挂载ISO为本地yum源
一、安装软件包:
yum install openldap* migration*
二、修改基本配置 slapd.ldif:
cp /usr/share/openldap-servers/slapd.ldif /root/
cat slapd.ldif | grep -v "#"
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: "OpenLDAP Server"
olcTLSCertificateKeyFile: /etc/openldap/certs/password
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/ppolicy.ldif
include: file:///etc/openldap/schema/collective.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=godson,dc=itc" read by * none
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcSuffix: dc=godson,dc=ict
olcRootDN: cn=Manager,dc=godson,dc=ict
olcRootPW: {SSHA}3yogZ+lM6fZd2uPkUNF7i/ESUpm7kosf
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub三、生成配置文件:
rm -rf /etc/openldap/slapd.d/* slapadd -F /etc/openldap/slapd.d -n 0 -l /root/slapd.ldif chown -R ldap:ldap /etc/openldap/slapd.d/
四、测试配置文件:
slaptest -u -F /etc/openldap/slapd.d
五、复制数据库模板文件:
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown -R ldap:ldap /var/lib/ldap/
六、修改迁移脚本:
vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "godson.ict"; $DEFAULT_BASE = "dc=godson,dc=ict";
七、生成数据库文件:
/usr/share/migrationtools/migrate_base.pl > base.ldif /usr/share/migrationtools/migrate_passwd.pl /etc/passwd > passwd.ldif /usr/share/migrationtools/migrate_group.pl /etc/group > group.ldif
八、导入数据库文件:
slapadd -vl base.ldif slapadd -vl passwd.ldif slapadd -vl group.ldif chown -R ldap:ldap /var/lib/ldap/
九、启动服务:
systemctl start slapd
十、客户端配置:
yum -y install sssd-ldap nss-pam-ldapd
图形化修改方式:
authconfig-tui
十一、配置文件修改方式:
pam模块设置:
vim /etc/pam.d/system-auth 添加配置如下:
auth sufficient pam_ldap.so use_first_pass account [default=bad success=ok user_unknown=ignore] pam_ldap.so password sufficient pam_ldap.so use_authtok session optional pam_ldap.so
vim /etc/nslcd.conf
uri ldap://192.168.1.1 (master) base dc=godson.com,dc=com
/etc/nsswitch.conf 修改配置如下:
passwd: files sss ldap shadow: files sss ldap group: files sss ldap netgroup: files sss ldap automount: files sss ldap
十二、启动客户端服务:
systemctl enable nslcd systemctl start nslcd
网友留言: