Centos 7.9部署ldap 2.4.44

1、环境准备

[root@ldap81 openldap]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@ldap81 openldap]# uname  -r
3.10.0-1160.119.1.el7.x86_64

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
hostnamectl set-hostname ldap81
reboot

2、安装

yum install -y openldap openldap-servers openldap-clients compat-openldap openldap-develrpm -qa|grep ldap
compat-openldap-2.3.43-5.el7.x86_64
openldap-devel-2.4.44-25.el7_9.x86_64
openldap-clients-2.4.44-25.el7_9.x86_64
openldap-2.4.44-25.el7_9.x86_64
openldap-servers-2.4.44-25.el7_9.x86_64

3、初始化

cd /etc/openldap/
mv slapd.d slapd.d.bak
mkdir slapd.d
slappasswd
cp /usr/share/openldap-servers/slapd.ldif ./

• vim修改slapd.ldif配置文件，修改前后对比
  

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
slapadd -n 0 -F slapd.d -l slapd.ldif
chown ldap:ldap -R slapd.d
chown ldap:ldap -R /var/lib/ldap
systemctl start slapd
systemctl status slapd

cat config_init.ldif
dn: dc=cjqifu,dc=cn
objectclass: dcObject
objectclass: organization
o: chuangjinqifu
dc: cjqifuldapadd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -f config_init.ldif
ldapsearch -x -b 'dc=cjqifu,dc=cn' "objectclass=*"
ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q

4、添加部门

cat department.ldif
# 创建 HR 部门条目
dn: ou=hr,dc=cjqifu,dc=cn
objectClass: organizationalUnit
ou: HR# 创建 IT 部门条目
dn: ou=it,dc=cjqifu,dc=cn
objectClass: organizationalUnit
ou: IT# 创建 RD 部门条目
dn: ou=rd,dc=cjqifu,dc=cn
objectClass: organizationalUnit
ou: RDldapadd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -f department.ldifldapsearch -x -b "dc=cjqifu,dc=cn" "(objectClass=organizationalUnit)"

5、部门添加用户

cat user.ldif
# HR 部门中的用户
dn: uid=linan,ou=HR,dc=cjqifu,dc=cn
objectClass: inetOrgPerson
uid: linan
cn: linan
sn: linan
mail: linan@cjqifu.cn
userPassword: linanpassword# IT 部门中的用户
dn: uid=suyajun,ou=IT,dc=cjqifu,dc=cn
objectClass: inetOrgPerson
uid: suyajun
cn: su yajun
sn: yajun
mail: suyajun@cjqifu.cn
userPassword: suyajunpassworddn: uid=Admin,ou=IT,dc=cjqifu,dc=cn
objectClass: inetOrgPerson
uid: Admin
cn: zabbix
sn: zabbix
mail: zabbix@cjqifu.cn
userPassword: zabbixpasswordldapadd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -f user_zabbix.ldif

6、用户修改密码

ldappasswd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -S "uid=suyajun,ou=IT,dc=cjqifu,dc=cn"
New password:
Re-enter new password:
Enter LDAP Password: #管理员密码