- yum -y install openldap openldap-servers openldap-clients openldap-devel //一定要全安装,否则后面可能会报错
- pidfile /var/run/openldap/slapd.pid
- argsfile /var/run/openldap/slapd.args
- cp -a /etc/openldap/slapd.d /etc/openldap/slapd.d.BAK2012-03-26
- rm -rf /etc/openldap/slapd.d/*
- slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
- olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
- dn: olcDatabase={1}monitor
- objectClass: olcDatabaseConfig
- olcDatabase: {1}monitor
- olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
- olcAddContentAcl: FALSE
- olcLastMod: TRUE
- olcMaxDerefDepth: 15
- olcReadOnly: FALSE
- olcMonitoring: FALSE
- structuralObjectClass: olcDatabaseConfig
- creatorsName: cn=config
- modifiersName: cn=config
- chown -R ldap. /etc/openldap/slapd.d
- chmod -R 700 /etc/openldap/slapd.d
- /etc/rc.d/init.d/slapd start
- chkconfig slapd on
- ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
- ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
- ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
- ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
- # replace the section "dc=***,dc=***" to your own suffix
- # replace the section "olcRootPW: ***" to your own password generated by slappasswd above
- dn: cn=module,cn=config
- objectClass: olcModuleList
- cn: module
- olcModulepath: /usr/lib64/openldap
- olcModuleload: back_hdb
- dn: olcDatabase=hdb,cn=config
- objectClass: olcDatabaseConfig
- objectClass: olcHdbConfig
- olcDatabase: {2}hdb
- olcSuffix: dc=abc,dc=com
- olcDbDirectory: /var/lib/ldap
- olcRootDN: cn=root,dc=abc,dc=com
- olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
- olcDbConfig: set_cachesize 0 2097152 0
- olcDbConfig: set_lk_max_objects 1500
- olcDbConfig: set_lk_max_locks 1500
- olcDbConfig: set_lk_max_lockers 1500
- olcDbIndex: objectClass eq
- olcLastMod: TRUE
- olcMonitoring: TRUE
- olcDbCheckpoint: 512 30
- olcAccess: to attrs=userPassword by dn="cn=root,dc=abc,dc=com" write by anonymous auth by self write by * no
- ne
- olcAccess: to attrs=shadowLastChange by self write by * read
- olcAccess: to dn.base="" by * read
- olcAccess: to * by dn="cn=root,dc=abc,dc=com" write by * read
- ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
- # replace the section "dc=***,dc=***" to your own suffix
- # replace the section "userPassword: ***" to your own password generated by slappasswd above
- dn: dc=abc,dc=com
- objectClass: top
- objectClass: dcObject
- objectclass: organization
- o: abc com
- dc: abc
- dn: cn=root,dc=abc,dc=com
- objectClass: simpleSecurityObject
- objectClass: organizationalRole
- cn: root
- userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
- dn: ou=people,dc=abc,dc=com
- objectClass: organizationalUnit
- ou: people
- dn: ou=groups,dc=abc,dc=com
- objectClass: organizationalUnit
- ou: groups
- ldapadd -x -D cn=root,dc=abc,dc=com -W -f frontend.ldif //注意替换自己的cn和dc
ldappasswd -x -v -S -W -D cn=root,dc=abc,dc=com
联系客服