OpenLDAP+Centos7


服务端操作:

下载编译安装:
http://www.openldap.org/software/download/
gunzip -c openldap-2.4.45.tgz  | tar xvfB -
cd openldap-2.4.45/
./configure --prefix=/usr/local/openldap
make depend
make
#make test
make install
设置密码
/usr/local/openldap/sbin/slappasswd
配置文件
vi /usr/local/openldap/etc/openldap/slapd.conf
include         /usr/local/openldap/etc/openldap/schema/core.schema
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include         /usr/local/openldap/etc/openldap/schema/nis.schema
pidfile         /usr/local/openldap/var/run/slapd.pid
argsfile        /usr/local/openldap/var/run/slapd.args
loglevel -1
database        mdb
maxsize         1073741824
suffix          "dc=blizzmi,dc=cn"
rootdn          "cn=root,dc=blizzmi,dc=cn"
rootpw          {SSHA}axEbp3exZ0yJFw6UO1oHTcp2tAX07Ot+
directory       /usr/local/openldap/var/openldap-data
index   objectClass     eq
增加日志
echo "local4.*    /usr/local/openldap/var/slapd.log" >>/etc/rsyslog.conf
service rsyslog restart
启动
/usr/local/openldap/libexec/slapd
查看(匿名)
/usr/local/openldap/bin/ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
写入初始化数据
./ldapadd -x -D "cn=root,dc=blizzmi,dc=cn" -w blizzmi.com -f ./test.ldif
验证:
/usr/local/openldap/bin/ldapsearch -x -b 'dc=blizzmi,dc=cn' '(objectClass=*)'
test.ldif
dn: dc=blizzmi,dc=cn
objectClass: dcObject
objectClass: organization
dc: blizzmi
o: Blizzmi.Inc

客户端操作:

开启服务器登录ldap支持
yum install nss-pam-ldapd
authconfig-tui
开启自动创建家目录
echo "session    required     pam_mkhomedir.so " >>/etc/pam.d/sshd
支持sudo
增加个group:wheel,gid:10,用户加入wheel组

其它:

yum install -y oddjob-mkhomedir oddjob
authconfig --enablemkhomedir --update

include /etc/openldap/schema/sudo.schema
http://phpldapadmin.sourceforge.net/wiki/index.php/TemplatesContributed:Sudo
/usr/share/phpldapadmin/templates/creation/sudo.xml
/usr/share/phpldapadmin/templates/modification/sudo.xml

yum install openssh-ldap
include /etc/openldap/schema/openssh-lpk-openldap.schem