[root@scheduler shell]# cat ldapserver.sh #!/bin/bash # # LdapServer install Script # author: liulingfeng # 2023-04-29 #-------------------------------------------- #1、关闭防火墙 sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config systemctl disable firewalld.service && systemctl stop firewalld.service systemctl stop NetworkManager && systemctl disable NetworkManager ############################################################# AdminPd="Huawei@123" PassWord="$(slappasswd -s $AdminPd)" DomainPrefix="huawei" DomainSuffix="com" LdifPath="/etc/openldap/schema" DomainName="huawei.com" # kylin=mdb,centos=hdb olcfilename="mdb" ############################################################# mkdir -p ${LdifPath} yum install -y openldap-servers openldap openldap-devel openldap-clients function ldapserver(){ yum -y reinstall openldap compat-openldap \ openldap-clients openldap-servers openldap-servers-sql \ openldap-devel migrationtools rm -rf /var/lib/ldap/DB_CONFIG cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap:ldap /var/lib/ldap/DB_CONFIG grep "/var/log/slapd.log" /etc/rsyslog.conf || cat >> /etc/rsyslog.conf << EOFA local4.* /var/log/slapd.log EOFA systemctl restart rsyslog && systemctl enable slapd && systemctl start slapd #2、更改管理用户密码 cat>${LdifPath}/chrootpw.ldif<<EOF # specify the password generated above for "olcRootPW" section dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: ${PassWord} EOF #3、导入信息配置信息 ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/chrootpw.ldif #4、定义了后续创建条目可以使用哪些属性: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif #5、配置 LDAP 的顶级域(以 dc=huawei,dc=com 为例)及其管理域: cat>${LdifPath}/chdomain.ldif<<EOFB # replace to your own domain name for "dc=***,dc=***" section # specify thessword generated above for "olcRootPW" section dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" read by * none dn: olcDatabase={2}${olcfilename},cn=config changetype: modify replace: olcSuffix olcSuffix: dc=${DomainPrefix},dc=${DomainSuffix} dn: olcDatabase={2}${olcfilename},cn=config changetype: modify replace: olcRootDN olcRootDN: cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} dn: olcDatabase={2}${olcfilename},cn=config changetype: modify add: olcRootPW olcRootPW: ${PassWord} dn: olcDatabase={2}${olcfilename},cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" write by * read EOFB #6、导入顶级域配置信息 ldapmodify -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/chdomain.ldif #7、创建Huawei News Agency 的组织,并在其下创建一个 (可用"基础base.ldif文件生成"内容进行导入) #Manager 的组织角色(该角色内的用户具有管理整个 LDAP 的权限)和 People 和 Group 两个组织单元: cat>${LdifPath}/Mybase01.ldif<<EOFC dn: dc=${DomainPrefix},dc=${DomainSuffix} objectClass: top objectClass: dcObject objectclass: organization o: ${DomainPrefix}.${DomainSuffix} dc: ${DomainPrefix} dn: cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} objectClass: organizationalRole cn: Manager dn: ou=people,dc=${DomainPrefix},dc=${DomainSuffix} objectClass: organizationalUnit ou: people dn: ou=group,dc=${DomainPrefix},dc=${DomainSuffix} objectClass: organizationalUnit ou: group EOFC #8、修改migrate_common.ph文件配置并创建Mybase.ldif rpm -qa migrationtools || yum install -y migrationtools sed -i.bak -e '90 s/0/1/g' -e '71 s/padl.com/'${DomainName}'/g' \ -e '74 s/dc=padl,dc=com/'dc=${DomainPrefix},dc=${DomainSuffix}'/g' \ /usr/share/migrationtools/migrate_common.ph #生成基础base.ldif文件 /usr/share/migrationtools/migrate_base.pl > ${LdifPath}/Mybase.ldif #8、导入顶级域配置信息 ldapadd -x -D cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} -w ${AdminPd} -f ${LdifPath}/Mybase.ldif #ldapadd -x -D cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} -w ${AdminPd} -f ${LdifPath}/basedomain.ldif echo ------------------------------ echo ladp server install successfull echo ------------------------------ } function phpldapadmin(){ yum -y install httpd php php-ldap php-snmp php-devel php php-pdo php-mysqlnd php-fpm yum -y install phpldapadmin cp /etc/phpldapadmin/config.php /etc/phpldapadmin/config.php.bak #使用DN登录,即cn=admin,dc=huawei,dc=com sed -i '398 s#uid#dn#g' /etc/phpldapadmin/config.php sed -i '/Require local/ s#Require local#Require all granted#g' /etc/httpd/conf.d/phpldapadmin.conf systemctl restart httpd echo ---------------------------------------------------- echo "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} logon" echo ---------------------------------------------------- } grep "/var/log/slapd.log" /etc/rsyslog.conf || cat >> /etc/rsyslog.conf << EOF local4.* /var/log/slapd.log EOF # echo '#!/bin/bash AdminPd="Huawei@123" DomainPrefix="huawei" DomainSuffix="com" LdifPath="/etc/openldap/schema/UserAndGroup" UserName=$1 function creUserAndGroup(){ test -d ${LdifPath} || mkdir -pv ${LdifPath} # 1、创建ldap user useradd $UserName echo "Huawei@123" | passwd --stdin $UserName # 2、把新增的ldap user 项写入单独的文件中 getent passwd | grep -i "$UserName" > ${LdifPath}/users getent group | grep -i "$UserName" > ${LdifPath}/groups # 3、根据users和group文件生成ldif文件;生产环境,此步需要筛选指定用户 /usr/share/migrationtools/migrate_passwd.pl ${LdifPath}/users > ${LdifPath}/users.ldif #生产用户的ldif /usr/share/migrationtools/migrate_group.pl ${LdifPath}/groups > ${LdifPath}/groups.ldif #生产组的ldif # 4、编辑ldif文件 添加正确的uid和gid以及home目录 (一般情况下都需要编辑再次确认) ldapadd -x -w "${AdminPd}" -D "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" -f ${LdifPath}/users.ldif ldapadd -x -w "${AdminPd}" -D "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" -f ${LdifPath}/groups.ldif echo ------------------------ echo "add User $UserName successfull" echo ------------------------ } creUserAndGroup }'> /root/aa.sh function preinstall(){ cat>>/etc/security/limits.conf<<EOFH * soft memlock unlimited * hard memlock unlimited * soft stack unlimited * hard stack unlimited * soft nofile 1000000 * hard nofile 1000000 * hard nproc 1000000 * soft nproc 1000000 EOFH } #preinstall #ldapserver phpldapadmin
标签:配置,dc,LDAPserver,etc,openldap,ldif,LdifPath,相关,php From: https://www.cnblogs.com/vmsysjack/p/17436419.html