一、安装配置yum
1、如redhat带有原yum源,且不能使用,删除原有yum
rpm -aq|grep yum|xargs rpm -e --nodeps
2、 下载并安装yum文件(从网易源下载相关文件http://mirrors.163.com/centos...)
wget http://mirrors.163.com/centos/6/os/x86_64/Packages/yum-3.2.29-73.el6.centos.noarch.rpmwget http://mirrors.163.com/centos/6/os/x86_64/Packages/yum-metadata-parser-1.1.2-16.el6.x86_64.rpmwget http://mirrors.163.com/centos/6/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.30-37.el6.noarch.rpmwget http://mirrors.163.com/centos/6/os/x86_64/Packages/python-iniparse-0.3.1-2.1.el6.noarch.rpm
3、进行yum安装
rpm -ivh python-iniparse-0.3.1-2.1.el6.noarch.rpmrpm -ivh yum-metadata-parser-1.1.2-16.el6.x86_64.rpmrpm -ivh yum-3.2.29-73.el6.centos.noarch.rpm yum-plugin-fastestmirror-1.1.30-37.el6.noarch.rpm
(yum-3.2.29-73.el6.centos.noarch.rpm yum-plugin-fastestmirror-1.1.30-37.el6.noarch.rpm需同时安装)
4、配置yum源(163)
cd /etc/yum.repo.d/touch rhel-debuginfo.repovim rhel-debuginfo.repo
内容如下:
[base]name=CentOS-$releasever - basebaseurl=http://mirrors.163.com/centos/6/os/$basearch/gpgcheck=1gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6#released updates[updates]name=CentOS-$releasever - Updatesbaseurl=http://mirrors.163.com/centos/6/updates/$basearch/gpgcheck=1gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6#packages used/produced in the build but not released#[addons]#name=CentOS-$releasever - Addons#baseurl=http://mirrors.163.com/centos/$releasever/addons/$basearch/#gpgcheck=1#gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6#additional packages that may be useful[extras]name=CentOS-$releasever - Extrasbaseurl=http://mirrors.163.com/centos/6/extras/$basearch/gpgcheck=1gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6#additional packages that extend functionality of existing packages[centosplus]name=CentOS-$releasever - Plusbaseurl=http://mirrors.163.com/centos/6/centosplus/$basearch/gpgcheck=1enabled=0
刷新yum源的缓存
yum makecache
二、openLDAP安装软件准备
1、下载OpenLDAP 2.4.44:ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.44.tgz
2、下载BDB(OpenLDAP当前与6.x版本不兼容,READEME中明确写出兼容4.4~4.8或5.0~5.1):
http://download.oracle.com/be...
3、ldapadmin 2015.2:
官网下载地址:http://www.ldapbrowser.com/do...
三、安装openLDAP
1、安装依赖包
yum install *ltdl* -y# 涉及libtool-ltdl与libtool-ltdl-devel等依赖包# 如未安装依赖包,在编译时可能会报错
2、安装BDB
tar -zxvf db-5.1.29.tar.gzcd db-5.1.29/build_unix/../dist/configure --prefix=/usr/local/berkeleydb-5.1.29makemake install#在build_unix目录中编译安装,否则会报错
3、更新lib库
echo "/usr/local/berkeleydb-5.1.29/lib/" > /etc/ld.so.confldconfig -v#使得在编译openldap时能够找到lib和include下的库
4、安装openLDAP
tar -zxvf openldap-2.4.44.tgzcd openldap-2.4.44./configure --prefix=/usr/local/openldap-2.4.44 --enable-syslog --enable-modules --enable-debug --with-tls CPPFLAGS=-I/usr/local/berkeleydb-5.1.29/include/ LDFLAGS=-L/usr/local/berkeleydb-5.1.29/lib/make dependmakemake testmake install#其中make test一步时间较长#如果未设置CPPFLAGS,configure过程可能会提示configure: error: BDB/HDB: BerkeleyDB not available 或 configure: error: BerkeleyDB version incompatible with BDB/HDB backends
5、设置可执行命令
cd /usr/local/openldap-2.4.44/ln -s /usr/local/openldap-2.4.44/bin/* /usr/local/bin/ln -s /usr/local/openldap-2.4.44/sbin/* /usr/local/sbin/
至此,基本完成了openldap的程序安装,接下来进行部分相关配置
四、相关配置
1、关闭selinux
修改 /etc/selinux/config 文件中的 SELINUX="" 为 disabled 重启机器
2、打开防火墙tcp 389/636端口(tcp 378是openldap明文传输端口,636是ssl加密传输端口)
vim /etc/sysconfig/iptables#插入以下两项-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp –dport 389 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp –dport 636 -j ACCEPT#注意:打开389、636端口的脚本应放在以下两条命令之前-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedservice iptables restart
3、openLDAP目录架构
bin/ --客户端工具如ldapadd、ldapsearchetc/ --包含主配置文件slapd.conf、schema、DB_CONFIG等include/lib/libexec/ --服务端启动工具slapdsbin/ --服务端工具如slappasswdshare/var/ --bdb数据、log存放目录
4、配置rootdn密码
slappasswdNew password:Re-enter new password:{SSHA}H+feIhZMXUCdSybpkWsUSGFSaJrytIMX
5、修改主配置文件slapd.conf
cd /usr/local/openldap-2.4.44/etc/openldap/vim slapd.conf#添加schema,默认只有core.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/core.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/java.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schemainclude /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema#modifypidfile /usr/local/openldap-2.4.44/var/run/slapd.pidargsfile /usr/local/openldap-2.4.44/var/run/slapd.args#新增日志级别和路径loglevel 256logfile /usr/local/openldap-2.4.44/var/slapd.log#修改数据库选项,原为mdb,修改为bdbdatabase bdb#maxsize 1073741824(mdb作后端数据库时需设置的一个空间值)#修改域名及管理员账户名suffix "dc=domin,dc=com"rootdn "cn=admin,dc=domin,dc=com"#密文密码rootpw {SSHA}H+feIhZMXUCdSybpkWsUSGFSaJrytIMX#openLDAP数据目录directory /usr/local/openldap-2.4.44/var/openldap-dataindex objectClass eq
6、初始化openLDAP,启动
cd /usr/local/openldap-2.4.44/var/openldap-data/cp DB_CONFIG.example DB_ConFIG#DB_CONFIG是 bdb/hdb数据库使用的,如果是mdb则可忽略#启动openldapcd /usr/local/openldap-2.4.44/libexec/./slapd
7、验证
ldapsearch -x -b '' -s base'(objectclass=*)'
如图示,说明openLDAP已经启动运行成功
五、openLDAP的使用(示例)
1、创建1个管理员账号
#编辑vim test.ldif#首行空行dn: dc=domin,dc=comobjectclass: dcObjectobjectclass: organizationo: domin.Incdc: domin#空行dn: cn=admin,dc=domin,dc=comobjectclass: organizationalRolecn: admin #不允许有空行#注意与slapd.conf文件中保持一致 #插入数据库ldapadd -x -D "cn=admin,dc=domin,dc=com" -W -f test.ldif#ldapadd为插入语句,如无提示报错,即为插入成功#验证(插入成功则可显示所插入内容)ldapsearch -x -b 'dc=domin,dc=com' '(objectClass=*)'
2、创建具有部门属性的员工
............
与创建管理员账号类似,此处不再赘述
参考文档:
http://blog.chinaunix.net/xml...