分類: Arch Linux

參考網頁：
Logwatch, SSMTP and Iptables or Arch Linux (Raspberry Pi) | Lisenet.com :: Linux | Security | Networking
Logwatch – ArchWiki
Linux 學習日誌: 學習使用 Logwatch (日誌檢視系統)

1. 安裝 syslog-ng
# pacman -S syslog-ng

2. 設定開機時啟動
# systemctl enable syslog-ng
啟動 syslog-ng
# systemctl start syslog-ng

3. 安裝 logwatch
# pacman -S logwatch[@more@]4. 安裝 ssmtp，利用 gmail 來寄信
# pacman -S ssmtp

5. 修改設定檔
# vim /etc/ssmtp/ssmtp.conf
#root=postmaster
# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and you mailhub is so named.
mailhub=smtp.gmail.com:587
# Where will the mail seem to come from?
#rewriteDomain=y
# The full hostname
#hostname=root-chroot-copy
# 寄件者帳號
AuthUser=xxxx@gmail.com
# 寄件者密碼
AuthPass=xxxx
UseSTARTTLS=YES
FromLineOverride=yes #enables to use mail -r option

6. 更改檔案權限
# chmod 0600 /etc/ssmtp/ssmtp.conf

7. 修改設定檔 /etc/logwatch/conf/logwatch.conf
# echo “Detail = 5” > /etc/logwatch/conf/logwatch.conf
# echo “Output = mail” >> /etc/logwatch/conf/logwatch.conf
# echo “MailTo = xxxx@gmail.com” >> /etc/logwatch/conf/logwatch.conf
# echo “MailFrom = logwatch@arch.test.ilc.edu.tw” >> /etc/logwatch/conf/logwatch.conf

為了讓能更方便了解學校每一台 Server 的狀態，所以啟用了 snmp 服務。
參考網頁：
Snmpd – ArchWiki

安裝 net-snmp 套件
# pacman -S net-snmp

建立目錄
# mkdir /etc/snmp[@more@]3. 因為只要偵測 snmp 相關資訊，所以採用唯讀的模式
# echo rocommunity read_only_user >> /etc/snmp/snmpd.conf

4. 設定開機時啟動 snmpd 服務
# systemctl enable snmpd
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.

5. 啟動 snmpd 服務
# systemctl start snmpd

6. 檢查 snmpd 服務是否有正常啟動
# systemctl status snmpd
* snmpd.service – Simple Network Management Protocol (SNMP) Daemon
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2014-12-27 20:57:10 CST; 13s ago
  Process: 469 ExecStart=/usr/bin/snmpd -p /run/snmpd.pid (code=exited, status=0/SUCCESS)
 Main PID: 471 (snmpd)
   CGroup: /system.slice/snmpd.service
           `-471 /usr/bin/snmpd -p /run/snmpd.pid

Dec 27 20:57:10 lemaker snmpd[469]: pcilib: Cannot open /proc/bus/pci
Dec 27 20:57:10 lemaker systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon.

# netstat -anulp | grep ‘161’
udp        0      0 0.0.0.0:161             0.0.0.0:*                           471/snmpd

7. 在本機讀取 SNMP 1 or 2c 相關資訊
# snmpwalk -v 1 -c read_only_user localhost | less
# snmpwalk -v 2c -c read_only_user localhost | less

8. 在防火牆設定限制
# iptabels -A INPUT -u udp -s x.x.x.x –dport 161 -m state –state NEW -j ACCEPT

1. 更新套件庫
ReHat/CentOS
# yum update
Debian/Ubuntu
# apt-get update
Arch Linux
# pacman -Sy
Gentoo Linux
# emerge –sync[@more@]2. 更新整個系統
ReHat/CentOS
# yum -y update
Debian/Ubuntu
# apt-get upgrade
# apt-get dist-upgrade
Arch Linux
# pacman -Syu
Gentoo Linux
# emerge -u world

3. 搜尋套件
ReHat/CentOS
# yum search pkg_filename
Debian/Ubuntu
# apt-cache search pkg_filename
Arch Linux
# pacman -Ss pkg_filename
Gentoo Linux
# emerge -s pkg_filename

4. 安裝套件
ReHat/CentOS
# yum install pkg_filename
# rpm -ivh pkg_filename.rpm
Debian/Ubuntu
# apt-get install pkg_filename
# dpkg -i pkg_filename.deb
Arch Linux
# pacman -S pkg_filename
Gentoo Linux
# emerge pkg_filename
# emerge -k pkg_filename

5. 移除套件
ReHat/CentOS
# yum remove pkg_filename
# rpm -e pkg_filename
Debian/Ubuntu
# apt-get remove –purge pkg_filename
# dpkg -P pkg_filename.deb
Arch Linux
# pacman -Rn pkg_filename
Gentoo Linux
# emerge -C pkg_filename

列出可以更新的套件
# pacman -Quq                                                   
dbus
libdbus
linux-firmware
linux-sun7i
openresolv
uboot-cubieboard2[@more@]改採信件通知管理者
# vim /usr/local/bin/check-update
#!/bin/bash
/usr/bin/pacman -Quq  > /tmp/$(date +%F)
if [ -s /tmp/$(date +%F) ] ;then
   /usr/bin/mail -s “Arch Linux Updates Available” xxxx@gmail.com < /tmp/$(date +%F)
   rm -rf /tmp/$(date +%F)
else
   rm -rf /tmp/$(date +%F)
fi

更改檔案執行權限
# chmod 700 /usr/local/bin/check-update

加入到 crontab
# crontab -l
0 0,12 * * * /usr/bin/pacman -Syy > /dev/null 2>&1
0 1,13 * * * /usr/local/bin/check-update

參考網頁：
wordpress 和 LDAP 的結合(TLS) | 資訊雜記

安裝 php-ldap
# pacman -S php-ldap

開啟 php ldap 功能
# sed -i ‘s/;extension=ldap.so/extension=ldap.so/’ /etc/php/php.ini

重新啟動 php-fpm
# systemctl restart php-fpm[@more@]下載 WordPress LDAP 外掛程式
wpDirAuth：https://wordpress.org/plugins/wpdirauth/installation/

下載 wpDirAuth
# wget https://downloads.wordpress.org/plugin/wpdirauth.1.7.6.zip

解壓縮到 /srv/http/wordpress/wp-content/plugins 目錄
# unzip wpdirauth.1.7.6.zip -d /srv/http/wordpress/wp-content/plugins

啟用 wpDirAuth 外掛
登入後，選擇 網誌管理

選擇 外掛 / 已安裝外掛

選擇 wuDirAuth 的啟用

已啟用

選擇 設定 / Directory Auth

LDAP 設定相關參數

做以下的設定
1. Enable Directory Authentication?
2. Directory Servers (Domain Controllers)
3. Account Filter

1. Base DN
2. Bind DN
3. Bind Password
4. Confirm Password

Update Options

測試一下

可以正常登入

直接轉換使用者帳號密碼檔，如果含有中文，就會出現亂碼

[@more@]處理方式：
1. 先將擷取出來的檔案轉換成 big5 編碼
# egrep ‘t100|s100’ /etc/passwd > /root/ldif/passwd
# piconv -f utf8 -t big5 /root/ldif/passwd > /root/ldif/passwd.big5
# cat /root/ldif/passwd.big5
s100001:x:1002:1000:▒▒▒▒01▒L▒p▒▒:/home/student/s100/s100001:/bin/false
s100002:x:1003:1000:▒▒▒▒02▒▒▒▒▒:/home/student/s100/s100002:/bin/false
t100001:x:1004:1001:▒▒▒g:/home/teacher/t100001:/bin/false

使用 MigrationTools 進行轉換
# cd /usr/share/MigrationTools-47
# ./migrate_passwd.pl /root/ldif/passwd.big5 > /root/ldif/passwd.ldif.big5

再轉換成 utf8 編碼
# piconv -f big5 -t utf8 /root/ldif/passwd.ldif.big5 > /root/ldif/passwd.ldif

去除一些不要的欄位
# sed -i ‘/mailRoutingAddress/d’ /root/ldif/passwd.ldif
# sed -i ‘/mailHost/d’ /root/ldif/passwd.ldif
# sed -i ‘/krbName/d’ /root/ldif/passwd.ldif
# sed -i ‘/inetLocalMailRecipient/d’ /root/ldif/passwd.ldif
# sed -i ‘/kerberosSecurityObject/d’ /root/ldif/passwd.ldif

但有些字可以正常轉換，有些字可能還是亂碼，要手動處理

參考網頁：
ownCloud – ArchWiki
How To Install and Setup ownCloud on Arch Linux | DigitalOcean
EFSTATHIOS IOSIFIDIS: Install ownCloud on Raspberry Pi (Arch Linux) using Lighttpd
EFSTATHIOS IOSIFIDIS: Install ownCloud 7 on Raspberry Pi (Arch Linux) using Lighttpd
Arch Linux / OwnCloud with nginx | Ryad’s Blog

安裝 PHP 和 Nginx
# pacman -S nginx php php-fpm php-gd php-mcrypt php-intl[@more@]
修改 /etc/php/php.ini 設定檔
# sed -i ‘s/;extension=zip.so/extension=zip.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=gd.so/extension=gd.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=iconv.so/extension=iconv.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=openssl.so/extension=openssl.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=xmlrpc.so/extension=xmlrpc.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=bz2.so/extension=bz2.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=curl.so/extension=curl.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=intl.so/extension=intl.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=mcrypt.so/extension=mcrypt.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=mysql.so/extension=mysql.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=pdo_mysql.so/extension=pdo_mysql.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=mysqli.so/extension=mysqli.so/’ /etc/php/php.ini
# sed -i ‘s/;zend_extension=opcache.so/zend_extension=opcache.so/’ /etc/php/php.ini

如果要將 ownCloud 檔案存放在速度比較快的目錄 /mnt/sda1/ownCloud
# vim /etc/php/php.ini
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/mnt/sda1/ownCloud

建立 ownCloud 資料庫及使用者和密碼
# /usr/bin/mysql -u root -p
> CREATE DATABASE cloud;
> CREATE USER cloud@localhost;
> SET PASSWORD FOR cloud@localhost= PASSWORD(“password_for_cloud”);
> GRANT ALL PRIVILEGES ON cloud.* TO cloud@localhost IDENTIFIED BY ‘password_for_cloud’;
> FLUSH PRIVILEGES;
> exit

下載 ownCloud
# wget https://download.owncloud.org/community/owncloud-7.0.2.tar.bz2
解壓縮
# tar xvjf owncloud-7.0.2.tar.bz2
建立目錄
# mkdir /srv/http/owncloud/data
改變目錄擁有者
# chown -R http:http /srv/http/owncloud/data

啟動及開機時啟動 php-fpm 及 nginx 服務
# systemctl enable php-fpm
# systemctl start php-fpm
# systemctl enable nginx
# systemctl start nginx

關於 ownCloud 可以參考：頭城國小資訊組 | 在 CentOS 6.x 上安裝 ownCloud
參考網頁：
ownCloud – ArchWiki
How To Install and Setup ownCloud on Arch Linux | DigitalOcean
EFSTATHIOS IOSIFIDIS: Install ownCloud on Raspberry Pi (Arch Linux) using Lighttpd
EFSTATHIOS IOSIFIDIS: Install ownCloud 7 on Raspberry Pi (Arch Linux) using Lighttpd

查詢套件庫中有無 ownCloud 套件
# pacman -Ss owncloud
community/owncloud 7.0.2-1
    A cloud server to store your files centrally on a hardware controlled by you
安裝 ownCloud 套件
# pacman -S owncloud
Optional dependencies for owncloud
    php-apache: to use the Apache web server
    php-sqlite: to use the SQLite database backend
    php-pgsql: to use the PostgreSQL database backend
    php-ldap: LDAP authentication
    php-intl [installed]
    php-apcu
    php-xcache
    mariadb: to use the MySQL database backend [installed]
    smbclient: to mount SAMBA shares [installed]
    php-mcrypt [installed]
    ffmpeg: file preview
    libreoffice-common: file preview[@more@]
安裝 php-ldap / php-apcu / php-xcache 套件
# pacman -S php-ldap php-apcu php-xcache

安裝 uwsgi-plugin-php 套件
# pacman -S uwsgi-plugin-php

修改 /etc/php/php.ini 設定檔
# sed -i ‘s/;extension=zip.so/extension=zip.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=gd.so/extension=gd.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=iconv.so/extension=iconv.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=openssl.so/extension=openssl.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=xmlrpc.so/extension=xmlrpc.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=bz2.so/extension=bz2.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=curl.so/extension=curl.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=intl.so/extension=intl.so/’ /etc/php/php.ini
# sed -i ‘s/;extension=mcrypt.so/extension=mcrypt.so/’ /etc/php/php.ini

修改 nginx 設定檔
# vim /etc/nginx/ngix.conf
#this is to avoid Request Entity Too Large error
        client_max_body_size 1000M;
        # deny access to some special files
        location ~ ^/(data|config|.ht|db_structure.xml|README) {
              deny all;
        }
        # pass all .php or .php/path urls to uWSGI
        location ~ ^(.+.php)(.*)$ {
              include uwsgi_params;
              uwsgi_modifier1 14;
              uwsgi_pass 127.0.0.1:3001;
        }
        # everything else goes to the filesystem,
        # but / will be mapped to index.php and run through uwsgi
        location /owncloud {
              root /usr/share/webapps;
              index index.php;
              rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
              rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
        }

重新啟動 Nginx Web Server
# systemctl restart nginx

安裝 uwsgi
# pacman -S uwsgi

建立設定檔
# vim /etc/uwsgi/owncloud.ini

[uwsgi]
master = true
socket = 127.0.0.1:3001

# Change this to where you want ownlcoud data to be stored (maybe /home/owncloud)
owncloud_data_dir = /usr/share/webapps/owncloud/data/
chdir             = %(owncloud_data_dir)

plugins = php
php-docroot     = /usr/share/webapps/owncloud
php-index       = index.php

# only allow these php files, I don't want to inadvertently run something else
php-allowed-ext = /index.php
php-allowed-ext = /public.php
php-allowed-ext = /remote.php
php-allowed-ext = /cron.php
php-allowed-ext = /status.php
php-allowed-ext = /settings/apps.php
php-allowed-ext = /core/ajax/update.php
php-allowed-ext = /core/ajax/share.php
php-allowed-ext = /core/ajax/requesttoken.php
php-allowed-ext = /core/ajax/translations.php
php-allowed-ext = /search/ajax/search.php
php-allowed-ext = /search/templates/part.results.php
php-allowed-ext = /settings/admin.php
php-allowed-ext = /settings/users.php
php-allowed-ext = /settings/personal.php
php-allowed-ext = /settings/help.php
php-allowed-ext = /settings/ajax/getlog.php
php-allowed-ext = /settings/ajax/setlanguage.php
php-allowed-ext = /settings/ajax/setquota.php
php-allowed-ext = /settings/ajax/userlist.php
php-allowed-ext = /settings/ajax/createuser.php
php-allowed-ext = /settings/ajax/removeuser.php
php-allowed-ext = /settings/ajax/enableapp.php
php-allowed-ext = /core/ajax/appconfig.php
php-allowed-ext = /settings/ajax/setloglevel.php
php-allowed-ext = /ocs/v1.php

# set php configuration for this instance of php, no need to edit global php.ini
php-set = date.timezone=Etc/UTC
php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud
php-set = session.save_path=/tmp
php-set = post_max_size=1000M
php-set = upload_max_filesize=1000M

# load all extensions only in this instance of php, no need to edit global php.ini
php-set = extension=bz2.so
php-set = extension=curl.so
php-set = extension=intl.so
php-set = extension=openssl.so
php-set = extension=pdo_sqlite.so
php-set = extension=exif.so
php-set = extension=gd.so
php-set = extension=imagick.so
php-set = extension=gmp.so
php-set = extension=iconv.so
php-set = extension=mcrypt.so
php-set = extension=sockets.so
php-set = extension=sqlite3.so
php-set = extension=xmlrpc.so
php-set = extension=xsl.so
php-set = extension=zip.so

processes = 10
cheaper = 2
cron = -3 -1 -1 -1 -1 /usr/bin/php -f /usr/share/webapps/owncloud/cron.php 1>/dev/null

建立目錄
# mkdir /usr/share/webapps/owncloud/data

# uwsgi_php –ini /etc/uwsgi/owncloud.ini
[uwsgi] implicit plugin requested php
[uWSGI] getting INI configuration from /etc/uwsgi/owncloud.ini
*** Starting uWSGI 2.0.7 (32bit) on [Wed Nov  5 09:22:02 2014] ***
compiled with version: 4.8.2 20131219 (prerelease) on 02 October 2014 06:16:59
os: Linux-3.4.90 #2 SMP PREEMPT Wed Aug 27 10:31:52 CST 2014
nodename: lemaker
machine: armv7l
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /root
detected binary path: /sbin/uwsgi
uWSGI running as root, you can use –uid/–gid/–chroot options
*** WARNING: you are running uWSGI as root !!! (use the –uid flag) ***
chdir(): No such file or directory [core/uwsgi.c line 2537]

建立學生群組
# groupadd student
建立老師群組
# groupadd teacher

建立學生目錄
# mkdir -p /home/student/s100
建立老師目錄
# mkdir /home/teacher

建立學生帳號及密碼
# useradd -g student -d /home/student/s100/s100001 -m -s /bin/false -c “六忠01林小華” s100001
# useradd -g student -d /home/student/s100/s100002 -m -s /bin/false -c “六忠02陳金花” s100002
# passwd s100001
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
# passwd s100002
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

建立老師帳號及密碼
# useradd -g teacher -d /home/teacher/t100001 -m -s /bin/false -c “李阿土” t100001
# passwd t100001
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
[@more@]
# mkdir /root/ldif
# egrep ‘teacher|student’ /etc/group > /root/ldif/group
# cat /root/ldif/group
student:x:1000:
teacher:x:1001:

# egrep ‘t100|s100’ /etc/passwd > /root/ldif/passwd
# cat /root/ldif/passwd
s100001:x:1002:1000:六忠01林小華:/home/student/s100/s100001:/bin/false
s100002:x:1003:1000:六忠02陳金花:/home/student/s100/s100002:/bin/false
t100001:x:1004:1001:李阿土:/home/teacher/t100001:/bin/false

使用 migrationtools 工具
# cd /usr/share/MigrationTools-47
# ./migrate_base.pl > /root/ldif/base.ldif
# ./migrate_passwd.pl /root/ldif/passwd > /root/ldif/passwd.ldif
# ./migrate_group.pl /root/ldif/group > /root/ldif/group.ldif

# cat /root/ldif/base.ldif
dn: dc=ldap,dc=tces.ilc.edu.tw
dc: ldap
objectClass: top
objectClass: domain
objectClass: domainRelatedObject
associatedDomain: tces.ilc.edu.tw

dn: ou=Group,dc=ldap,dc=tces.ilc.edu.tw
ou: Group
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: tces.ilc.edu.tw

dn: ou=People,dc=ldap,dc=tces.ilc.edu.tw
ou: People
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: tces.ilc.edu.tw

清空資料
# systemctl stop slapd
# rm -rf /var/lib/openldap/openldap-data/*
# rm -rf /etc/openldap/slapd.d/*
# cp /etc/openldap/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG
# chown ldap:ldap /var/lib/openldap/openldap-data/DB_CONFIG
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/openldap/openldap-data/*
# systemctl start slapd

開始匯入
# systemctl stop slapd
# /usr/bin/slapadd -l /root/ldif/base.ldif
545aedd1 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
_#################### 100.00% eta   none elapsed            none fast!
Closing DB…
# /usr/bin/slapadd -l /root/ldif/passwd.ldif
# /usr/bin/slapadd -l /root/ldif/group.ldif

更改目錄擁有者及啟動 OpenLDAP Server
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/openldap/openldap-data/*
# systemctl start slapd

參考網站：
OpenLDAP – ArchWiki

搜尋 OpenLDAP 套件
# pacman -Ss openldap
core/openldap 2.4.40-1
    Lightweight Directory Access Protocol (LDAP) client and server

安裝 OpenLDAP Server
# pacman -S openldap[@more@]

資料庫存放位置
/var/lib/openldap/openldap-data

設定檔位置
/etc/openldap/slapd.conf

備份設定檔
# cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.$(date +%F)
# cp /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG
# chown ldap:ldap /var/lib/openldap/openldap-data/DB_CONFIG

設定管理密碼
# /usr/bin/slappasswd
New password:
Re-enter new password:
{SSHA}RExxR+kZpVgxxxdSYtxxsU

修改設定檔 /etc/openldap/slapd.conf
# sed -i ‘s/dc=my-domain,dc=com/dc=ldap,dc=tces.ilc.edu.tw/’ /etc/openldap/slapd.conf
# sed -i ‘s/secret/{SSHA}RExxR+kZpVgxxxdSYtxxsU/’ /etc/openldap/slapd.conf

修改設定檔 /etc/openldap/slapd.conf
# vim /etc/openldap/slapd.conf
在 include         /etc/openldap/schema/core.schema 下加入
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

下載 openldap-migrationtools
# wget http://www.padl.com/download/MigrationTools-47.tar.gz

解壓縮
# tar xvzf MigrationTools-47.tar.gz -C /usr/share

修改設定檔
# sed -i ‘s/$DEFAULT_MAIL_DOMAIN = “padl.com”;/$DEFAULT_MAIL_DOMAIN = “tces.ilc.edu.tw”;/’ /usr/share/MigrationTools-47/migrate_common.ph
# sed -i ‘s/$DEFAULT_BASE = “dc=padl,dc=com”;/$DEFAULT_BASE = “dc=ldap,dc=tces.ilc.edu.tw”;/’ /usr/share/MigrationTools-47/migrate_common.ph
# sed -i ‘s/$EXTENDED_SCHEMA = 0;/$EXTENDED_SCHEMA = 1;/’ /usr/share/MigrationTools-47/migrate_common.ph

產生新的設定，並修改權限
# mv /etc/openldap/slapd.d /etc/openldap/slapd.d.orig
# mkdir /etc/openldap/slapd.d
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/openldap/openldap-data/*

測試設定檔
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
545ad5f4 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded
# chown -R ldap.ldap /etc/openldap/slapd.d
# chown -R ldap.ldap /var/lib/openldap/openldap-data/*

啟動 OpenLDAP 服務
# systemctl start slapd
設定開機時啟動 OpenLDAP 服務
# systemctl enable slapd
Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /lib/systemd/system/slapd.service.

檢查是否有正常啟動
# netstat -antup | grep :389
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      2516/slapd
tcp6       0      0 :::389                  :::*                    LISTEN      2516/slapd