發佈於 作者: t850008

安裝 Open LDAP Server

LDAP(Lightweight Directory Access Protocol) 輕量級的目錄存取協定,運作在 TCP/IP 四曾架構上,跟運作於 OSI 七層的重量級協定 X.500 相比起來,才被稱為輕量級。

1. 安裝套件
# yum install openldap openldap-servers openldap-clients

2. 複製範例檔
# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

3. 設定管理密碼
# slappasswd
New password:
Re-enter new password:
{SSHA}IYAqaRIJsz+xxxx3wDZXe0ZYKyxxxEHzk[@more@]4. 修改設定檔
# vim /etc/openldap/slapd.conf
修改 dc Domain Componet
:%s/dc=my-domain,dc=com/dc=ldap,dc=tces.ilc.edu.tw/g
設定密碼
rootpw         {SSHA}IYAqaRIJsz+xxxx3wDZXe0ZYKyxxxEHzk

5.  安裝 migrationtools 工具
# yum install migrationtools

6. 修改設定檔 /usr/share/migrationtools/migrate_common.ph
# vim /usr/share/migrationtools/migrate_common.ph
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = “ilc.edu.tw”;

# Default base
$DEFAULT_BASE = “dc=ldap,dc=tces.ilc.edu.tw”;

7. 產生新的設定,並修改權限
# mv /etc/openldap/slapd.d /etc/openldap/slapd.d.orig
# mkdir /etc/openldap/slapd.d
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/ldap

8. 測試設定檔
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded

9. 如果出現下面的錯誤訊息,代表目錄的權限有問題
# service slapd start
/var/lib/ldap/__db.005 is not owned by “ldap”              [警告]
/var/lib/ldap/__db.006 is not owned by “ldap”              [警告]
/var/lib/ldap/__db.002 is not owned by “ldap”              [警告]
/var/lib/ldap/__db.001 is not owned by “ldap”              [警告]
/var/lib/ldap/__db.004 is not owned by “ldap”              [警告]
/var/lib/ldap/__db.003 is not owned by “ldap”              [警告]
/var/lib/ldap/alock is not owned by “ldap”                 [警告]
正在為 slapd 檢查設定檔案:                                [失敗]
ldif_read_file: Permission denied for “/etc/openldap/slapd.d/cn=config.ldif”
slaptest: bad configuration file!

要做下面的權限設定
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/ldap

10. 如果有使用 SELinux 的話,還要做下面的設定
# service slapd start
ls: cannot access /etc/openldap/slapd.d//cn=config/olcDatabase*.ldif: No such file or directory
Starting slapd:                                            [  OK  ]
# restorecon -R /etc/openldap/slapd.d

11. 設定開機時啟動
# chkconfig –level 3 slapd on

12. 設定防火牆
# iptables -A INPUT -p tcp -s 192.168.1.0/24 -m state –state NEW –dport 389 -j ACCEPT