挂载ISO为本地yum源
一、安装软件包:
yum install openldap* migration*
二、修改基本配置 slapd.ldif:
cp /usr/share/openldap-servers/slapd.ldif /root/
cat slapd.ldif | grep -v "#"
dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/openldap/slapd.args olcPidFile: /var/run/openldap/slapd.pid olcTLSCACertificatePath: /etc/openldap/certs olcTLSCertificateFile: "OpenLDAP Server" olcTLSCertificateKeyFile: /etc/openldap/certs/password dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema include: file:///etc/openldap/schema/corba.ldif include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/duaconf.ldif include: file:///etc/openldap/schema/dyngroup.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/java.ldif include: file:///etc/openldap/schema/misc.ldif include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/openldap.ldif include: file:///etc/openldap/schema/ppolicy.ldif include: file:///etc/openldap/schema/collective.ldif dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none dn: olcDatabase=monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: monitor olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=godson,dc=itc" read by * none dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: hdb olcSuffix: dc=godson,dc=ict olcRootDN: cn=Manager,dc=godson,dc=ict olcRootPW: {SSHA}3yogZ+lM6fZd2uPkUNF7i/ESUpm7kosf olcDbDirectory: /var/lib/ldap olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
三、生成配置文件:
rm -rf /etc/openldap/slapd.d/* slapadd -F /etc/openldap/slapd.d -n 0 -l /root/slapd.ldif chown -R ldap:ldap /etc/openldap/slapd.d/
四、测试配置文件:
slaptest -u -F /etc/openldap/slapd.d
五、复制数据库模板文件:
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown -R ldap:ldap /var/lib/ldap/
六、修改迁移脚本:
vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "godson.ict"; $DEFAULT_BASE = "dc=godson,dc=ict";
七、生成数据库文件:
/usr/share/migrationtools/migrate_base.pl > base.ldif /usr/share/migrationtools/migrate_passwd.pl /etc/passwd > passwd.ldif /usr/share/migrationtools/migrate_group.pl /etc/group > group.ldif
八、导入数据库文件:
slapadd -vl base.ldif slapadd -vl passwd.ldif slapadd -vl group.ldif chown -R ldap:ldap /var/lib/ldap/
九、启动服务:
systemctl start slapd
十、客户端配置:
yum -y install sssd-ldap nss-pam-ldapd
图形化修改方式:
authconfig-tui
十一、配置文件修改方式:
pam模块设置:
vim /etc/pam.d/system-auth 添加配置如下:
auth sufficient pam_ldap.so use_first_pass account [default=bad success=ok user_unknown=ignore] pam_ldap.so password sufficient pam_ldap.so use_authtok session optional pam_ldap.so
vim /etc/nslcd.conf
uri ldap://192.168.1.1 (master) base dc=godson.com,dc=com
/etc/nsswitch.conf 修改配置如下:
passwd: files sss ldap shadow: files sss ldap group: files sss ldap netgroup: files sss ldap automount: files sss ldap
十二、启动客户端服务:
systemctl enable nslcd systemctl start nslcd
网友留言: