首页 > 其他分享 >LDAPserver相关配置

LDAPserver相关配置

时间:2023-05-27 11:11:56浏览次数:45  
标签:配置 dc LDAPserver etc openldap ldif LdifPath 相关 php

[root@scheduler shell]# cat ldapserver.sh
#!/bin/bash
#
# LdapServer install Script
# author: liulingfeng
# 2023-04-29
#--------------------------------------------

#1、关闭防火墙

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
systemctl disable firewalld.service && systemctl stop firewalld.service
systemctl stop NetworkManager && systemctl disable NetworkManager

#############################################################
AdminPd="Huawei@123"
PassWord="$(slappasswd -s $AdminPd)"
DomainPrefix="huawei"
DomainSuffix="com"
LdifPath="/etc/openldap/schema"
DomainName="huawei.com"

# kylin=mdb,centos=hdb
olcfilename="mdb"
#############################################################

mkdir -p ${LdifPath}
yum install -y openldap-servers openldap openldap-devel openldap-clients


function ldapserver(){
yum -y reinstall openldap compat-openldap \
openldap-clients openldap-servers openldap-servers-sql \
openldap-devel migrationtools

rm -rf /var/lib/ldap/DB_CONFIG
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/DB_CONFIG

grep "/var/log/slapd.log" /etc/rsyslog.conf || cat >> /etc/rsyslog.conf << EOFA
local4.* /var/log/slapd.log
EOFA

systemctl restart rsyslog && systemctl enable slapd && systemctl start slapd

#2、更改管理用户密码
cat>${LdifPath}/chrootpw.ldif<<EOF
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: ${PassWord}
EOF

#3、导入信息配置信息
ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/chrootpw.ldif

#4、定义了后续创建条目可以使用哪些属性:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

#5、配置 LDAP 的顶级域(以 dc=huawei,dc=com 为例)及其管理域:

cat>${LdifPath}/chdomain.ldif<<EOFB
# replace to your own domain name for "dc=***,dc=***" section
# specify thessword generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" read by * none

dn: olcDatabase={2}${olcfilename},cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=${DomainPrefix},dc=${DomainSuffix}

dn: olcDatabase={2}${olcfilename},cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}

dn: olcDatabase={2}${olcfilename},cn=config
changetype: modify
add: olcRootPW
olcRootPW: ${PassWord}

dn: olcDatabase={2}${olcfilename},cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" write by * read
EOFB

#6、导入顶级域配置信息
ldapmodify -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/chdomain.ldif

#7、创建Huawei News Agency 的组织,并在其下创建一个  (可用"基础base.ldif文件生成"内容进行导入)
#Manager 的组织角色(该角色内的用户具有管理整个 LDAP 的权限)和 People 和 Group 两个组织单元:
cat>${LdifPath}/Mybase01.ldif<<EOFC
dn: dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: top
objectClass: dcObject
objectclass: organization
o: ${DomainPrefix}.${DomainSuffix}
dc: ${DomainPrefix}

dn: cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: organizationalRole
cn: Manager

dn: ou=people,dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: organizationalUnit
ou: people

dn: ou=group,dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: organizationalUnit
ou: group
EOFC

#8、修改migrate_common.ph文件配置并创建Mybase.ldif
rpm -qa migrationtools || yum install -y migrationtools
sed -i.bak -e '90 s/0/1/g' -e '71 s/padl.com/'${DomainName}'/g' \
-e '74 s/dc=padl,dc=com/'dc=${DomainPrefix},dc=${DomainSuffix}'/g' \
/usr/share/migrationtools/migrate_common.ph

#生成基础base.ldif文件
/usr/share/migrationtools/migrate_base.pl > ${LdifPath}/Mybase.ldif

#8、导入顶级域配置信息
ldapadd -x -D cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} -w ${AdminPd} -f ${LdifPath}/Mybase.ldif

#ldapadd -x -D cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} -w ${AdminPd} -f ${LdifPath}/basedomain.ldif
echo ------------------------------
echo ladp server install successfull
echo ------------------------------
}

function phpldapadmin(){
yum -y install httpd php php-ldap php-snmp php-devel php php-pdo php-mysqlnd php-fpm
yum -y install phpldapadmin
cp /etc/phpldapadmin/config.php /etc/phpldapadmin/config.php.bak

#使用DN登录,即cn=admin,dc=huawei,dc=com
sed -i '398 s#uid#dn#g'   /etc/phpldapadmin/config.php
sed -i '/Require local/ s#Require local#Require all granted#g' /etc/httpd/conf.d/phpldapadmin.conf
systemctl restart httpd
echo ----------------------------------------------------
echo "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} logon"
echo ----------------------------------------------------
}

grep "/var/log/slapd.log" /etc/rsyslog.conf || cat >> /etc/rsyslog.conf << EOF
local4.* /var/log/slapd.log
EOF

#
echo '#!/bin/bash
AdminPd="Huawei@123"
DomainPrefix="huawei"
DomainSuffix="com"
LdifPath="/etc/openldap/schema/UserAndGroup"
UserName=$1

function creUserAndGroup(){

test -d ${LdifPath} || mkdir -pv ${LdifPath}

# 1、创建ldap user
useradd  $UserName
echo "Huawei@123" | passwd --stdin $UserName

# 2、把新增的ldap user 项写入单独的文件中
getent passwd | grep -i "$UserName"  > ${LdifPath}/users
getent group  | grep -i "$UserName"  > ${LdifPath}/groups

# 3、根据users和group文件生成ldif文件;生产环境,此步需要筛选指定用户
/usr/share/migrationtools/migrate_passwd.pl ${LdifPath}/users  > ${LdifPath}/users.ldif      #生产用户的ldif
/usr/share/migrationtools/migrate_group.pl  ${LdifPath}/groups > ${LdifPath}/groups.ldif     #生产组的ldif

# 4、编辑ldif文件 添加正确的uid和gid以及home目录 (一般情况下都需要编辑再次确认)
ldapadd -x -w "${AdminPd}" -D "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" -f ${LdifPath}/users.ldif
ldapadd -x -w "${AdminPd}" -D "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" -f ${LdifPath}/groups.ldif
echo ------------------------
echo "add User $UserName successfull"
echo ------------------------
}

creUserAndGroup
}'> /root/aa.sh

function preinstall(){
cat>>/etc/security/limits.conf<<EOFH
* soft memlock unlimited
* hard memlock unlimited
* soft stack unlimited
* hard stack unlimited
* soft nofile 1000000
* hard nofile 1000000
* hard nproc 1000000
* soft nproc 1000000
EOFH

}

#preinstall
#ldapserver
phpldapadmin

 

标签:配置,dc,LDAPserver,etc,openldap,ldif,LdifPath,相关,php
From: https://www.cnblogs.com/vmsysjack/p/17436419.html

相关文章

  • Centos7配置普通用户不加sudo直接运行docker命令
    平时普通用户执行docker命令都要在docker命令前加上sudo就挺麻烦的,咱们把普通用户执行docker要加的sudo去掉.设置用户组sudogroupadddocker如果出现groupadd:cannotopen/etc/group,则使用以下两行命令解锁,如果没有则不需要运行,直接跳过即可sudochattr-i/etc/shad......
  • centos7上配置nacos及开机启动服务
    这里安装的是nacos2.2.0 https://github.com/alibaba/nacos/releasescentos7中需要配置java环境这里一般java1.8或1116都行sudoyumupdate#安装OpenJDK(JavaDevelopmentKit):#对于Java8:sudoyuminstalljava-1.8.0-openjdk#对于Java11:sudoyuminstalljava-1......
  • 初等数论(Ⅲ):高次同余、阶和原根相关
    前言关于高次同余方程,有\(a^x\equivb(\text{mod}\p)\)和\(x^a\equivb(\text{mod}\p)\)两种类型,后者计算起来较为麻烦,下文就分别记述这两种高次同余方程。离散对数问题离散对数问题是在模\(p\)意义下求解\(\log_ab\),这等价于形如\[a^x\equivb(\text{mod}\p)......
  • 什么是spring以及相关
    参考:https://www.bilibili.com/video/BV1jc411j7u5/?spm_id_from=333.788.recommend_more_video.0&vd_source=46d50b5d646b50dcb2a208d3946b1598......
  • 图的相关知识
    图与之前学习的数据结构不同的地方在于他更加注重数据与数据之间的关系,他又顶点和边构成.图的最经常应用应该是人与人的好感度社交关系的应用.每个人是一个定点,每条边是人与人之间的亲密度.图分为有向图和无向图,无向图是相互之间的关系,有向图是单方面之间的关系.完全图指图中......
  • OSPF 高级配置
    OSPF高级配置拓扑图:推荐步骤:➢路由器接口配置➢配置➢配置路由重分发验证全网互通实验步骤:路由器接口配置给查看给查看给查看接口配置给查看给查看给查看接口配置配置在在在查看查看查看R1访问R4的loopback0接口配置静态路由R4访问ospf和其他网络使用默认路由查看查看......
  • OneForAll下载安装以及环境配置
    python-3.9.7-amd64OneForAll-masterpython安装以及插件安装首先下载python解压到电脑c盘在c盘中创建一个工具文件夹,然后下载OneForAll-master下载好之后找到安装包点击安装勾选下面两个得点击上面的,上面的是自定义安装出现这个就代表的安装完成了,但是一定要记得文件路径然后下载......
  • nginx 配置中的sendfile 的作用
    http{...sendfileon...}sendfile配置的具体意思:设置为on表示,使用零拷贝技术来传输文件:sendfile,这样只需要2次上下文切换,和2次数据拷贝。设置为off表示,使用传统的文件传输技术:read+write,这时就需要4次上下文切换,和4次数据拷贝。当然,要使用sendfil......
  • springboot添加多个环境的配置文件
    1,在resources目录下面新建application.properties,application-dev.properties,application-pre.properties,application-prod.properties2,在application.properties只添加一行要激活的环境,其他不用添加spring.profiles.active=dev3,其他属性文件根据需要配置不同的属性......
  • springboot2.7使用log4j2的maven配置
    先排查自带的<!--排除自带的--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter</artifactId><exclusions>......