12 LDAP 服务器

1. 快速开始⚓

1.1 Server⚓

yum install openldap-servers

添加数据库的配置文件/usr/local/etc/ldap/mdb.ldif：

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
OlcDbMaxSize: 1073741824
olcSuffix: dc=my-domin,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
olcRootPW: secret
olcDbDirectory: /var/lib/openldap-data
olcDbIndex: objectClass eq

使用slapadd添加条目：

slapadd -l /usr/local/etc/ldap/mdb.ldif

修改权限：

chown -R ldap:ldap /var/lib/ldap/

启动：

systemctl start slapd

检验：

[root@controller ldap]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=my-domain,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

1.2 Client⚓

yum install openldap-clients

下面是添加一条条目的步骤

创建配置文件 my-organization.ldif：

dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
o: my-organization
dc: my-domain

dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager

使用ldapadd添加到服务器：

[root@controller ldap]# ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret -f my-organization.ldif
adding new entry "dc=my-domain,dc=com"

adding new entry "cn=Manager,dc=my-domain,dc=com"

检查新添加的条目：

[root@controller ldap]# ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# my-domain.com
dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
o: my-organization
dc: my-domain

# Manager, my-domain.com
dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2