码迷,mamicode.com
首页 > Web开发 > 详细

CentOS6.4_x64配置OpenLDAP+PhpldapAdmin

时间:2016-07-23 18:14:54      阅读:287      评论:0      收藏:0      [点我收藏+]

标签:

一:前言

LDAP是轻量目录访问协议,英文全称是Lightweight Directory Access Protocol,一般都简称为LDAP。它是基于X.500标准的,但是简单多了并且可以根据需要定制。与X.500不同,LDAP支持TCP/IP,这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。 

 

二:实验环境


系统版本:CentOS6.4_x64_mini.iso

OpenLDAP-Server:192.168.2.10

OpenLDAP-Client:192.168.2.20

Software:Development Tools+PhpldapAdmin

 

三:安装OpenLDAP服务端

1、安装相关软件

[root@OpenLDAP-Server ~]# yum install openldap openldap-servers openldap-devel openldap-clients -y

2、创建OpenLDAP的数据库配置文件

[root@OpenLDAP-Server ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@OpenLDAP-Server ~]# ll /var/lib/ldap/DB_CONFIG
-rw-r--r-- 1 root root 845 Jul 23 01:26 /var/lib/ldap/DB_CONFIG
[root@OpenLDAP-Server ~]# chown ldap.ldap /var/lib/ldap/DB_CONFIG

3、Copy OpenLDAP的配置文件模板到/etc/openldap/目录下

[root@OpenLDAP-Server ~]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
[root@OpenLDAP-Server ~]# cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak

4、创建LDAP登录密码,修改LDAP的slapd.conf主配置文件。

[root@OpenLDAP-Server openldap]# slappasswd 
New password: 
Re-enter new password: 
{SSHA}RSrMQsEKK1O/K6OmUpMF7V0iZ73cS2qg    //这里输入完密码后就被加密了,这串字符后面有用,先保存下来。
[root@OpenLDAP-Server openldap]# vim slapd.conf

        by dn.exact="cn=Manager,dc=my-domain,dc=com" read
108         by * none
109 
110 #######################################################################
111 # database definitions
112 #######################################################################
113 
114 database        bdb
112 #######################################################################
113 
103 # enable server status monitoring (cn=monitor)
104 database monitor
105 access to *
106         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
107         by dn.exact="cn=Manager,dc=yangxiaofei,dc=com" read
108         by * none
109 
110 #######################################################################
111 # database definitions
112 #######################################################################
113 
114 database        bdb
115 suffix          "dc=yangxiaofei,dc=com"
116 checkpoint      1024 15
117 rootdn          "cn=Manager,dc=yangxiaofei,dc=com"
118 # Cleartext passwords, especially for the rootdn, should
119 # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
120 # Use of strong authentication encouraged.
121 # rootpw                secret
122 # rootpw                {crypt}ijFYNcSNctBYg
123 rootpw        {SSHA}RSrMQsEKK1O/K6OmUpMF7V0iZ73cS2qg
124 # The database directory MUST exist prior to running slapd AND 
125 # should only be accessible by the slapd and slap tools.
126 # Mode 700 recommended.

5、添加openLDAP日志功能

[root@OpenLDAP-Server openldap]# vim slapd.conf

  1 #
  2 # See slapd.conf(5) for details on configuration options.
  3 # This file should NOT be world readable.
  4 #
  5 loglevel 296
[root@OpenLDAP-Server openldap]# vim /etc/rsyslog.conf 

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html

#### MODULES ####

#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
local4.* /var/log/ldap.log

[root@OpenLDAP-Server openldap]# touch  /var/log/ldap.log
[root@OpenLDAP-Server openldap]# chown ldap.ldap  /var/log/ldap.log

6、默认情况下,在/etc/openldap/slapd.d/目录下有很一些默认的配置文件,这里需要删除,重新建立,这一步很重要。

[root@OpenLDAP-Server openldap]# rm -rf /etc/openldap/slapd.d/*
[root@OpenLDAP-Server openldap]# chown ldap.ldap /var/lib/ldap/
[root@OpenLDAP-Server openldap]# /etc/init.d/slapd restart
Stopping slapd:                                            [  OK  ]
Starting slapd:                                            [  OK  ]
[root@OpenLDAP-Server openldap]# chown -R ldap.ldap /etc/openldap/slapd.d/
[root@OpenLDAP-Server openldap]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
config file testing succeeded

7、查看下slapd是否启动,使用netstat命令/ps命令

[root@OpenLDAP-Server openldap]# ps -aux | grep ldap
Warning: bad syntax, perhaps a bogus -? See /usr/share/doc/procps-3.2.8/FAQ
ldap      1614  0.0  1.0 488508  5352 ?        Ssl  01:46   0:00 /usr/sbin/slapd -h  ldap:/// ldapi:/// -u ldap
root      1643  0.0  0.1 103312   876 pts/0    S+   01:50   0:00 grep ldap
[root@OpenLDAP-Server openldap]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      1614/slapd          
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1274/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1354/master         
tcp        0      0 :::389                      :::*                        LISTEN      1614/slapd          
tcp        0      0 :::22                       :::*                        LISTEN      1274/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1354/master

8、迁移User数据到openldap数据库,为什么要迁移呢,因为ldap识别的是ldif格式的,最简单的迁移办法就是使用ldap提供的迁移工具,是基于perl编写的脚本,在早期版本ldap包含了这些脚本,CentOS6版本以上就没了,需要单独下载,下载安装方式有2中,分别为yum and 编译安装

[root@OpenLDAP-Server openldap]# yum install MigrationTools -y
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.zju.edu.cn
 * extras: mirrors.zju.edu.cn
 * updates: mirrors.zju.edu.cn
No package MigrationTools available.
  * Maybe you meant: migrationtools
Error: Nothing to do
[root@OpenLDAP-Server openldap]# yum install migrationtools -y
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.yun-idc.com
 * extras: mirrors.btte.net
 * updates: mirrors.yun-idc.com
Resolving Dependencies
--> Running transaction check
---> Package migrationtools.noarch 0:47-7.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================
 Package                           Arch                      Version                       Repository               Size
=========================================================================================================================
Installing:
 migrationtools                    noarch                    47-7.el6                      base                     25 k

Transaction Summary
=========================================================================================================================
Install       1 Package(s)

Total download size: 25 k
Installed size: 104 k
Downloading Packages:
migrationtools-47-7.el6.noarch.rpm                                                                |  25 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : migrationtools-47-7.el6.noarch                                                                        1/1 
  Verifying  : migrationtools-47-7.el6.noarch                                                                        1/1 

Installed:
  migrationtools.noarch 0:47-7.el6                                                                                       

Complete!



编译:
[root@OpenLDAP-Server openldap]# wget http://www.padl.com/download/MigrationTools.tgz
--2016-07-23 02:00:39--  http://www.padl.com/download/MigrationTools.tgz
Resolving www.padl.com... 216.154.215.154
Connecting to www.padl.com|216.154.215.154|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21284 (21K) [application/x-gzip]
Saving to: “MigrationTools.tgz”

100%[==============================>] 21,284      1.89K/s   in 11s                   ] 2,856       1.21K/s              

2016-07-23 02:00:52 (1.89 KB/s) - “MigrationTools.tgz” saved [21284/21284]

[root@OpenLDAP-Server openldap]# tar zxvf MigrationTools.tgz

配置migration,进到migration目录

[root@OpenLDAP-Server openldap]# cd /usr/share/migrationtools/
[root@OpenLDAP-Server migrationtools]# ls
migrate_aliases.pl              migrate_all_offline.sh  migrate_hosts.pl            migrate_protocols.pl
migrate_all_netinfo_offline.sh  migrate_all_online.sh   migrate_netgroup_byhost.pl  migrate_rpc.pl
migrate_all_netinfo_online.sh   migrate_automount.pl    migrate_netgroup_byuser.pl  migrate_services.pl
migrate_all_nis_offline.sh      migrate_base.pl         migrate_netgroup.pl         migrate_slapd_conf.pl
migrate_all_nis_online.sh       migrate_common.ph       migrate_networks.pl
migrate_all_nisplus_offline.sh  migrate_fstab.pl        migrate_passwd.pl
migrate_all_nisplus_online.sh   migrate_group.pl        migrate_profile.pl
[root@OpenLDAP-Server migrationtools]# vim  migrate_common.ph 


# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "yangxiaofei.com";

# Default base 
$DEFAULT_BASE = "dc=yangxiaofei,dc=com";

下面利用这些pl脚本把/etc/passwd /etc/shadow生成LDAP能识别的格式保存到/tmp下,然后导入进去

[root@OpenLDAP-Server migrationtools]#  ./migrate_base.pl > /tmp/base.ldif
[root@OpenLDAP-Server migrationtools]# ./migrate_passwd.pl  /etc/passwd > /tmp/passwd.ldif
[root@OpenLDAP-Server migrationtools]# ./migrate_group.pl  /etc/group > /tmp/group.ldif
[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/base.ldif
adding new entry "dc=yangxiaofei,dc=com"

adding new entry "ou=Hosts,dc=yangxiaofei,dc=com"

adding new entry "ou=Rpc,dc=yangxiaofei,dc=com"

adding new entry "ou=Services,dc=yangxiaofei,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com"

adding new entry "ou=Mounts,dc=yangxiaofei,dc=com"

adding new entry "ou=Networks,dc=yangxiaofei,dc=com"

adding new entry "ou=People,dc=yangxiaofei,dc=com"

adding new entry "ou=Group,dc=yangxiaofei,dc=com"

adding new entry "ou=Netgroup,dc=yangxiaofei,dc=com"

adding new entry "ou=Protocols,dc=yangxiaofei,dc=com"

adding new entry "ou=Aliases,dc=yangxiaofei,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/passwd.ldif 
adding new entry "uid=root,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=bin,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=daemon,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=adm,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=lp,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=sync,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=shutdown,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=halt,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=mail,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=uucp,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=operator,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=games,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=gopher,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=ftp,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=nobody,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=vcsa,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=saslauth,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=postfix,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=sshd,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=apache,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=ldap,ou=People,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/group.ldif adding new entry "cn=root,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=bin,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=daemon,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=sys,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=adm,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=tty,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=disk,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=lp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=mem,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=kmem,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=wheel,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=mail,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=uucp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=man,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=games,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=gopher,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=video,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=dip,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=ftp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=lock,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=audio,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=nobody,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=users,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=floppy,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=vcsa,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=utmp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=utempter,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=cdrom,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=tape,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=dialout,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=saslauth,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=postdrop,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=postfix,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=fuse,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=sshd,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=apache,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=stapusr,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=stapsys,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=stapdev,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=ldap,ou=Group,dc=yangxiaofei,dc=com"

查询刚才导入的数据都是有那些,这里可以看到有很多。

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -H ldap://192.168.2.10 -b "dc=yangxiaofei,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=yangxiaofei,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# yangxiaofei.com
dn: dc=yangxiaofei,dc=com
dc: yangxiaofei
objectClass: top
objectClass: domain

# Hosts, yangxiaofei.com
dn: ou=Hosts,dc=yangxiaofei,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit

# Rpc, yangxiaofei.com
dn: ou=Rpc,dc=yangxiaofei,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit

# Services, yangxiaofei.com
dn: ou=Services,dc=yangxiaofei,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit

# netgroup.byuser, yangxiaofei.com
dn: nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap

# Mounts, yangxiaofei.com
dn: ou=Mounts,dc=yangxiaofei,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit

# Networks, yangxiaofei.com
dn: ou=Networks,dc=yangxiaofei,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit

# People, yangxiaofei.com
dn: ou=People,dc=yangxiaofei,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

# Group, yangxiaofei.com
dn: ou=Group,dc=yangxiaofei,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

# Netgroup, yangxiaofei.com
dn: ou=Netgroup,dc=yangxiaofei,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit

# Protocols, yangxiaofei.com
dn: ou=Protocols,dc=yangxiaofei,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit

# Aliases, yangxiaofei.com
dn: ou=Aliases,dc=yangxiaofei,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit

# netgroup.byhost, yangxiaofei.com
dn: nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap

# root, People, yangxiaofei.com
dn: uid=root,ou=People,dc=yangxiaofei,dc=com
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQ2JFc4R0ZTelYzSk5MR0FWZmckUW5ZbWliQWF4U3pUUW9iT1FJbEF
 TUGVEZXlZcmhPM0FWSHlMRDlNanhscTRvTVhNU0p5ZWMwTVB2eEFKTzNNWi40T2o4cFdteHRuQXdl
 MWZQWGVGcy8=
shadowLastChange: 16984
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

# bin, People, yangxiaofei.com
dn: uid=bin,ou=People,dc=yangxiaofei,dc=com
uid: bin
cn: bin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 1
gidNumber: 1
homeDirectory: /bin
gecos: bin

# daemon, People, yangxiaofei.com
dn: uid=daemon,ou=People,dc=yangxiaofei,dc=com
uid: daemon
cn: daemon
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 2
gidNumber: 2
homeDirectory: /sbin
gecos: daemon

# adm, People, yangxiaofei.com
dn: uid=adm,ou=People,dc=yangxiaofei,dc=com
uid: adm
cn: adm
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 3
gidNumber: 4
homeDirectory: /var/adm
gecos: adm

# lp, People, yangxiaofei.com
dn: uid=lp,ou=People,dc=yangxiaofei,dc=com
uid: lp
cn: lp
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 4
gidNumber: 7
homeDirectory: /var/spool/lpd
gecos: lp

# sync, People, yangxiaofei.com
dn: uid=sync,ou=People,dc=yangxiaofei,dc=com
uid: sync
cn: sync
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/sync
uidNumber: 5
gidNumber: 0
homeDirectory: /sbin
gecos: sync

# shutdown, People, yangxiaofei.com
dn: uid=shutdown,ou=People,dc=yangxiaofei,dc=com
uid: shutdown
cn: shutdown
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/shutdown
uidNumber: 6
gidNumber: 0
homeDirectory: /sbin
gecos: shutdown

# halt, People, yangxiaofei.com
dn: uid=halt,ou=People,dc=yangxiaofei,dc=com
uid: halt
cn: halt
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/halt
uidNumber: 7
gidNumber: 0
homeDirectory: /sbin
gecos: halt

# mail, People, yangxiaofei.com
dn: uid=mail,ou=People,dc=yangxiaofei,dc=com
uid: mail
cn: mail
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 8
gidNumber: 12
homeDirectory: /var/spool/mail
gecos: mail

# uucp, People, yangxiaofei.com
dn: uid=uucp,ou=People,dc=yangxiaofei,dc=com
uid: uucp
cn: uucp
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 10
gidNumber: 14
homeDirectory: /var/spool/uucp
gecos: uucp

# operator, People, yangxiaofei.com
dn: uid=operator,ou=People,dc=yangxiaofei,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator

# games, People, yangxiaofei.com
dn: uid=games,ou=People,dc=yangxiaofei,dc=com
uid: games
cn: games
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 12
gidNumber: 100
homeDirectory: /usr/games
gecos: games

# gopher, People, yangxiaofei.com
dn: uid=gopher,ou=People,dc=yangxiaofei,dc=com
uid: gopher
cn: gopher
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 13
gidNumber: 30
homeDirectory: /var/gopher
gecos: gopher

# ftp, People, yangxiaofei.com
dn: uid=ftp,ou=People,dc=yangxiaofei,dc=com
uid: ftp
cn: FTP User
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 14
gidNumber: 50
homeDirectory: /var/ftp
gecos: FTP User

# nobody, People, yangxiaofei.com
dn: uid=nobody,ou=People,dc=yangxiaofei,dc=com
uid: nobody
cn: Nobody
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 99
gidNumber: 99
homeDirectory: /
gecos: Nobody

# vcsa, People, yangxiaofei.com
dn: uid=vcsa,ou=People,dc=yangxiaofei,dc=com
uid: vcsa
cn: virtual console memory owner
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 16984
loginShell: /sbin/nologin
uidNumber: 69
gidNumber: 69
homeDirectory: /dev
gecos: virtual console memory owner

# saslauth, People, yangxiaofei.com
dn: uid=saslauth,ou=People,dc=yangxiaofei,dc=com
uid: saslauth
cn: "Saslauthd user"
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 16984
loginShell: /sbin/nologin
uidNumber: 499
gidNumber: 76
homeDirectory: /var/empty/saslauth
gecos: "Saslauthd user"

# postfix, People, yangxiaofei.com
dn: uid=postfix,ou=People,dc=yangxiaofei,dc=com
uid: postfix
cn: postfix
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 16984
loginShell: /sbin/nologin
uidNumber: 89
gidNumber: 89
homeDirectory: /var/spool/postfix

# sshd, People, yangxiaofei.com
dn: uid=sshd,ou=People,dc=yangxiaofei,dc=com
uid: sshd
cn: Privilege-separated SSH
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 16984
loginShell: /sbin/nologin
uidNumber: 74
gidNumber: 74
homeDirectory: /var/empty/sshd
gecos: Privilege-separated SSH

# apache, People, yangxiaofei.com
dn: uid=apache,ou=People,dc=yangxiaofei,dc=com
uid: apache
cn: Apache
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 16984
loginShell: /sbin/nologin
uidNumber: 48
gidNumber: 48
homeDirectory: /var/www
gecos: Apache

# ldap, People, yangxiaofei.com
dn: uid=ldap,ou=People,dc=yangxiaofei,dc=com
uid: ldap
cn: LDAP User
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 17005
loginShell: /sbin/nologin
uidNumber: 55
gidNumber: 55
homeDirectory: /var/lib/ldap
gecos: LDAP User

# root, Group, yangxiaofei.com
dn: cn=root,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: root
userPassword:: e2NyeXB0fXg=
gidNumber: 0

# bin, Group, yangxiaofei.com
dn: cn=bin,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: bin
userPassword:: e2NyeXB0fXg=
gidNumber: 1
memberUid: daemon

# daemon, Group, yangxiaofei.com
dn: cn=daemon,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: daemon
userPassword:: e2NyeXB0fXg=
gidNumber: 2
memberUid: bin

# sys, Group, yangxiaofei.com
dn: cn=sys,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: sys
userPassword:: e2NyeXB0fXg=
gidNumber: 3
memberUid: adm
memberUid: bin

# adm, Group, yangxiaofei.com
dn: cn=adm,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: adm
userPassword:: e2NyeXB0fXg=
gidNumber: 4
memberUid: daemon

# tty, Group, yangxiaofei.com
dn: cn=tty,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: tty
userPassword:: e2NyeXB0fXg=
gidNumber: 5

# disk, Group, yangxiaofei.com
dn: cn=disk,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: disk
userPassword:: e2NyeXB0fXg=
gidNumber: 6

# lp, Group, yangxiaofei.com
dn: cn=lp,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: lp
userPassword:: e2NyeXB0fXg=
gidNumber: 7
memberUid: daemon

# mem, Group, yangxiaofei.com
dn: cn=mem,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: mem
userPassword:: e2NyeXB0fXg=
gidNumber: 8

# kmem, Group, yangxiaofei.com
dn: cn=kmem,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: kmem
userPassword:: e2NyeXB0fXg=
gidNumber: 9

# wheel, Group, yangxiaofei.com
dn: cn=wheel,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: wheel
userPassword:: e2NyeXB0fXg=
gidNumber: 10

# mail, Group, yangxiaofei.com
dn: cn=mail,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: mail
userPassword:: e2NyeXB0fXg=
gidNumber: 12
memberUid: postfix

# uucp, Group, yangxiaofei.com
dn: cn=uucp,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: uucp
userPassword:: e2NyeXB0fXg=
gidNumber: 14

# man, Group, yangxiaofei.com
dn: cn=man,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: man
userPassword:: e2NyeXB0fXg=
gidNumber: 15

# games, Group, yangxiaofei.com
dn: cn=games,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: games
userPassword:: e2NyeXB0fXg=
gidNumber: 20

# gopher, Group, yangxiaofei.com
dn: cn=gopher,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: gopher
userPassword:: e2NyeXB0fXg=
gidNumber: 30

# video, Group, yangxiaofei.com
dn: cn=video,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: video
userPassword:: e2NyeXB0fXg=
gidNumber: 39

# dip, Group, yangxiaofei.com
dn: cn=dip,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: dip
userPassword:: e2NyeXB0fXg=
gidNumber: 40

# ftp, Group, yangxiaofei.com
dn: cn=ftp,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: ftp
userPassword:: e2NyeXB0fXg=
gidNumber: 50

# lock, Group, yangxiaofei.com
dn: cn=lock,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: lock
userPassword:: e2NyeXB0fXg=
gidNumber: 54

# audio, Group, yangxiaofei.com
dn: cn=audio,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: audio
userPassword:: e2NyeXB0fXg=
gidNumber: 63

# nobody, Group, yangxiaofei.com
dn: cn=nobody,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: nobody
userPassword:: e2NyeXB0fXg=
gidNumber: 99

# users, Group, yangxiaofei.com
dn: cn=users,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: users
userPassword:: e2NyeXB0fXg=
gidNumber: 100

# floppy, Group, yangxiaofei.com
dn: cn=floppy,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: floppy
userPassword:: e2NyeXB0fXg=
gidNumber: 19

# vcsa, Group, yangxiaofei.com
dn: cn=vcsa,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: vcsa
userPassword:: e2NyeXB0fXg=
gidNumber: 69

# utmp, Group, yangxiaofei.com
dn: cn=utmp,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: utmp
userPassword:: e2NyeXB0fXg=
gidNumber: 22

# utempter, Group, yangxiaofei.com
dn: cn=utempter,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: utempter
userPassword:: e2NyeXB0fXg=
gidNumber: 35

# cdrom, Group, yangxiaofei.com
dn: cn=cdrom,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: cdrom
userPassword:: e2NyeXB0fXg=
gidNumber: 11

# tape, Group, yangxiaofei.com
dn: cn=tape,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: tape
userPassword:: e2NyeXB0fXg=
gidNumber: 33

# dialout, Group, yangxiaofei.com
dn: cn=dialout,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: dialout
userPassword:: e2NyeXB0fXg=
gidNumber: 18

# saslauth, Group, yangxiaofei.com
dn: cn=saslauth,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: saslauth
userPassword:: e2NyeXB0fXg=
gidNumber: 76

# postdrop, Group, yangxiaofei.com
dn: cn=postdrop,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: postdrop
userPassword:: e2NyeXB0fXg=
gidNumber: 90

# postfix, Group, yangxiaofei.com
dn: cn=postfix,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: postfix
userPassword:: e2NyeXB0fXg=
gidNumber: 89

# fuse, Group, yangxiaofei.com
dn: cn=fuse,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: fuse
userPassword:: e2NyeXB0fXg=
gidNumber: 499

# sshd, Group, yangxiaofei.com
dn: cn=sshd,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: sshd
userPassword:: e2NyeXB0fXg=
gidNumber: 74

# apache, Group, yangxiaofei.com
dn: cn=apache,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: apache
userPassword:: e2NyeXB0fXg=
gidNumber: 48

# stapusr, Group, yangxiaofei.com
dn: cn=stapusr,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: stapusr
userPassword:: e2NyeXB0fXg=
gidNumber: 156

# stapsys, Group, yangxiaofei.com
dn: cn=stapsys,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: stapsys
userPassword:: e2NyeXB0fXg=
gidNumber: 157

# stapdev, Group, yangxiaofei.com
dn: cn=stapdev,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: stapdev
userPassword:: e2NyeXB0fXg=
gidNumber: 158

# ldap, Group, yangxiaofei.com
dn: cn=ldap,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: ldap
userPassword:: e2NyeXB0fXg=
gidNumber: 55

# search result
search: 2
result: 0 Success

# numResponses: 75
# numEntries: 74

但是我们在真实环境下并不会直接把所有的User Group都导入进去。我们只需要需要管理的用户用来LDAP管理即可。

删除LDAP里面所有的数据。

[root@OpenLDAP-Server migrationtools]# ldapdelete -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -r "dc=yangxiaofei,dc=com"
[root@OpenLDAP-Server migrationtools]# echo $?
0

建立2个LDAP测试User,然后把这2个User导入进去。

[root@OpenLDAP-Server migrationtools]# useradd ldapuser01
[root@OpenLDAP-Server migrationtools]# useradd ldapuser02
[root@OpenLDAP-Server migrationtools]# tail -n 2 /etc/passwd
ldapuser01:x:500:500::/home/ldapuser01:/bin/bash
ldapuser02:x:501:501::/home/ldapuser02:/bin/bash
[root@OpenLDAP-Server migrationtools]# grep ldapuser* /etc/passwd > /tmp/passwd
[root@OpenLDAP-Server migrationtools]# tail -n 2 /etc/group
ldapuser01:x:500:
ldapuser02:x:501:
[root@OpenLDAP-Server migrationtools]# grep ldapuser* /etc/group > /tmp/group
[root@OpenLDAP-Server migrationtools]# cat /tmp/passwd
ldapuser01:x:500:500::/home/ldapuser01:/bin/bash
ldapuser02:x:501:501::/home/ldapuser02:/bin/bash
[root@OpenLDAP-Server migrationtools]# more /tmp/group
ldapuser01:x:500:
ldapuser02:x:501:

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -b "dc=yangxiaofei,dc=com" -LLL
No such object (32)  //查询提示没有对象

ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/base.ldif
[root@OpenLDAP-Server migrationtools]# ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/passwd.ldif adding new entry "uid=ldapuser01,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=ldapuser02,ou=People,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]# ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/group.ldif 
adding new entry "cn=ldapuser01,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=ldapuser02,ou=Group,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]# echo $?
0

 

查询刚才导入的数据

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -b "dc=yangxiaofei,dc=com" -LLL
dn: dc=yangxiaofei,dc=com
dc: yangxiaofei
objectClass: top
objectClass: domain

dn: ou=Hosts,dc=yangxiaofei,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit

dn: ou=Rpc,dc=yangxiaofei,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit

dn: ou=Services,dc=yangxiaofei,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit

dn: nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap

dn: ou=Mounts,dc=yangxiaofei,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit

dn: ou=Networks,dc=yangxiaofei,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit

dn: ou=People,dc=yangxiaofei,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=yangxiaofei,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: ou=Netgroup,dc=yangxiaofei,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit

dn: ou=Protocols,dc=yangxiaofei,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit

dn: ou=Aliases,dc=yangxiaofei,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit

dn: nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap

dn: uid=ldapuser01,ou=People,dc=yangxiaofei,dc=com
uid: ldapuser01
cn: ldapuser01
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 17005
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/ldapuser01

dn: uid=ldapuser02,ou=People,dc=yangxiaofei,dc=com
uid: ldapuser02
cn: ldapuser02
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 17005
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/ldapuser02

dn: cn=ldapuser01,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser01
userPassword:: e2NyeXB0fXg=
gidNumber: 500

dn: cn=ldapuser02,ou=Group,dc=yangxiaofei,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser02
userPassword:: e2NyeXB0fXg=
gidNumber: 501

[root@OpenLDAP-Server migrationtools]#

 

CentOS6.4_x64配置OpenLDAP+PhpldapAdmin

标签:

原文地址:http://www.cnblogs.com/yangxiaofei/p/5699187.html
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!