软件安装
# yum -y install openldap-servers openldap-clients
# systemctl start slapd
# systemctl enable slapd
密码修改
# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
# vim chrootpw.ldif # specify the password generated above for "olcRootPW" section dn: olcDatabase={}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx // copy above # ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
基础Schema导入
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
Ldap域数据生成
vim chdomain.ldif
# less chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
dn:olcDatabase={}hdb,cn=config
changetype:modify
replace:olcSuffix
olcSuffix:dc=cnicg,dc=cn dn:olcDatabase={}hdb,cn=config
changetype:modify
replace:olcRootDN
olcRootDN:cn=Manager,dc=cnicg,dc=cn dn: olcDatabase={}monitor,cn=config
changetype:modify
replace:olcAccess
olcAccess: {}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=cnicg,dc=cn" read by * none
# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
基础域数据
vim basedomain.ldif
# replace to your own domain name for "dc=***,dc=***" section dn: dc=cnicg,dc=cn
objectClass: top
objectClass: dcObject
objectclass: organization
o: cnicg cn
dc: cnicg dn: cn=Manager,dc=cnicg,dc=cn
objectClass: organizationalRole
cn: Manager
description: Directory Manager dn: ou=People,dc=cnicg,dc=cn
objectClass: organizationalUnit
ou: People dn: ou=Group,dc=cnicg,dc=cn
objectClass: organizationalUnit
ou: Group
# ldapadd -x -D cn=Manager,dc=cnicg,dc=cn -W -f basedomain.ldif