CentOS下搭建LDAP服务器

1 安装 OpenLDAP

[root@openldap ~]# yum -y install openldap-servers openldap-clients
# generate password for ldap admin
[root@openldap ~]# slappasswd -s password -h {MD5}
# (1) remember
{MD5}*********************
[root@openldap ~]# vim /etc/openldap/slapd.conf
# line 86: specify suffix
suffix "dc=example,dc=com"
# line 87: specify admin suffix
rootdn "cn=Manager,dc=example,dc=com"
# line 93: specify password generated (1)
rootpw {MD5}************************
# add at the bottom
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=example,dc=com" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=example,dc=com" write
by self write
by * read
[root@openldap ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#
[root@openldap ~]# /etc/init.d/ldap start
Checking configuration files for slapd: /etc/openldap/slapd.conf: line 115: rootdn is always granted unlimited privileges.
/etc/openldap/slapd.conf: line 120: rootdn is always granted unlimited privileges.
config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
[root@openldap ~]# chkconfig ldap on

2 查看状态

#show process
[root@openldap openldap]# ps aux | grep slapd | grep -v grep
ldap 9246 0.0 5.2 62960 27288 ? Ssl May03 0:00 /usr/sbin/slapd -h ldap:/// -u ldap
#show port
[root@openldap openldap]# netstat -ant | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN

3 迁移用户数据到目录服务数据库。

[root@openldap ~]#cd /usr/share/openldap/migration/
[root@openldap migration]# vim migrate_common.ph
#line 71 defalut DNS domain
$DEFAULT_MAIL_DOMAIN = "example.com";
#line 74 defalut base
$DEFAULT_BASE = "dc=example,dc=com";
#
[root@openldap migration]#./migrate_base.pl > /opt/openldap/base.ldif
#
[root@openldap migration]#ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /opt/openldap/base.ldif
#enter passwd
#
[root@openldap migration]#./migrate_passwd.pl /etc/passwd /opt/openldap/passwd.ldif
[root@openldap migration]#ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /opt/openldap/passwd.ldif
#
[root@openldap migration]#./migrate_passwd.pl /etc/group /opt/openldap/group.ldif
#
[root@openldap migration]#ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /opt/openldap/group.ldif