当前位置:首页 > 开发 > 操作系统 > 正文

openldap configuration leaning note

发表于: 2014-10-21   作者:iwindyforest   来源:转载   浏览:
摘要: hostname // to display the computer name hostname <changed name> // to change go to: /etc/sysconfig/network, add/modify HOSTNAME=NEWNAME to change permenately dont forget to change /etc/hosts

hostname // to display the computer name

hostname <changed name> // to change

go to: /etc/sysconfig/network, add/modify HOSTNAME=NEWNAME to change permenately

dont forget to change /etc/hosts after you change your hostname,

127.0.0.1 localhost.localdomain localhost

 

 

// the following part mainly is from brightmoon 's blog:

http://blog.csdn.net/hitabc141592/article/details/22931179

 

 

// copy template

# cd /etc/openldap/
# cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf

 

// create a passwd for ldap admin# slappasswd{SSHA}pfAJm+JJa4ec2y8GjTc8uMEJpoR5YKLy

a passwd like the above would be displayed, save/remember it for later use

 

// edit config file

# vim /etc/openldap/slapd.conf

database        bdb
suffix          "dc=centos,dc=com"
checkpoint      1024 15
rootdn          "cn=admin,dc=
centos,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
rootpw {SSHA}pfAJm+JJa4ec2y8GjTc8uMEJpoR5YKMn

 

//for rootdn, if your hostname is centos.com, and your current user is in admin group, it should be like this

rootdn          "cn=admin,dc=centos,dc=com"

 

// copy db config file# cp /usr/share/openldap-servers/DB_CONFIG.example  /var/lib/ldap/DB_CONFIG

 

// remove all file under /etc/openldap/slapd.d/* -- very very important!

// actually, I found the files are not deleted by using the following,

// when I navigate to /etc/openldap/slapd.d/ , I saw there are still file under this directory

// so I used rm -rf * under this directory

// when you delete all file under /etc/openldap/slapd.d/, make sure all file under this directory are deleted

// or you would always get "invalid credential" error# rm -rf /etc/openldap/slapd.d/*

 

// restart server and make slapd automaticall started by default# service slapd restart
# chkconfig slapd on

 

// grant access to ldap:ldap user# chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/

 

// test and generate config file under /etc/openldap/slapd.d , very important

// once this step is done, it should be displayed the message: config file testing succeeded,

slaptest  -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

 

// check /etc/openldap/slapd.d/cn=config to cat the file olcDatabase={2}bdb.ldif

// if it is correctly executed, you update in /etc/openldap/slapd.conf should be mapped as following:

// if it is not changed to map your update, there must be something wrong with your previous steps

// got check util you see the right update, or you would always got "credential errors"

olcSuffix: dc=centos,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=centos,dc=com

// grant ldap:ldap full access, others not

# chown -R ldap:ldap /etc/openldap/slapd.d
# service slapd restart

 

// use migrationtools to export all existing system accounts to ldif files# yum install migrationtools -y

 

# vi  migrate_common.ph

 

...

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "centos.com";
# Default base
$DEFAULT_BASE =
"dc=centos,dc=com";

 

# ./migrate_base.pl > /tmp/base.ldif
# ./migrate_passwd.pl  /etc/passwd > /tmp/passwd.ldif
# ./migrate_group.pl  /etc/group > /tmp/group.ldif

 

 

the password admin is the password set in slapd.conf file, "cn=admin,dc=centos,dc=com"  is the rootdn # ldapadd -x -D "cn=admin,dc=centos,dc=com" -w admin -f /tmp/base.ldif
# ldapadd -x -D "cn=admin,dc=
centos,dc=com" -w admin -f /tmp/passwd.ldif
# ldapadd -x -D "cn=admin,dc=
centos,dc=com" -w admin -f /tmp/group.ldif

# service slapd restart

 

once you set up the configuration, the following comand can be used to fetch all the entries under the base dn:

ldapsearch -x -H ldap://centos.com -b 'dc=centos,dc=com'

 

ldap browser can be used

openldap configuration leaning note

  • 0

    开心

    开心

  • 0

    板砖

    板砖

  • 0

    感动

    感动

  • 0

    有用

    有用

  • 0

    疑问

    疑问

  • 0

    难过

    难过

  • 0

    无聊

    无聊

  • 0

    震惊

    震惊

编辑推荐
1 note
1:ID生成策略 2:Composite id(注解定义的三种方式) 3:opensession vs getcurrentsession opens
第一眼看到逻辑回归(Logistic Regression)这个词时,脑海中没有任何概念,读了几页后,发现这非常
第一眼看到逻辑回归(Logistic Regression)这个词时,脑海中没有任何概念,读了几页后,发现这非常
现在开始看《Machine Learning In Action》,英文原版,一本比较注重工程实践的书,对于不想啃复杂
1.下载软件:http://download.csdn.net/download/w_wujianjun910418/3072319 一直next,安装完成后
LDAP协议 目录是一组具有类似属性、以一定逻辑和层次组合的信息。常见的例子是通讯簿,由以字母顺序
由于工作需要,有机会尝试使用LDAP。下面就介绍一下OpenLDAP的安装配置过程。 第一步, 查阅文档,
2009-12-10 为什么“单向一对多”并不推荐使用关联列而使用关联表呢? JPWH一书中的解释是说:如果
2009-9-12 1.关于网页的几种常见布局: 固定宽度布局:Fixed Width,这种很常见,像新浪博客就是这
2009-3-28 <filter> <filter-name>struts2</filter-name> ANNOTATION 1 <filt
版权所有 IT知识库 CopyRight © 2009-2015 IT知识库 IT610.com , All Rights Reserved. 京ICP备09083238号