Ubuntu 安装 LDAP

1.Ubuntu 12.04 安装 LDAP首先我们需要安装的软件包,在终端中输入:

~$ sudo apt-get install slapd ldap-utils

在安装过程中需要输入LDAP的管理员密码

2.配置实例使用的域名”nixonli.com”。你应该修改为你的域名,复制配置文件时要注意里面的双引号是半角状态下的。

配置时请注意复制的文本符号都是英文状态下输入的

需要添加一些额为的架构文件,经测试次步骤可省略。在终端输入:

~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

3.在用户的根目录添加一个“backend.nixonli.com.ldif”文件,内容如下:

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=nixonli,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=nixonli,dc=com
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn=”cn=admin,dc=nixonli,dc=com” write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base=”" by * read
olcAccess: to * by dn=”cn=admin,dc=nixonli,dc=com” write by * read

4.我们需要将配置添加到LDIF,在终端输入:

~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.nixonli.com.ldif

5.在用户的根目录添加一个“frontend.nixonli.com.ldif”的文件,添加以下配置:

# Create top-level object in domain
dn: dc=nixonli,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: nixonli
dc: nixonli
description: nixonli LDAP Configuration
# Admin user.
dn: cn=admin,dc=nixonli,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (ADD YOUR OWN PASSWORD HERE)
dn: ou=people,dc=nixonli,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=nixonli,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=bob,ou=people,dc=nixonli,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: Bob
sn: Wates
givenName: Bob
cn: Bob Wates
displayName: Bob Wates
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: Bob Wates
loginShell: /bin/bash
homeDirectory: /home/bob
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: admin@nixonli.com
postalCode: CF24
l: Cardiff
o: nixonli
mobile: +86 (0)7 xx xx xx xx
homePhone: +86 (0)1 xx xx xx xx x
title: System Administrator
postalAddress:
initials: BW
dn: cn=nixonli,ou=groups,dc=nixonli,dc=com
objectClass: posixGroup
cn: nixonli
gidNumber: 10000

6.现在我们需要将条目添加到LDAP目录。在终端中输入:

~$ sudo ldapadd -x -D cn=admin,dc=nixonli,dc=com -W -f frontend.nixonli.com.ldif

6.1会提示你需要输入密码,这个密码是“frontend.nixonli.com.ldif”文件里设置的密码。
6.2.如果提示”can’t contact LDAP server (-1)”,需要在ldapadd后面添加“-S”参数

7.剩下的操作就是测试配置是否正确,在终端输入:

~$ sudo ldapadd -x -D cn=admin,dc=nixonli,dc=com -W -f frontend.nixonli.com.ldif

如果配置正确,会出现以下提示:

dn: uid=bob,ou=people,dc=nixonli,dc=com
cn: Bob Wates
sn: Wates
givenName: Bob

7.1.如果提示”can’t contact LDAP server (-1)”,需要在ldapsearch后面添加“-S”参数
8.Ubuntu 12.04 安装 LDAP完成

未经允许不得转载:窗外天空 » Ubuntu 安装 LDAP

赞 (0)

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址