共计 3103 个字符,预计需要花费 8 分钟才能阅读完成。
RHEL7 中 OpenLDAP 的安装与配置
一、LDAP 的术语
entry:一个单独的单元,使用 DN(distinguish name) 区别
attribute:entry 的属性,比如,如果 entry 是组织机构的话,那么它的属性包括地址,电话,传真号码等,属性分为可选和必选,必选的属性使用 objectclass 定义,这些属性可以在 /etc/openldap/slapd.d/cn=config/cn=schema/ 目录下面找到
LDIF: LDAP interchange format 是用来表示 LDAP entry 的文本格式,格式如下:
[id] dn: distinguished_nameattribute_type: attribute_value…attribute_type: attribute_value…
二、安装 OpenLDAPsuite
OpenLDAP 相关的安装包:
PackageDescription
openldapA
openldap-clients
openldap-servers
compat-openldap
如果需要允许用户本地查询 LDAP 服务,则需要安装以下额外的包:
nss-pam-ldapd
安装 OpenLDAP 包:
[root@linuxidc ~]# yum install openldap\* -y
三、OpenLDAP 服务器端的管理工具:
CommandDescription
slapacl Allows you to check the access to a list of attributes.
slapadd Allows you to add entries from an LDIF file to an LDAP directory.
slapauth Allows you to check a list of IDs for authentication and authorization permissions.
slapcat Allows you to pull entries from an LDAP directory in the default format and save them in an LDIF file.
slapdn Allows you to check a list of Distinguished Names (DNs) based on available schema syntax.
slapindex Allows you to re-index the slapd directory based on the current content. Run this utility whenever you change indexing options in the configuration file.
slappasswd Allows you to create an encrypted user password to be used with the ldapmodify utility, or in the slapd configuration file.
slapschema Allows you to check the compliance of a database with the corresponding schema.
slaptest Allows you to check the LDAP server configuration.
在使用 slapadd 之前,修改以下文件的属主属组:
[root@linuxidc ~]# chown -R ldap.ldap /var/lib/ldap/
同时,在使用 slapdd 之前,停止 sladp 服务:
systemctl stop slapd.service
四、OpenLDAP 客户端的管理工具:
OpenLDAP client 安装包 安装了以下的工具,用于在 ldap 的目录添加、修改、删除 entry。
Command Description
ldapadd —- Allows you to add entries to an LDAP directory, either from a file, or from standard input. It is a symbolic link to ldapmodify -a.
ldapcompare — – Allows you to compare given attribute with an LDAP directory entry.
ldapdelete——Allows you to delete entries from an LDAP directory.
ldapexop——-Allows you to perform extended LDAP operations.
ldapmodify——-Allows you to modify entries in an LDAP directory, either from a file, or from standard input.
ldapmodrdn——-Allows you to modify the RDN value of an LDAP directory entry.
ldappasswd——–Allows you to set or change the password for an LDAP user.
ldapsearch——–Allows you to search LDAP directory entries.
ldapurl———–Allows you to compose or decompose LDAP URLs.
ldapwhoami——Allows you to perform a whoami operation on an LDAP server.
五、配置 Open LDAP 服务器
Open LDAP 的配置文件默认放在 /etc/openldap 目录下,
Path Description
/etc/openldap/ldap.conf The configuration file for client applications that use the OpenLDAP libraries. This includes ldapadd, ldapsearch, Evolution, etc.
/etc/openldap/slapd.d/ The directory containing the slapd configuration.
修改全局变量配置:
全局变量配置文件放在 /etc/openldap/slapd.d/cn=config.ldif 里面,修改数据库配置
OpenLDAP 默认使用 BDB 作为后台数据库,数据库的配置文件保存在目录 /etc/openldap/slapd.d/cn=config 下面
Liferay Portal 配置使用 Oracle 和 OpenLDAP http://www.linuxidc.com/Linux/2012-07/66928.htm
Axigen+OpenLDAP+BerkeleyDB+ejabberd 多域 +JWchat 详细配置 http://www.linuxidc.com/Linux/2012-06/61598.htm
CentOS 部署 OpenLDAP 认证 http://www.linuxidc.com/Linux/2012-04/57932.htm
CentOS Linux 安装 OpenLDAP 服务器 http://www.linuxidc.com/Linux/2014-03/98087.htm
OpenLDAP 的详细介绍 :请点这里
OpenLDAP 的下载地址 :请点这里
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2015-03/115524.htm
