码迷,mamicode.com
首页 > 系统相关 > 详细

Linux与云计算——第二阶段Linux服务器架设 第六章:目录Directory服务器架设—OpenLDAP

时间:2016-08-01 23:19:57      阅读:546      评论:0      收藏:0      [点我收藏+]

标签:配置ldap服务器   增加用户账户   配置ldap客户端   ldap over tls   ldap replication   multi-master replication   

Linux与云计算——第二阶段Linux服务器架设

第六章:目录Directory服务器架设—OpenLDAP

1 OpenLDAP 配置LDAP服务器

Configure LDAP Server in order to share users‘ accounts in your local networks.

[1] Install OpenLDAP Server.

[root@dlp ~]# yum -y install openldap-servers openldap-clients

[root@dlp ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@dlp ~]# chown ldap. /var/lib/ldap/DB_CONFIG

[root@dlp ~]# systemctl start slapd

[root@dlp ~]# systemctl enable slapd

[2] Set OpenLDAP admin password.

# generate encrypted password

[root@dlp ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@dlp ~]# vi chrootpw.ldif

# specify the password generated above for "olcRootPW" section

 dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

 

[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={0}config,cn=config"

[3] Import basic Schemas.

[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=cosine,cn=schema,cn=config"

 

[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=nis,cn=schema,cn=config"

 

[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=inetorgperson,cn=schema,cn=config"

[4] Set your domain name on LDAP DB.

# generate directory manager‘s password

[root@dlp ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@dlp ~]# vi chdomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

# specify the password generated above for "olcRootPW" section

 dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"

  read by dn.base="cn=Manager,dc=srv,dc=world" read by * none

 

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=srv,dc=world

 

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=Manager,dc=srv,dc=world

 

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

 

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcAccess

olcAccess: {0}to attrs=userPassword,shadowLastChange by

  dn="cn=Manager,dc=srv,dc=world" write by anonymous auth by self write by * none

olcAccess: {1}to dn.base="" by * read

olcAccess: {2}to * by dn="cn=Manager,dc=srv,dc=world" write by * read

 

[root@dlp ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={1}monitor,cn=config"

 

modifying entry "olcDatabase={2}hdb,cn=config"

 

modifying entry "olcDatabase={2}hdb,cn=config"

 

modifying entry "olcDatabase={2}hdb,cn=config"

 

[root@dlp ~]# vi basedomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

 dn: dc=srv,dc=world

objectClass: top

objectClass: dcObject

objectclass: organization

o: Server World

dc: Server

 

dn: cn=Manager,dc=srv,dc=world

objectClass: organizationalRole

cn: Manager

description: Directory Manager

 

dn: ou=People,dc=srv,dc=world

objectClass: organizationalUnit

ou: People

 

dn: ou=Group,dc=srv,dc=world

objectClass: organizationalUnit

ou: Group

 

[root@dlp ~]# ldapadd -x -D cn=Manager,dc=srv,dc=world -W -f basedomain.ldif

Enter LDAP Password: # directory manager‘s password

adding new entry "dc=srv,dc=world"

 

adding new entry "cn=Manager,dc=srv,dc=world"

 

adding new entry "ou=People,dc=srv,dc=world"

 

adding new entry "ou=Group,dc=srv,dc=world"

[5] If Firewalld is running, allow LDAP service. LDAP uses 389/TCP.

[root@dlp ~]# firewall-cmd --add-service=ldap --permanent

success

[root@dlp ~]# firewall-cmd --reload

Success


2 增加用户账户

Add LDAP User Accounts in the OpenLDAP Server.

[1] Add a user.

# generate encrypted password

[root@dlp ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxx

[root@dlp ~]# vi ldapuser.ldif

# create new

# replace to your own domain name for "dc=***,dc=***" section

 dn: uid=cent,ou=People,dc=srv,dc=world

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: shadowAccount

cn: Cent

sn: Linux

userPassword: {SSHA}xxxxxxxxxxxxxxxxx

loginShell: /bin/bash

uidNumber: 1000

gidNumber: 1000

homeDirectory: /home/cent

 

dn: cn=cent,ou=Group,dc=srv,dc=world

objectClass: posixGroup

cn: Cent

gidNumber: 1000

memberUid: cent

 

[root@dlp ~]# ldapadd -x -D cn=Manager,dc=srv,dc=world -W -f ldapuser.ldif

Enter LDAP Password:

adding new entry "uid=cent,ou=People,dc=srv,dc=world"

 

adding new entry "cn=cent,ou=Group,dc=srv,dc=world"

[2] Add users and groups in local passwd/group to LDAP directory.

[root@dlp ~]# vi ldapuser.sh

# extract local users and groups who have 1000-9999 digit UID

# replace "SUFFIX=***" to your own domain name

# this is an example

 #!/bin/bash

 

SUFFIX=‘dc=srv,dc=world‘

LDIF=‘ldapuser.ldif‘

 

echo -n > $LDIF

GROUP_IDS=()

grep "x:[1-9][0-9][0-9][0-9]:" /etc/passwd | (while read TARGET_USER

do

    USER_ID="$(echo "$TARGET_USER" | cut -d‘:‘ -f1)"

 

    USER_NAME="$(echo "$TARGET_USER" | cut -d‘:‘ -f5 | cut -d‘ ‘ -f1,2)"

    [ ! "$USER_NAME" ] && USER_NAME="$USER_ID"

 

    LDAP_SN="$(echo "$USER_NAME" | cut -d‘ ‘ -f2)"

    [ ! "$LDAP_SN" ] && LDAP_SN="$USER_NAME"

 

    LASTCHANGE_FLAG="$(grep "${USER_ID}:" /etc/shadow | cut -d‘:‘ -f3)"

    [ ! "$LASTCHANGE_FLAG" ] && LASTCHANGE_FLAG="0"

 

    SHADOW_FLAG="$(grep "${USER_ID}:" /etc/shadow | cut -d‘:‘ -f9)"

    [ ! "$SHADOW_FLAG" ] && SHADOW_FLAG="0"

 

    GROUP_ID="$(echo "$TARGET_USER" | cut -d‘:‘ -f4)"

    [ ! "$(echo "${GROUP_IDS[@]}" | grep "$GROUP_ID")" ] && GROUP_IDS=("${GROUP_IDS[@]}" "$GROUP_ID")

 

    echo "dn: uid=$USER_ID,ou=People,$SUFFIX" >> $LDIF

    echo "objectClass: inetOrgPerson" >> $LDIF

    echo "objectClass: posixAccount" >> $LDIF

    echo "objectClass: shadowAccount" >> $LDIF

    echo "sn: $LDAP_SN" >> $LDIF

    echo "givenName: $(echo "$USER_NAME" | awk ‘{print $1}‘)" >> $LDIF

    echo "cn: $USER_NAME" >> $LDIF

    echo "displayName: $USER_NAME" >> $LDIF

    echo "uidNumber: $(echo "$TARGET_USER" | cut -d‘:‘ -f3)" >> $LDIF

    echo "gidNumber: $(echo "$TARGET_USER" | cut -d‘:‘ -f4)" >> $LDIF

    echo "userPassword: {crypt}$(grep "${USER_ID}:" /etc/shadow | cut -d‘:‘ -f2)" >> $LDIF

    echo "gecos: $USER_NAME" >> $LDIF

    echo "loginShell: $(echo "$TARGET_USER" | cut -d‘:‘ -f7)" >> $LDIF

    echo "homeDirectory: $(echo "$TARGET_USER" | cut -d‘:‘ -f6)" >> $LDIF

    echo "shadowExpire: $(passwd -S "$USER_ID" | awk ‘{print $7}‘)" >> $LDIF

    echo "shadowFlag: $SHADOW_FLAG" >> $LDIF

    echo "shadowWarning: $(passwd -S "$USER_ID" | awk ‘{print $6}‘)" >> $LDIF

    echo "shadowMin: $(passwd -S "$USER_ID" | awk ‘{print $4}‘)" >> $LDIF

    echo "shadowMax: $(passwd -S "$USER_ID" | awk ‘{print $5}‘)" >> $LDIF

    echo "shadowLastChange: $LASTCHANGE_FLAG" >> $LDIF

    echo >> $LDIF

done

 

for TARGET_GROUP_ID in "${GROUP_IDS[@]}"

do

    LDAP_CN="$(grep ":${TARGET_GROUP_ID}:" /etc/group | cut -d‘:‘ -f1)"

 

    echo "dn: cn=$LDAP_CN,ou=Group,$SUFFIX" >> $LDIF

    echo "objectClass: posixGroup" >> $LDIF

    echo "cn: $LDAP_CN" >> $LDIF

    echo "gidNumber: $TARGET_GROUP_ID" >> $LDIF

 

    for MEMBER_UID in $(grep ":${TARGET_GROUP_ID}:" /etc/passwd | cut -d‘:‘ -f1,3)

    do

        UID_NUM=$(echo "$MEMBER_UID" | cut -d‘:‘ -f2)

        [ $UID_NUM -ge 1000 -a $UID_NUM -le 9999 ] && echo "memberUid: $(echo "$MEMBER_UID" | cut -d‘:‘ -f1)" >> $LDIF

    done

    echo >> $LDIF

done

)

 

[root@dlp ~]# sh ldapuser.sh

[root@dlp ~]# ldapadd -x -D cn=Manager,dc=srv,dc=world -W -f ldapuser.ldif

Enter LDAP Password:

adding new entry "uid=cent,ou=People,dc=srv,dc=world"

adding new entry "uid=redhat,ou=People,dc=srv,dc=world"

adding new entry "uid=ubuntu,ou=People,dc=srv,dc=world"

adding new entry "uid=debian,ou=People,dc=srv,dc=world"

adding new entry "cn=cent,ou=Group,dc=srv,dc=world"

adding new entry "cn=redhat,ou=Group,dc=srv,dc=world"

adding new entry "cn=ubuntu,ou=Group,dc=srv,dc=world"

adding new entry "cn=debian,ou=Group,dc=srv,dc=world"

[3] If you‘d like to delete LDAP User or Group, Do as below.

[root@dlp ~]# ldapdelete -x -W -D ‘cn=Manager,dc=srv,dc=world‘ "uid=cent,ou=People,dc=srv,dc=world"

Enter LDAP Password:

[root@dlp ~]# ldapdelete -x -W -D ‘cn=Manager,dc=srv,dc=world‘ "cn=cent,ou=Group,dc=srv,dc=world"

Enter LDAP Password:



3 配置LDAP客户端

Configure LDAP Client in order to share users‘ accounts in your local networks.

[1] Install OpenLDAP Client.

[root@www ~]# yum -y install openldap-clients nss-pam-ldapd

# ldapserver=(LDAP server‘s hostname or IP address)

# ldapbasedn="dc=(your own domain name)"

[root@www ~]# authconfig --enableldap \

--enableldapauth \

--ldapserver=dlp.srv.world \

--ldapbasedn="dc=srv,dc=world" \

--enablemkhomedir \

--update

[root@www ~]# exit

logout

CentOS Linux 7 (Core)

Kernel 3.10.0-123.20.1.el7.x86_64 on an x86_64

www login: redhat # LDAP user

Password:# password

Creating directory ‘/home/redhat‘.

[redhat@www ~]$ # logined normally

[redhat@www ~]$ passwd# try to change the LDAP password

Changing password for user redhat.

Enter login(LDAP) password: # current password

New password: # new password

Retype new password:

LDAP password information changed for redhat

passwd: all authentication tokens updated successfully.

[2] If SELinux is enabled, it needs to add a rule to allow creating home directories automatically by mkhomedir.

[root@www ~]# vi mkhomedir.te

# create new

module mkhomedir 1.0;

 

require {

        type unconfined_t;

        type oddjob_mkhomedir_exec_t;

        class file entrypoint;

}

 

#============= unconfined_t ==============

allow unconfined_t oddjob_mkhomedir_exec_t:file entrypoint;

 

[root@www ~]# checkmodule -m -M -o mkhomedir.mod mkhomedir.te

checkmodule: loading policy configuration from mkhomedir.te

checkmodule: policy configuration loaded

checkmodule: writing binary representation (version 17) to mkhomedir.mod

[root@www ~]# semodule_package --outfile mkhomedir.pp --module mkhomedir.mod

[root@www ~]# semodule -i mkhomedir.pp



4 LDAP over TLS

Configure LDAP over TLS to make connection be secure.

[1] Create SSL certificate first. See here.

[2] Configure LDAP Server.

[root@dlp ~]# cp /etc/pki/tls/certs/server.key \

/etc/pki/tls/certs/server.crt \

/etc/pki/tls/certs/ca-bundle.crt \

/etc/openldap/certs/

[root@dlp ~]# chown ldap. /etc/openldap/certs/server.key \

/etc/openldap/certs/server.crt \

/etc/openldap/certs/ca-bundle.crt

[root@dlp ~]# vi mod_ssl.ldif

# create new

 dn: cn=config

changetype: modify

add: olcTLSCACertificateFile

olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt

-

replace: olcTLSCertificateFile

olcTLSCertificateFile: /etc/openldap/certs/server.crt

-

replace: olcTLSCertificateKeyFile

olcTLSCertificateKeyFile: /etc/openldap/certs/server.key

 

[root@dlp ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "cn=config"

 

[root@dlp ~]# vi /etc/sysconfig/slapd

# line 9: add

SLAPD_URLS="ldapi:/// ldap:/// ldaps:///"

[root@dlp ~]# systemctl restart slapd

[3] Configure LDAP Client for TLS connection.

[root@www ~]# echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf

[root@www ~]# echo "tls_reqcert allow" >> /etc/nslcd.conf

[root@www ~]# authconfig --enableldaptls --update

getsebool: SELinux is disabled

[root@www ~]# exit

logout

CentOS Linux 7 (Core)

Kernel 3.10.0-123.20.1.el7.x86_64 on an x86_64

www login: redhat

Password:

Last login: Tue Aug 19 19:55:52 on ttyS0

[redhat@www ~]$ # logined normally


5 LDAP Replication

Configure OpenLDAP Replication to continue Directory service if OpenLDAP master server would be down. OpenLDAP master server is called "Provider" and OpenLDAP Slave server is called "Consumer" on OpenLDAP.

[1] Configure Basic LDAP Server settings on both Provider and Consumer, refer to here.

[2] Configure LDAP Provider. Add syncprov module.

[root@dlp ~]# vi mod_syncprov.ldif

# create new

 dn: cn=module,cn=config

objectClass: olcModuleList

cn: module

olcModulePath: /usr/lib64/openldap

olcModuleLoad: syncprov.la

 

[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=module,cn=config"

 

[root@dlp ~]# vi syncprov.ldif

# create new

 dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: syncprov

olcSpSessionLog: 100

 

[root@dlp ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

[3] Configure LDAP Consumer.

[root@slave ~]# vi syncrepl.ldif

# create new

 dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcSyncRepl

olcSyncRepl: rid=001

  # LDAP server‘s URI

  provider=ldap://10.0.0.30:389/

  bindmethod=simple

  # own domain name

  binddn="cn=Manager,dc=srv,dc=world"

  # directory manager‘s password

  credentials=password

  searchbase="dc=srv,dc=world"

  # includes subtree

  scope=sub

  schemachecking=on

  type=refreshAndPersist

  # [retry interval] [retry times] [interval of re-retry] [re-retry times]

  retry="30 5 300 3"

  # replication interval

  interval=00:00:05:00

 

[root@slave ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncrepl.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={2}hdb,cn=config"

 

# confirm settings to search datas

[root@slave ~]# ldapsearch -x -b ‘ou=People,dc=srv,dc=world‘

# People, srv.world

dn: ou=People,dc=srv,dc=world

objectClass: organizationalUnit

ou: People

...

...

[4] Configure LDAP Client to bind LDAP Consumer, too.

[root@www ~]# authconfig --ldapserver=dlp.srv.world,slave.srv.world –update

6 Multi-Master Replication

Configure OpenLDAP Multi-Master Replication.

For the Settings of Provider/Consumer, it‘s impossible to add datas on Consumer server, but if configure this Multi-Master Settings, it‘s possbile to add on any Master server.

[1] Configure Basic LDAP Server settings on all server, refer to here.

[2] Configure like follows on all servers. Add syncprov module.

[root@slapd01 ~]# vi mod_syncprov.ldif

# create new

 dn: cn=module,cn=config

objectClass: olcModuleList

cn: module

olcModulePath: /usr/lib64/openldap

olcModuleLoad: syncprov.la

 

[root@slapd01 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=module,cn=config"

 

[root@slapd01 ~]# vi syncprov.ldif

# create new

 dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: syncprov

olcSpSessionLog: 100

 

[root@slapd01 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

[3] Configure like follows on all servers. But only the parameters "olcServerID" and "provider=***", set different value on each server.

[root@slapd01 ~]# vi master01.ldif

# create new

 dn: cn=config

changetype: modify

replace: olcServerID

# specify uniq ID number on each server

olcServerID: 0

 

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcSyncRepl

olcSyncRepl: rid=001

  # specify another LDAP server‘s URI

  provider=ldap://10.0.0.50:389/

  bindmethod=simple

  

  # own domain name

  binddn="cn=Manager,dc=srv,dc=world"

  # directory manager‘s password

  credentials=password

  searchbase="dc=srv,dc=world"

  # includes subtree

  scope=sub

  schemachecking=on

  type=refreshAndPersist

  # [retry interval] [retry times] [interval of re-retry] [re-retry times]

  retry="30 5 300 3"

  # replication interval

  interval=00:00:05:00

-

add: olcMirrorMode

olcMirrorMode: TRUE

 

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config

changetype: add

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: syncprov

 

[root@slapd01 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master01.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "cn=config"

 

modifying entry "olcDatabase={2}hdb,cn=config"

 

adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

[4] Configure LDAP Client to bind all LDAP server.

[root@www ~]# authconfig --ldapserver=slapd01.srv.world,slapd02.srv.world –update



7 安装phpLDAPadmin

Install phpLDAPadmin to operate LDAP server via Web browser.

[1] Install and start Apache httpd, refer to here.

[2] Install PHP, refer to here.

[3] Install phpLDAPadmin.

# install from EPEL

[root@dlp ~]# yum --enablerepo=epel -y install phpldapadmin

[root@dlp ~]# vi /etc/phpldapadmin/config.php

# line 397: uncomment, line 398: comment out

$servers->setValue(‘login‘,‘attr‘,‘dn‘);

// $servers->setValue(‘login‘,‘attr‘,‘uid‘);

[root@dlp ~]# vi /etc/httpd/conf.d/phpldapadmin.conf

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs

Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>

  <IfModule mod_authz_core.c>

    # Apache 2.4

    # line 12: add access permission

    Require local

    Require ip 10.0.0.0/24

[root@dlp ~]# systemctl restart httpd

[4] Access to the "http://(server‘s hostname or IP address)/ldapadmin/" from a client which is in the network allowed by http server and then Click "login".

技术分享

[5] Authenticate with Directory Manager account. Specify uname name like follows. By the way, it‘s possible to login with a common user, too.

技术分享

[6] Just logined. It‘s possible to manage LDAP server on here.

技术分享


本文出自 “11830455” 博客,转载请与作者联系!

Linux与云计算——第二阶段Linux服务器架设 第六章:目录Directory服务器架设—OpenLDAP

标签:配置ldap服务器   增加用户账户   配置ldap客户端   ldap over tls   ldap replication   multi-master replication   

原文地址:http://11840455.blog.51cto.com/11830455/1833079

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!