|
LDAP Server
|
| Build LDAP Server in order to share users' accounts in local networks. |
|
| [1] | Install and Configure OpenLDAP. |
|
[root@master ~]# yum -y install openldap-servers openldap-clients # generate password for ldap admin [root@master ~]# slappasswd -s password -h {MD5} # (1) remember {MD5}********************* [root@master ~]# vi /etc/openldap/slapd.conf # line 86: specify suffix suffix "dc= server ,dc=world "# line 87: specify admin suffix rootdn "cn=Manager,dc= server ,dc=world "# line 93: specify password generated (1) rootpw {MD5}************************ # add at the bottom
access to attrs=userPassword by self write by dn="cn=Manager,dc=server,dc=world" write by anonymous auth by * none access to * by dn="cn=Manager,dc=server,dc=world" write by self write by * read [root@master ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@master ~]# /etc/rc.d/init.d/ldap start Checking configuration files for slapd: /etc/openldap/slapd.conf: line 116: rootdn is always granted unlimited privileges. /etc/openldap/slapd.conf: line 121: rootdn is always granted unlimited privileges. config file testing succeeded [ OK ] Starting slapd: [ OK ] [root@master ~]# chkconfig ldap on
|
| [2] | Add initial information |
|
[root@master ~]# cd /usr/share/openldap/migration [root@master migration]# vi migrate_common.ph # line 71: specify domain name $DEFAULT_MAIL_DOMAIN = " server.world ";# line 74: specify suffix $DEFAULT_BASE = "dc= server ,dc=world ";[root@master migration]# ./migrate_base.pl > base.ldif [root@master migration]# vi base.ldif # edit only sections that are needed for your environment ( The follows is minimum requirement example ) dn: dc=server,dc=world dc: server objectClass: top objectClass: domain dn: ou=Hosts,dc=server,dc=world ou: Hosts objectClass: top objectClass: organizationalUnit dn: ou=People,dc=server,dc=world ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=server,dc=world ou: Group objectClass: top objectClass: organizationalUnit [root@master migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f base.ldif Enter LDAP Password: # ldap admin password adding new entry "dc=server,dc=world" adding new entry "ou=Hosts,dc=server,dc=world" adding new entry "ou=People,dc=server,dc=world" adding new entry "ou=Group,dc=server,dc=world" |
| [3] | Add Existing User and Group to LDAP Server |
|
# get users from /etc/passwd [root@master migration]# grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd # get groups from /etc/group [root@master migration]# grep "x:[5-9][0-9][0-9]" /etc/group > group [root@master migration]# ./migrate_passwd.pl passwd > passwd.ldif [root@master migration]# ./migrate_group.pl group > group.ldif # add user and group to LDAP Server [root@master migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f passwd.ldif Enter LDAP Password: adding new entry "uid=fedora,ou=People,dc=server,dc=world" adding new entry "uid=suse,ou=People,dc=server,dc=world" adding new entry "uid=ubuntu,ou=People,dc=server,dc=world" adding new entry "uid=cent,ou=People,dc=server,dc=world" adding new entry "uid=debian,ou=People,dc=server,dc=world" [root@master migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f group.ldif Enter LDAP Password: adding new entry "cn=fedora,ou=Group,dc=server,dc=world" adding new entry "cn=suse,ou=Group,dc=server,dc=world" adding new entry "cn=ubuntu,ou=Group,dc=server,dc=world" adding new entry "cn=cent,ou=Group,dc=server,dc=world" adding new entry "cn=debian,ou=Group,dc=server,dc=world" |
| [4] | If you'd like to delete User or Group that is added in LDAP Server, Do as below. |
|
[root@master ~]# ldapdelete -x -W -D 'cn=Manager,dc=server,dc=world' "uid=cent,ou=people,dc=server,dc=world" Enter LDAP Password: [root@master ~]# ldapdelete -x -W -D 'cn=Manager,dc=server,dc=world' "cn=cent,ou=group,dc=server,dc=world" Enter LDAP Password: |