标签:
1. 软件安装:
yum -y install openldap-servers openldap-clients openldap openldap-devel migrationtools
2. 修改配置文件: /etc/openldap/slapd.conf (可以从 /usr/share/openldapservers/ 下面获取模板),去掉注释,就剩下面这些了:
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args loglevel 257 TLSCACertificatePath /etc/openldap/certs TLSCertificateFile "\"OpenLDAP Server\"" TLSCertificateKeyFile /etc/openldap/certs/password database config access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none database monitor access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=Manager,dc=my-domain,dc=com" read by * none database bdb suffix "dc=dns,dc=com,dc=cn" checkpoint 1024 15 rootdn "cn=Manager,dc=dns,dc=com,dc=cn" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG;chown ldap:ldap /var/lib/ldap -R
3.导入base.ldif (这一步很关键,我TM因为这个卡了半天)
dn: dc=dns,dc=com,dc=cn dc: dns objectClass: top objectClass: domain dn: ou=People,dc=dns,dc=com,dc=cn ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=dns,dc=com,dc=cn ou: Group objectClass: top objectClass: organizationalUnit
dn: ou=Hosts,dc=dns,dc=com,dc=cn ou: Hosts objectClass: top objectClass: organizationalUnit
4. 后续导入账户:
标签:
原文地址:http://www.cnblogs.com/tiantiandas/p/openldap.html