LDAP + redmine + gerrit + jenkins + gitlab -- LDAP配置

环境

# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)

[1] 安装 OpenLDAP Server

# yum install openldap-{servers,clients} -y# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG# chown ldap. /var/lib/ldap/DB_CONFIG

# systemctl start slapd# systemctl enable slapd

[2] 设置 OpenLDAP 管理员密码

# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif

chrootpw.ldif文件内容请见本文最后部分

[3] 导入Schemas

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

[4] Set your domain name on LDAP DB.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif# ldapadd -x -D cn=root,dc=r7data,dc=com -W -f basedomain.ldif

chdomain.ldif文件和basedomain.ldif文件内容请见本文最后部分

[5] 开放端口(LDAP使用389/TCP)

# firewall-cmd --add-service=ldap --permanent# firewall-cmd --reload

附, 本文中用到的完整ldif文件

生成密码

# slappasswd New password:Re-enter new password:{SSHA}xxxxxxxxxxxxxxxxxxxxxxx

步骤2中用到的ldif

# cat chrootpw.ldif # specify the password generated above for "olcRootPW" sectiondn: olcDatabase={0}config,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxx

olcRootPW值为slappasswd生成的密码

步骤4中用到的第一个ldif

# cat chdomain.ldif# replace to your own domain name for "dc=***,dc=***" section# specify the password generated above for "olcRootPW" sectiondn: olcDatabase={1}monitor,cn=configchangetype: modifyreplace: olcAccessolcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"  read by dn.base="cn=root,dc=r7data,dc=com" read by * nonedn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=r7data,dc=comdn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=root,dc=r7data,dc=comdn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxdn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcAccessolcAccess: {0}to attrs=userPassword,shadowLastChange by  dn="cn=root,dc=r7data,dc=com" write by anonymous auth by self write by * noneolcAccess: {1}to dn.base="" by * readolcAccess: {2}to * by dn="cn=root,dc=r7data,dc=com" write by * read

olcRootPW值为slappasswd生成的密码

步骤4中用到的第二个ldif

# cat basedomain.ldif# replace to your own domain name for "dc=***,dc=***" sectiondn: dc=r7data,dc=comobjectClass: topobjectClass: dcObjectobjectclass: organizationo: R7DATAdc: r7datadn: cn=root,dc=r7data,dc=comobjectClass: organizationalRolecn: rootdescription: Directory Managerdn: ou=People,dc=r7data,dc=comobjectClass: organizationalUnitou: Peopledn: ou=Group,dc=r7data,dc=comobjectClass: organizationalUnitou: Group

参考

Configure LDAP Server: Configure LDAP Server in order to share users’ accounts in your local networks.