CentOS 7 : OpenLDAP : Configure LDAP Server : Serv...

yespon 2016-09-11

展开全文

# generate directory manager's password

[root@dlp ~]#

slappasswd

New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@dlp ~]#

vi chdomain.ldif

# replace to your own domain name for 'dc=***,dc=***' section

# specify the password generated above for 'olcRootPW' section

dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base='gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth' read by dn.base='cn=Manager,dc=srv,dc=world' read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=srv,dc=world dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=Manager,dc=srv,dc=world dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn='cn=Manager,dc=srv,dc=world' write by anonymous auth by self write by * none olcAccess: {1}to dn.base='' by * read olcAccess: {2}to * by dn='cn=Manager,dc=srv,dc=world' write by * read

[root@dlp ~]#

ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

SASL/EXTERNAL authentication started SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry 'olcDatabase={1}monitor,cn=config' modifying entry 'olcDatabase={2}hdb,cn=config' modifying entry 'olcDatabase={2}hdb,cn=config' modifying entry 'olcDatabase={2}hdb,cn=config'

[root@dlp ~]#

vi basedomain.ldif

# replace to your own domain name for 'dc=***,dc=***' section

dn: dc=srv,dc=world objectClass: top objectClass: dcObject objectclass: organization o: Server World dc: Srv dn: cn=Manager,dc=srv,dc=world objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=srv,dc=world objectClass: organizationalUnit ou: People dn: ou=Group,dc=srv,dc=world objectClass: organizationalUnit ou: Group

[root@dlp ~]#

ldapadd -x -D cn=Manager,dc=srv,dc=world -W -f basedomain.ldif

Enter LDAP Password:

# directory manager's password

adding new entry 'dc=srv,dc=world' adding new entry 'cn=Manager,dc=srv,dc=world' adding new entry 'ou=People,dc=srv,dc=world' adding new entry 'ou=Group,dc=srv,dc=world'