LDAP Server
|
Build LDAP Server in order to share users' accounts in local networks. |
|
[1] | Install and Configure OpenLDAP. |
[root@dlp ~]# yum -y install openldap* # generate password for ldap admin [root@dlp ~]# slappasswd -s password -h {MD5} # (1) remember {MD5}************************ [root@dlp ~]# vi /etc/openldap/slapd.conf # line 89: specify suffix suffix "dc= srv ,dc=world "# line 91: specify admin suffix rootdn "cn=Manager,dc= srv ,dc=world "# line 97: specify password generated (1) rootpw {MD5}************************ # add at the bottom
access to attrs=userPassword by self write by dn="cn=Manager,dc=srv,dc=world" write by anonymous auth by * none access to * by dn="cn=Manager,dc=srv,dc=world" write by self write by * read [root@dlp ~]# vi /etc/openldap/ldap.conf BASE dc= srv , dc=world [root@dlp ~]# vi /etc/ldap.conf base dc= srv ,dc=world [root@dlp ~]# cd /usr/share/doc/openldap-servers-2.4.15 [root@dlp openldap-servers-2.4.15]# cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@dlp openldap-servers-2.4.15]# [root@dlp ~]# /etc/rc.d/init.d/ldap start Starting slapd: [ OK ] [root@dlp ~]# chkconfig ldap on
|
[2] | Add initial information |
[root@dlp ~]# vi base.ldif # create new
dn: dc=srv,dc=world objectClass: dcObject objectClass: organization o: srv Organization dc: srv dn: cn=Manager,dc=srv,dc=world objectClass: organizationalRole cn: manager dn: ou=People,dc=srv,dc=world objectClass: organizationalUnit ou: People dn: ou=Group,dc=srv,dc=world objectClass: organizationalUnit ou: Group [root@dlp ~]# ldapadd -h localhost -x -D "cn=Manager,dc=srv,dc=world" -W -f base.ldif Enter LDAP Password: # ldap admin password adding new entry "dc=srv,dc=world" adding new entry "cn=Manager, dc=srv,dc=world" adding new entry "ou=People,dc=srv,dc=world" adding new entry "ou=Group,dc=srv,dc=world" |
[3] | Add Existing User and Group to LDAP Server |
[root@dlp ~]# wget http://www.padl.com/download/MigrationTools.tgz [root@dlp ~]# tar zxvf MigrationTools.tgz [root@dlp ~]# cd MigrationTools-47 [root@dlp MigrationTools-47]# vi migrate_common.ph # line 71: specify domain name $DEFAULT_MAIL_DOMAIN = " srv.world ";# line 74: specify suffix $DEFAULT_BASE = "dc= srv ,dc=world ";[root@dlp MigrationTools-47]# grep ":5[0-9][0-9]" /etc/passwd > passwd [root@dlp MigrationTools-47]# grep ":5[0-9][0-9]" /etc/group > group [root@dlp MigrationTools-47]# ./migrate_passwd.pl passwd > passwd.ldif [root@dlp MigrationTools-47]# ./migrate_group.pl group > group.ldif # add user and group to LDAP Server [root@dlp MigrationTools-47]# ldapadd -h localhost -x -D "cn=Manager,dc=srv,dc=world" -W -f passwd.ldif Enter LDAP Password: adding new entry "uid=fedora,ou=People,dc=srv,dc=world" [root@dlp MigrationTools-47]# ldapadd -h localhost -x -D "cn=Manager,dc=srv,dc=world" -W -f group.ldif Enter LDAP Password: adding new entry "cn=fedora,ou=Group,dc=srv,dc=world" |
[4] | If you'd like to delete User or Group that is added in LDAP Server, Do as below. |
[root@dlp ~]# ldapdelete -h localhost -x -D 'cn=Manager,dc=srv,dc=world' -W "uid=cent,ou=people,dc=srv,dc=world" Enter LDAP Password: [root@dlp ~]# ldapdelete -h localhost -x -D 'cn=Manager,dc=srv,dc=world' -W "cn=cent,ou=group,dc=srv,dc=world" Enter LDAP Password: |