请参考我的另一篇文档实战OpenLDAP
查看OpenLDAP是否安装
[root@linux src]# rpm -aq |grep openldap openldap-devel-2.0.27-8 openldap-servers-2.0.27-8 openldap-clients-2.0.27-8 openldap-2.0.27-8 |
配置/etc/ldap.conf
vi /etc/ldap.conf # Your LDAP server. Must be resolvable without using LDAP. host 127.0.0.1 # The distinguished name of the search base. #base dc=example,dc=com base dc=example,dc=net |
配置.schema
[root@linux src]# cp authldap.schema qmail.schema /etc/openldap/schema/ [root@linux src]# ls /etc/openldap/schema/ authldap.schema inetorgperson.schema misc.schema.default corba.schema inetorgperson.schema.default nis.schema corba.schema.default java.schema nis.schema.default core.schema java.schema.default openldap.schema core.schema.default krb5-kdc.schema openldap.schema.default cosine.schema krb5-kdc.schema.default qmail.schema cosine.schema.default misc.schema redhat [root@linux src]# |
配置/etc/openldap/slapd.conf
[root@linux src]# vi /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema # courier imap include /etc/openldap/schema/authldap.schema # postfix qmail include /etc/openldap/schema/qmail.schema #prevents user froom looking at passwords access to attr=userpassword,clearpassword by anonymous auth by self write by dn="cn=admin,dc=example,dc=net" write by dn="cn=courier,dc=example,dc=net" read by * none #files need access to this access to attr=accountstatus by dn="cn=admin,dc=example,dc=net" read by dn="cn=courier,dc=example,dc=net" read access to * by dn="cn=admin,dc=example,dc=net" write by users read by self write by * none ####################################################################### # ldbm database definitions ####################################################################### database ldbm #suffix "dc=my-domain,dc=com" suffix "dc=example,dc=net" #suffix "o=My Organization Name,c=US" #rootdn "cn=Manager,dc=my-domain,dc=com" rootdn "cn=Manager,dc=example,dc=net" #rootdn "cn=Manager,o=My Organization Name,c=US" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg rootpw {crypt}$1$tKdtixgz$y38ohV/5h3DBOLxMaF6Ai/ |
crypt 密码产生很简单,很多语言里都有crypt(key,salt)函数,不过最简单的办法是,使用UNIX Shadow 密码,
[root@linux src]# cat /etc/shadow root:$1$tKdtixgz$y38ohV/5h3DBOLxMaF6Ai/:12361:0:99999:7::: bin:*:12361:0:99999:7::: daemon:*:12361:0:99999:7::: adm:*:12361:0:99999:7::: lp:*:12361:0:99999:7::: sync:*:12361:0:99999:7::: shutdown:*:12361:0:99999:7::: halt:*:12361:0:99999:7::: mail:*:12361:0:99999:7::: news:*:12361:0:99999:7::: uucp:*:12361:0:99999:7::: operator:*:12361:0:99999:7::: games:*:12361:0:99999:7::: gopher:*:12361:0:99999:7::: ftp:*:12361:0:99999:7::: nobody:*:12361:0:99999:7::: rpm:!!:12361:0:99999:7::: vcsa:!!:12361:0:99999:7::: nscd:!!:12361:0:99999:7::: sshd:!!:12361:0:99999:7::: rpc:!!:12361:0:99999:7::: rpcuser:!!:12361:0:99999:7::: nfsnobody:!!:12361:0:99999:7::: mailnull:!!:12361:0:99999:7::: smmsp:!!:12361:0:99999:7::: pcap:!!:12361:0:99999:7::: apache:!!:12361:0:99999:7::: squid:!!:12361:0:99999:7::: webalizer:!!:12361:0:99999:7::: xfs:!!:12361:0:99999:7::: named:!!:12361:0:99999:7::: ntp:!!:12361:0:99999:7::: gdm:!!:12361:0:99999:7::: amanda:!!:12361:0:99999:7::: canna:!!:12361:0:99999:7::: mysql:!!:12361:0:99999:7::: postgres:$1$84N0N0OR$UMZvKUpUZ1/iZOSet9b49.:12416:0:99999:7::: pvm:!!:12361:0:99999:7::: desktop:!!:12361:0:99999:7::: radvd:!!:12361:0:99999:7::: guest:!!:12362:0:99999:7::: cvs:$1$otg8oROn$3iO2.cifZBp.RLjeKFVqS/:12368:0:99999:7::: cvsroot:$1$KrwdCtt0$DO7CRXweQhRtmVSIwGEUe/:12368:0:99999:7::: chen:$1$IFyZtPDW$aofwx1MF87m.01WtGv7cq0:12492:0:99999:7::: ming:$1$55wV30qQ$xzJULQ4dUQZTe8dykc4nh/:12398:0:99999:7::: axia:$1$3y5Cq/g4$2lPGV6o11pSy0lmjF54860:12451:0:99999:7::: crm:$1$wWh6t77G$0UNVYs/EOeIbJyBeEySj/1:12472:0:99999:7::: ldap:!!:12520:::::: [root@linux src]# |
我上面使用的密码({crypt}$1$tKdtixgz$y38ohV/5h3DBOLxMaF6Ai/),就是root的密码
注意事项 [1]
启动OpenLDAP
[root@linux src]# service ldap Usage: /etc/init.d/ldap {start|stop|restart|status|condrestart} [root@linux src]# service ldap start Starting slapd: [ OK ] [root@linux src]# |
[1] |
|