centos6.5部署openldap信息存储主机快速登录
来源:互联网 发布:java缓存技术 redis 编辑:程序博客网 时间:2024/06/13 13:09
1
[root@master ~]
# yum install openldap openldap-devel openldap-servers openldap-clients -y
1
[root@master ~]
# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
1
2
3
4
5
6
7
[root@master ~]
# vim /etc/openldap/slapd.conf
26 pidfile
/var/run/openldap/slapd
.pid
27 argsfile
/var/run/openldap/slapd
.args
28 loglevel 1
115 suffix
"dc=lansgg,dc=com"
117 rootdn
"cn=admin,dc=lansgg,dc=com"
121 rootpw adminpw
1
2
3
4
[root@master ~]
# slappasswd
New password:
Re-enter new password:
{SSHA}7EJGErpaeX3Zd6rxfxVzNVwSm2UC1e
/T
1
2
3
4
[root@master ~]
# slappasswd -h {md5}
New password:
Re-enter new password:
{MD5}cOdqFdoA5jAa3nGMyUFveQ==
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
-1 记录所有的信息
0 不记录debug
1 跟踪功能调用的信息
2 包处理的debug信息
4 丰富的debug信息
8 连接管理信息
16 包的收发信息
32 搜索过滤的处理过程
64 配置文件的处理过程
128 访问控制列表处理过程
256 连接、操作及其结果的统计数据
512 向客户端返回的结果的统计信息
1024 与shell后端的通信信息
2048 显示记录条目的分析信息
4096 数据库缓存处理信息
8192 数据库索引
16384 从服务器数据同步资源消耗处理信息
1
2
3
4
5
6
7
8
9
[root@master ~]
# vim /etc/rsyslog.conf
## ldap
local4.*
/var/log/ldap
.log
[root@master ~]
# /etc/init.d/rsyslog restart
[root@master ~]
# /etc/init.d/slapd start
正在启动 slapd: [确定]
[root@master ~]
# netstat -natpul |grep slapd
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 53482
/slapd
tcp 0 0 :::389 :::* LISTEN 53482
/slapd
1
2
3
[root@master openldap]
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@master ~]
# chown ldap:ldap /var/lib/ldap/DB_CONFIG
[root@master openldap]
# /etc/init.d/slapd restart
1
2
[root@master ~]
# rm /etc/openldap/slapd.d/*
/etc/init
.d
/slapd
restart
1
2
[root@master openldap]
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config
file
testing succeeded
1
2
3
4
5
6
7
8
9
[root@master openldap]
# ldapadd -x -D 'cn=admin,dc=lansgg,dc=com' -W
Enter LDAP Password:
dn:
dc
=lansgg,
dc
=com
objectClass: dcObject
objectClass: organization
dc
: lansgg
o: Corporation
description: d Corporation
adding new entry
"dc=lansgg,dc=com"
#结束以ctrl+d
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@master openldap]
# ldapadd -x -D 'cn=admin,dc=lansgg,dc=com' -W
Enter LDAP Password:
dn: uid=qq,
dc
=lansgg,
dc
=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap
test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail:qq@qq.com
adding new entry
"uid=qq,dc=lansgg,dc=com"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@master ~]
# ldapsearch -x -b 'dc=lansgg,dc=com' |more
# extended LDIF
#
# LDAPv3
# base <dc=lansgg,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# lansgg.com
dn:
dc
=lansgg,
dc
=com
objectClass: dcObject
objectClass: organization
dc
: lansgg
o: Corporation
description: d Corporation
# qq, lansgg.com
dn: uid=qq,
dc
=lansgg,
dc
=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap
test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail: qq@qq.com
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries:
1
2
3
4
5
6
7
8
yum -y
install
migrationtools
cd
/usr/share/migrationtools/
[root@master migrationtools]
# vim migrate_common.ph
70
# Default DNS domain
71 $DEFAULT_MAIL_DOMAIN =
"lansgg.com"
;
72
73
# Default base
74 $DEFAULT_BASE =
"dc=lansgg,dc=com"
;
1
2
3
.
/migrate_base
.pl >
/tmp/base
.ldif
.
/migrate_passwd
.pl
/etc/passwd
>
/etc/passwd
.ldif
.
/migrate_group
.pl
/etc/group
>
/etc/group
.ldif
1
2
3
ldapadd -x -w adminpw -D
'cn=admin,dc=lansgg,dc=com'
-f
/tmp/base
.ldif
ldapadd -x -w adminpw -D
'cn=admin,dc=lansgg,dc=com'
-f
/tmp/passwd
.ldif
ldapadd -x -w adminpw -D
'cn=admin,dc=lansgg,dc=com'
-f
/tmp/group
.ldif
1
[root@master ~]
# ldapsearch -x -b 'dc=lansgg,dc=com'
1
[root@master ~]
# yum -y install openldap openldap-clients nss-pam-ldapd pam_ldap
1
echo
"bind_policy soft"
>>
/etc/openldap/ldap
.conf
1
session required pam_mkhomedir.so skel=
/etc/skel/
umask
=0022
1
authconfig-tui
1
2
3
4
[root@master pam.d]
# authconfig --enableldap --enableldapauth --enablemkhomedir --enableforcelegacy --disablesssd --disablesssdauth --ldapserver=192.168.28.139 --ldapbasedn="dc=lansgg,dc=com" --update
正在启动 nslcd: [确定]
正在启动 oddjobd: [确定]
[root@master pam.d]
#
1
2
useradd
tom
echo
"tom"
|
passwd
--stdin tom
1
2
/usr/share/migrationtools/migrate_passwd
.pl
/etc/passwd
>
/tmp/mod
.ldif
/usr/share/migrationtools/migrate_group
.pl
/etc/group
-f gol.ldif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@master ~]
# cat c.ldif
dn: uid=tom,ou=People,
dc
=lansgg,
dc
=com
uid: tom
cn: tom
objectClass: account
objectClass: posixAccount
objectClass:
top
objectClass: shadowAccount
userPassword: {crypt}$6$SeOQGWMf$
/4Zw96
.1qB20Mx1xY2693u7.ct9ThfA5NdEaghtohy4ibaomKBisivPeT02sNR0LRnn6BmBPF8N06I
/V8mnPk
.
shadowLastChange: 16307
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell:
/bin/bash
uidNumber: 502
gidNumber: 502
homeDirectory:
/home/tom
[root@master ~]
# cat g.ldif
dn: cn=tom,ou=Group,
dc
=lansgg,
dc
=com
objectClass: posixGroup
objectClass:
top
cn: tom
userPassword: {crypt}x
gidNumber: 502
1
2
3
[root@master ~]
# ldapadd -x -D "cn=admin,dc=lansgg,dc=com" -w adminpw -f c.ldif
[root@master ~]
# ldapadd -x -w adminpw -D 'cn=admin,dc=lansgg,dc=com' -f g.ldif
adding new entry "cn=tom,ou=Group,
dc
=lansgg,
dc
=com
1
2
3
4
[root@master ~]
# ssh tom@192.168.28.143
reverse mapping checking getaddrinfo
for
bogon [192.168.28.143] failed - POSSIBLE BREAK-IN ATTEMPT!
tom@192.168.28.143's password:
Last login: Sat Aug 23 22:58:17 2014 from 192.168.28.139
1
2
3
4
5
6
7
cp
/usr/share/doc/sudo-1
.8.6p3
/schema
.OpenLDAP
/etc/openldap/schema/sudo
.schema
vim
/etc/openldap/slapd
.conf
18 include
/etc/openldap/schema/sudo
.schema
rm
-rf
/etc/openldap/slapd
.d/*
slaptest -f
/etc/openldap/slapd
.conf -F
/etc/openldap/slapd
.d/
chown
-R ldap:ldap
/etc/openldap/slapd
.d/*
/etc/init
.d
/slapd
restart
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@master ~]
# vim sudo.ldif
dn: ou=sudoers,
dc
=lansgg,
dc
=com
objectClass:
top
objectClass: organizationalUnit
ou: sudoers
dn: cn=defaults,ou=sudoers,
dc
=lansgg,
dc
=com
objectClass:
top
objectClass: sudoRole
cn: defaults
sudoOption: !visiblepw
sudoOption: always_set_home
sudoOption: env_reset
sudoOption: requiretty
dn: cn=tom,ou=sudoers,
dc
=lansgg,
dc
=com
objectClass:
top
objectClass: sudoRole
cn: tom
sudoCommand: ALL
sudoHost: ALL
sudoOption: !authenticate
sudoRunAsUser: ALL
sudoUser: tom
1
2
3
4
5
6
[root@master ~]
# ldapadd -x -w adminpw -D "cn=admin,dc=lansgg,dc=com" -f sudo.ldif
adding new entry
"ou=sudoers,dc=lansgg,dc=com"
adding new entry
"cn=defaults,ou=sudoers,dc=lansgg,dc=com"
adding new entry
"cn=tom,ou=sudoers,dc=lansgg,dc=com"
1
2
3
4
5
6
7
vim
/etc/sudo-ldap
.conf
55
#uri ldap://ldapserver
56 uri ldap:
//192
.168.28.139
63
#sudoers_base ou=SUDOers,dc=example,dc=com
64 sudoers_base ou=sudoers,
dc
=lansgg,
dc
=com
vim
/etc/nsswitch
.conf
64 sudoers: ldap files
1
2
3
4
5
6
[root@master ~]
# ssh tom@192.168.28.143
reverse mapping checking getaddrinfo
for
bogon [192.168.28.143] failed - POSSIBLE BREAK-IN ATTEMPT!
tom@192.168.28.143's password:
Last login: Sat Aug 23 23:15:27 2014 from 192.168.28.150
[tom@c1 ~]$
sudo
su
[root@c1 tom]
#
0 0
- centos6.5部署openldap信息存储主机快速登录
- Centos6.5安装OpenLDAP
- centos6快速部署java应用
- 主机信息 四则运算 登录密码
- Centos6.5 下Openldap管理各系统账号
- centos6.5部署nagios
- OpenLdap部署(wiindows)
- OpenLDAP Master/Slave部署
- OpenLdap+phpldapadmin部署文档
- CentOS部署OpenLDAP认证
- Session 用户存储登录信息
- 登录信息的存储案例
- OpenLDAP快速指南
- OpenLDAP快速指南
- OpenLDAP快速上手
- OpenLDAP快速指南
- OpenLDAP快速上手
- OPENLDAP快速指南
- VST SDK 3.x 开发(一):VST结构介绍
- Actor生命周期理解
- spring mvc 一个controlller对应多个请求 其中包含 不同请求对应不同目录下的不同视图
- 在Java中,获得ResultSet的总行数的方法
- HDU1232畅通工程
- centos6.5部署openldap信息存储主机快速登录
- Can't locate Switch.pm in @INC 的解决办法
- Java RandomAccessFile用法
- XML语法规则
- 开发:异常收集之 expected single matching bean but found 2
- 使用IP访问TFS站点
- poj 1155 树形dp(不亏损让尽量多居民看上电视)
- poj 3252 Round Numbers(数位dp)
- 项目管理软件redmine安装