[root@deyu ~]# yum install openldap openldap-servers openldap-clients [root@deyu ~]# rpm -qa | grep openldap openldap-2.4.19-15.el6.x86_64 openldap-clients-2.4.19-15.el6.x86_64 openldap-servers-2.4.19-15.el6.x86_64
[root@deyu ~]# cd /etc/openldap [root@deyu openldap]# cp slapd.conf.bak slapd.conf.dywang [root@deyu openldap]# vim slapd.conf.dywang
TLSCACertificateFile /etc/pki/tls/certs/cacert.pem TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
database bdb suffix "dc=deyu,dc=wang" checkpoint 1024 15 rootdn "cn=Manager,dc=deyu,dc=wang"
# enable monitoring access to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=deyu,dc=wang" write by * none access to * by self write by dn.base="cn=Manager,dc=deyu,dc=wang" write by * read database monitor
[root@deyu openldap]# mv slapd.d slapd.d.orig [root@deyu openldap]# mkdir slapd.d [root@deyu openldap]# chown ldap.ldap slapd.d [root@deyu openldap]# slaptest -f slapd.conf.dywang -F slapd.d [root@deyu oepnldap]# chown ldap.ldap -R /etc/openldap/slapd.d [root@deyu openldap]# restorecon -R /etc/openldap/slapd.d
DB_CONFIG 設定 index 的快取數量,可調整效能的表現,若不設定,直接產生一個空檔案即可。
[root@deyu ~]# touch /var/lib/ldap/DB_CONFIG [root@deyu ~]# find /usr -name DB_CONFIG* /usr/share/doc/openldap-servers-2.4.19/DB_CONFIG.example [root@deyu ~]# cp /usr/share/doc/openldap-servers-2.4.19/DB_CONFIG.example\ /var/lib/ldap/DB_CONFIG
#The LDAP Data Interchange Format (LDIF) 是 LDAP 的明文格式檔。 1. 井號 (#) 為註解 2. 冒號 (:) 左邊為屬性,右邊為屬性值 (記得空一格) 3. dn 即為該項目 (entry) 4. 跨列時不使用一般的倒斜線 \ 來接續下一行,只需在下一列開頭加一空格即可。
[root@deyu ~]# yum install migrationtools [root@deyu ~]# vi /usr/share/migrationtools/migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "deyu.wang"; # Default base $DEFAULT_BASE = "dc=deyu,dc=wang"; [root@deyu ~]# mkdir /root/ldif [root@deyu ~]# cd /root/ldif [root@deyu ldif]# vi passwd ldapuser1:x:1001:1001::/home/guests/ldapuser1:/bin/bash ldapuser2:x:1002:1002::/home/guests/ldapuser2:/bin/bash # 格式與 /etc/passwd 相同 [root@deyu ldif]# vi group ldapuser1:x:1001: ldapuser2:x:1002: # 格式與 /etc/group 相同 [root@deyu ~]# cd /usr/share/migrationtools/ [root@deyu migrationtools]# ./migrate_base.pl > /root/ldif/migratebase.ldif [root@deyu migrationtools]# ./migrate_passwd.pl /root/ldif/passwd > /root/ldif/migratepasswd.ldif [root@deyu migrationtools]# ./migrate_group.pl /root/ldif/group > /root/ldif/migrategroup.ldif
[root@deyu ~]# slappasswd
New password:
Re-enter new password:
{SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP
[root@deyu ~]# vi /root/ldif/migratepasswd
dn: uid=ldapuser1,ou=People,dc=deyu,dc=wang
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP <==密碼
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/guests/ldapuser1
[root@deyu ~]# cat /root/ldif/migratebase.ldif
dn: dc=deyu,dc=wang
dc: deyu
objectClass: top
objectClass: domain
----省略----
[root@deyu ~]# cat /root/ldif/migrategroup.ldif
dn: cn=ldapuser1,ou=Group,dc=deyu,dc=wang
objectClass: posixGroup
objectClass: top
cn: ldapuser1
userPassword: {crypt}x
gidNumber: 1001
[root@deyu ~]# /etc/init.d/slapd stop Stopping slapd: [ OK ] [root@deyu ~]# slapadd -l /root/ldif/migratebase.ldif bdb_db_open: DB_CONFIG for suffix "dc=deyu,dc=wang" has changed. Performing database recovery to activate new settings. _#################### 100.00% eta none elapsed none fast! Closing DB... [root@deyu ~]# slapadd -l /root/ldif/migratepasswd.ldif _#################### 100.00% eta none elapsed none fast! Closing DB... [root@deyu ~]# slapadd -l /root/ldif/migrategroup.ldif _#################### 100.00% eta none elapsed none fast! Closing DB...
[root@deyu ~]# chown ldap /var/lib/ldap/* [root@deyu ~]# /etc/init.d/slapd start Starting slapd: [ OK ]
[root@deyu ~]# ldapsearch -x -b "dc=deyu,dc=wang" ----省略---- # ldapuser1, Group, deyu.wang dn: cn=ldapuser1,ou=Group,dc=deyu,dc=wang objectClass: posixGroup objectClass: top cn: ldapuser1 userPassword:: e2NyeXB0fXg= gidNumber: 1001 ----省略----
2015-04-13