OpenLDAP安裝

參考：

http://54im.com/openldap/centos-6-yum-install-openldap-phpldapadmin-tls-%E5%8F%8C%E4%B8%BB%E9%85%8D%E7%BD%AE.html

 

1.規劃：
用戶：gongshaocheng,littlesuccess,cuckoo
組:administrator,analsyst,engineer

 

2.安裝openldap

yum -y install openldap-servers openldap-clients
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap
cd /etc/openldap
mv slapd.d slapd.d.original
cp ldap.conf ldap.conf.original

設置openldap服務器密碼

slappasswd
New password: (123456)
Re-enter new password: (123456)
{SSHA}5PD6lnr0JDKUg6n4/6irm/h5XRM3VYOa

配置slapd.con

cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf
vi /usr/share/openldap-servers/slapd.conf

修改內容以下:

database    bdb
suffix "dc=clouderachina,dc=com"
checkpoint    1024 15 rootdn "cn=Manager,dc=clouderachina,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw        secret
# rootpw        {crypt}ijFYNcSNctBYg
rootpw {SSHA}5PD6lnr0JDKUg6n4/6irm/h5XRM3VYOa 

啓動ldap服務

chkconfig slapd on
/etc/init.d/slapd start

檢查:

ldapsearch -x -b "dc=clouderachina,dc=com"

 

3. 創建用戶和組:

groupadd -g 500 -p 123456 administrator
groupadd -g 501 -p 123456 analsyst
groupadd -g 502 -p 123456 engineer

useradd -u 5000 -d /home/gongshaocheng -g administrator -p 123456 gongshaocheng
useradd -u 5010 -d /home/littlesuccess -g analsyst -p 123456 littlesuccess
useradd -u 5020 -d /home/cuckoo -g engineer -p 123456 cuckoo

安裝及配置遷移工具

yum install migrationtools -y
cd /usr/share/migrationtools/

 

修改migrate_common.ph  

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "clouderachina.com"; # Default base $DEFAULT_BASE = "dc=clouderachina,dc=com";

./migrate_base.pl >base.ldif

base.ldiff文件裏面不少內容是多餘的，咱們只要以下內容:

dn: clouderachina,dc=com
clouderachina: 
objectClass: top
objectClass: 

dn: ou=People,clouderachina,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,clouderachina,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

 

建立用戶和組的數據庫文件

grep gongshaocheng /etc/passwd >>user.txt
grep littlesuccess /etc/passwd >>user.txt
grep cuckoo /etc/passwd >>users.txt

./migrate_passwd.pl user.txt ./user.ldif


grep administrator /etc/group >>group.txt
grep analsyst /etc/group >>group.txt
grep engineer /etc/group >>group.txt

./migrate_group.pl group.txt ./group.ldif

 

遷移系統用戶到ldap數據庫

ldapadd -D "cn=Manager,dc=clouderachina,dc=com" -W -x -f /usr/share/migrationtools/base.ldif

ldapadd -D "cn=Manager,dc=clouderachina,dc=com" -W -x -f /usr/share/migrationtools/user.ldif

ldapadd -D "cn=Manager,dc=clouderachina,dc=com" -W -x -f /usr/share/migrationtools/group.ldif

 

ldap客戶端配置
yum install authconfig-tui
進入authconfig-tui
選擇使用LDAP，和LDAP驗證
ldap地址：ldap://192.168.0.85/
基點DN: dc=clouderachina,dc=com

退出後會自動啓sssd服務

 

驗證：

輸入 id gongshaocheng

[root@demo2 ~]# id gongshaocheng
uid=5000(gongshaocheng) gid=500(administrator) groups=500(administrator)

輸入 su gongshaocheng

[root@demo3 ~]# su gongshaocheng
bash-4.1$ exit

 

5.在NFS服務器上創建用戶主目錄
在NFS服務器上執行：
/etc/init.d/rpcbind start
/etc/init.d/nfslock start
/etc/init.d/nfs start
chkconfig rpcbind on
chkconfig nfslock on
chkconfig nfs on

修改/etc/exports
增長以下內容：
vi /etc/exports
/home *(rw,sync)

設置完後，重啓nfs 服務器：
service nfs restart

檢查:
showmount -e localhost

6.在客戶端掛載NFS主目錄
確保客戶端已經安裝了 autofs 服務
配置 autofs 服務
#vi /etc/auto.master
最後加入以下行並保存：
/home /etc/auto.nfs //表示掛載到本地的位置和配置文件
#vi /etc/auto.nfs
輸入以下內容並保存：
* -fstype=nfs,rw,sync 192.168.0.85:/home/&
說明，上面的*表示要掛載的某用戶的目錄，後面的&表示用戶名。192.168.0.85爲NFS服務器

測試:su - gongshaochengmkdir test這時在NFS服務器上/home/gongshaocheng/下就能夠找到test