728x90
OpenLDAP 설치 및 구성
OpenLDAP 설치
$ yum install -y compat-openldap openldap openldap-servers openldap-clientsOpenLDAP 데이터베이스 설정
$ cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
$ chown ldap. /var/lib/ldap/DB_CONFIG$ systemctl --now enable slapd.service
$ systemctl status slapd.service
● slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-06-11 16:23:18 KST; 22min ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 7786 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
Process: 7757 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Main PID: 7789 (slapd)
CGroup: /system.slice/slapd.service
└─7789 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///OpenLDAP 구성
OpenLDAP 루트 사용자 비밀번호 설정
$ slappasswd -h {SSHA} -s ldappassword1!
{SSHA}TuXt7LyRbmpzacWE4jjjdi8zUQNEcNYzchrootpw.ldif 파일 생성
cat <<EOF > chrootpw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}TuXt7LyRbmpzacWE4jjjdi8zUQNEcNYz
EOF$ ldapmodify -Y EXTERNAL -H ldapi:/// -f chrootpw.ldifLDAP 스키마(cosine.ldif, nis.ldif, inetorgperson.ldif) 추가
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldifchdomain.ldif 파일 생성
cat <<EOF > chdomain.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=4wxyz,dc=com" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=4wxyz,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=4wxyz,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}TuXt7LyRbmpzacWE4jjjdi8zUQNEcNYz
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=4wxyz,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=4wxyz,dc=com" write by * read
EOF$ ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif728x90
basedomain.ldif 파일 생성
cat <<EOF > basedomain.ldif
dn: dc=4wxyz,dc=com
o: 4wxyz
dc: 4wxyz
objectClass: top
objectClass: dcObject
objectclass: organization
dn: cn=Manager,dc=4wxyz,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=4wxyz,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=4wxyz,dc=com
objectClass: organizationalUnit
ou: Group
EOF$ ldapadd -x -D cn=Manager,dc=4wxyz,dc=com -W -f basedomain.ldifuseradd.ldif 파일 생성
cat <<EOF > useradd.ldif
dn: uid=testuser,ou=People,dc=4wxyz,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuser
uid: testuser
uidNumber: 1500
gidNumber: 1500
homeDirectory: /home/testuser
loginShell: /bin/bash
gecos: Linuxuser [Admin (at) HostAdvice]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
EOF$ ldapadd -x -D cn=Manager,dc=4wxyz,dc=com -W -f useradd.ldifLDAP Admin
http://www.ldapadmin.org/download/ldapadmin.html
728x90
'리눅스' 카테고리의 다른 글
| [리눅스] 메일 SMTP 오류 코드 정리 (0) | 2021.06.17 |
|---|---|
| [draft] CentOS 7에서 Chrony 설치 및 설정 방법 (0) | 2021.06.17 |
| [리눅스] jenkins 도커 컨테이너로 올리기 (0) | 2021.06.10 |
| Ansible setup 모듈(setup module)을 사용하는 방법 (0) | 2021.06.05 |
| zsh 프롬프트 전체 경로 대신 현재 디렉터리만 표시하는 방법 (0) | 2021.06.05 |
