -W -D "cn=root,dc=centos,dc=com" -f /root/users.ldif
ldapadd -x -W -D "cn=root,dc=centos,dc=com" -f /root/groups.ldif

9. Finally, test the dit entry of ldap locally

ldapsearch -x -b "dc=centos,dc=com" -H ldap://127.0.0.1

Tags: CentOS Database vim yum

Posted on Mon, 04 May 2020 07:32:21 -0400 by nadeauz