立即注册 登录
SCMLife.com 返回首页

okala的个人空间 http://space.scmlife.com/?70806 [收藏] [复制] [分享] [RSS]

日志

Red Hat Enterprise Linux 5.7 下安装openldap

已有 1185 次阅读2012-7-3 15:18 |个人分类:Linux| 安装, openldap

install Berkeley DB
http://www.sleepycat.com/download/index.shtml
tar xzf db-4.3.28.NC.tar.gz
cd db-4.3.28.NC/build_unix
../dist/configure --prefix=/usr/local/
make
make install

install OpenSSL
http://www.openssl.org/source/
tar xzf openssl-0.9.8.tar.gz
cd openssl-0.9.8
./config shared --openssldir=/usr/local
make
make install

install OpenLDAP
http://www.openldap.org/software/download/
tar xzf openldap-2.2.26.tar.gz
cd openldap-2.2.26
./configure
vi /etc/ld.so.conf/usrlocal.conf
/usr/local/lib/
/usr/local/lib64/
:wq!
ldconfig -v
make depend
make
make test
make install

vi /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
#
loglevel 264
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
#
# TLS options
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile /usr/local/etc/openldap/slapd-cert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/slapd-key.pem
#
database bdb
suffix "dc=apes.process,dc=com"
rootdn "cn=Directory Manager,dc=apes.process,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
:wq!

to generate your own TLS certificates
/usr/local/misc/CA.pl -newcert
/usr/local/bin/openssl rsa -in newkey.pem -out newkey1.pem
mv newcert.pem /usr/local/etc/openldap/slapd-cert.pem
mv newkey1.pem /usr/local/etc/openldap/slapd-key.pem

Make openldap automatically start:
vi /etc/init.d/openldap
#!/bin/sh
# NAME: /etc/init.d/openldap
case "$1" in
  'start')
    [ -f /usr/local/libexec/slapd ] && /usr/local/libexec/slapd
    ;;
  'stop')
    kill -INT `cat /usr/local/var/run/slapd.pid`
    ;;
*)
  echo "Usage: $0 {start | stop}"
  exit 1
esac
:wq!
chmod +x /etc/init.d/openldap

service openldap start
service openldap stop
You should avoid using kill -9 to stop slapd at all costs. Using drastic means to shut down OpenLDAP will corrupt the directory data.

ldapadd -D "cn=Manager,dc=apes.process,dc=com" -w secret -f /usr/local/etc/openldap/groups.txt
ldapadd -D "cn=Manager,dc=apes.process,dc=com" -w secret -f /usr/local/etc/openldap/users.txt
ldapsearch -x -b "dc=apes.process,dc=com"
slapcat > <backup file>
rm -rf /usr/local/var/openldap-data/*

鸡蛋

鲜花

评论 (0 个评论)

facelist doodle 涂鸦板

您需要登录后才可以评论 登录 | 立即注册

QQ|小黑屋|手机版|无图版|SCMLife.com ( 京ICP备06056490号-1 )

GMT+8, 2017-10-18 00:24 , Processed in 0.032883 second(s), 6 queries , Gzip On, MemCache On.

Powered by SCMLife X3.4 Licensed

© 2001-2017 JoyShare.

返回顶部