软件安装

# yum -y install openldap-servers openldap-clients

# systemctl start slapd

# systemctl enable slapd

密码修改

# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

# vim chrootpw.ldif

# specify the password generated above for "olcRootPW" section

dn: olcDatabase={}config,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx // copy above

# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif

基础Schema导入

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Ldap域数据生成

vim chdomain.ldif

# less chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
dn:olcDatabase={}hdb,cn=config
changetype:modify
replace:olcSuffix
olcSuffix:dc=cnicg,dc=cn dn:olcDatabase={}hdb,cn=config
changetype:modify
replace:olcRootDN
olcRootDN:cn=Manager,dc=cnicg,dc=cn dn: olcDatabase={}monitor,cn=config
changetype:modify
replace:olcAccess
olcAccess: {}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=cnicg,dc=cn" read by * none

# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

基础域数据

vim basedomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

dn: dc=cnicg,dc=cn
objectClass: top
objectClass: dcObject
objectclass: organization
o: cnicg cn
dc: cnicg dn: cn=Manager,dc=cnicg,dc=cn
objectClass: organizationalRole
cn: Manager
description: Directory Manager dn: ou=People,dc=cnicg,dc=cn
objectClass: organizationalUnit
ou: People dn: ou=Group,dc=cnicg,dc=cn
objectClass: organizationalUnit
ou: Group

# ldapadd -x -D cn=Manager,dc=cnicg,dc=cn -W -f basedomain.ldif

05-11 19:28