Install LDAP-slapd.conf mode
——————start installation———————
Query whether to install
# rpm -qa openldap-servers
Remove ldap
# yum remove openldap
# yum remove openldap-servers
Installation Environment
Centos7
Apache/2.4.6 (CentOS)
PHP 7.1.11
Install LDAP Server
Openldap-servers-2.4.44-5.el7.x86_64
# yum install openldap-servers openldap-clients migrationtools
# rpm -qa | grep openldap
Delete all files in the slapd.d folder and copy a copy of slapd.conf
# rm -rvf /etc/openldap/slapd.d
# mkdir /etc/openldap/slapd.d
Generate password
# /sbin/slappasswd
New password:
Re-enter new password:
{SSHA}XXXXXXXXXXXXXXXXX….
Ldap-server configuration file
# cp /usr/share/openldap-servers/slapd.ldif /etc/openldap/slapd.conf
Modify the slapd.conf file
# vi /etc/openldap/slapd.conf
Put
olcAccess: to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,c n=auth” read by dn.base=”cn=Manager,dc=my-domain,dc= Com” read by * none
olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com
Change to
olcAccess: to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,c n=auth” read by dn.base=” cn=Manager,dc=rmohan,dc=com ” read by * none olcSuffix: dc=rmohan,dc=com
olcRootDN: cn=Manager,dc=rmohan,dc=com
olcRootPW: {SSHA}XXXXXXXXXXXXXXXXXXXXX
(olcRootPW please copy from password.txt just)
Start converting configuration files
# rm -rvf /var/lib/ldap/*
# /usr/libexec/openldap/convert-config.sh
# head -20 /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{[12]}*
Test if the LDAP configuration file is normal
# slaptest -u
Config file testing succeeded
Clear the database sample file and copy the database default profile
Copy database preset profile #
Cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# rm -rvf /etc/openldap/certs
# mkdir /etc/openldap/ certs
Create a certs DB profile
# /usr/libexec/openldap/create-certdb.sh
Creating certificate database in ‘/etc/openldap/certs’.
# /usr/libexec/openldap/generate-server-cert.sh
Creating new server certificate in ‘/etc/openldap/certs’.
# chown ldap:ldap -R /var/lib/ldap/
# systemctl start slapd
# slaptest
Config file testing succeeded
# systemctl enable slapd
# firewall-cmd –permanent –zone=public –add-port=389/tcp
# firewall-cmd –reload
# ldapwhoami -WD cn=Manager,dc=rmohan,dc=com
Enter LDAP Password:
Dn :cn=Mana g er,dc=rmohan,dc=com
Import schema
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
Edit root node
# vim base.ldif
Dn: dc=rmohan,dc=com
objectClass: top
objectClass: dcObject
Objectclass: organization
o: rmohan
Dc: rmohan
Dn: cn=Manager,dc=rmohan,dc=com
objectClass: organizationalRole
Cn: Manager
Description: Directory Manager
Dn: ou=STU, dc=rmohan,dc=com
objectClass: organizationalUnit
Ou: STU
Description:student
Dn: ou=TEA,dc=rmohan,dc=com
objectClass: organizationalUnit
Ou: TEA
Description:teacher
# /bin/ldapadd -x -D “cn=Manager,dc=rmohan,dc=com” -W -f base.ldif
Enter LDAP Password:
Adding new entry “dc=rmohan,dc=com”
Adding new entry “cn=Manager,dc=rmohan,dc=com”
Adding new entry “ou=People,dc=rmohan,dc=com”
Adding new entry “ou=Group,dc=rmohan,dc=com”
Firewall settings
# /bin/firewall-cmd –permanent –add-service=ldap
# /bin/firewall-cmd –reload
Recent Comments