發佈於 作者: t850008

ArchLinux – 安裝 OpenLDAP Server

參考網站:
OpenLDAP – ArchWiki

搜尋 OpenLDAP 套件
# pacman -Ss openldap
core/openldap 2.4.40-1
    Lightweight Directory Access Protocol (LDAP) client and server

安裝 OpenLDAP Server
# pacman -S openldap[@more@]

資料庫存放位置
/var/lib/openldap/openldap-data

設定檔位置
/etc/openldap/slapd.conf

備份設定檔
# cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.$(date +%F)
# cp /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG
# chown ldap:ldap /var/lib/openldap/openldap-data/DB_CONFIG

設定管理密碼
# /usr/bin/slappasswd
New password:
Re-enter new password:
{SSHA}RExxR+kZpVgxxxdSYtxxsU

修改設定檔 /etc/openldap/slapd.conf
# sed -i ‘s/dc=my-domain,dc=com/dc=ldap,dc=tces.ilc.edu.tw/’ /etc/openldap/slapd.conf
# sed -i ‘s/secret/{SSHA}RExxR+kZpVgxxxdSYtxxsU/’ /etc/openldap/slapd.conf


修改設定檔 /etc/openldap/slapd.conf
# vim /etc/openldap/slapd.conf
include         /etc/openldap/schema/core.schema 下加入
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema


下載 openldap-migrationtools
# wget http://www.padl.com/download/MigrationTools-47.tar.gz

解壓縮
# tar xvzf MigrationTools-47.tar.gz -C /usr/share

修改設定檔
# sed -i ‘s/$DEFAULT_MAIL_DOMAIN = “padl.com”;/$DEFAULT_MAIL_DOMAIN = “tces.ilc.edu.tw”;/’ /usr/share/MigrationTools-47/migrate_common.ph
# sed -i ‘s/$DEFAULT_BASE = “dc=padl,dc=com”;/$DEFAULT_BASE = “dc=ldap,dc=tces.ilc.edu.tw”;/’ /usr/share/MigrationTools-47/migrate_common.ph
# sed -i ‘s/$EXTENDED_SCHEMA = 0;/$EXTENDED_SCHEMA = 1;/’ /usr/share/MigrationTools-47/migrate_common.ph

產生新的設定,並修改權限
# mv /etc/openldap/slapd.d /etc/openldap/slapd.d.orig
# mkdir /etc/openldap/slapd.d
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/openldap/openldap-data/*

測試設定檔
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
545ad5f4 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/openldap/openldap-data/*

啟動 OpenLDAP 服務
# systemctl start slapd
設定開機時啟動 OpenLDAP 服務
# systemctl enable slapd
Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /lib/systemd/system/slapd.service.

檢查是否有正常啟動
# netstat -antup | grep :389
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      2516/slapd
tcp6       0      0 :::389                  :::*                    LISTEN      2516/slapd