OpenLDAP
跳转到导航
跳转到搜索
安装
CentOS 下:
yum install -y openldap-servers openldap-clients
配置
以下是适合 CentOS 的配置代码:
#!/bin/bash -e
org_name=example
root_dn=dc=example,dc=com
root_user=cn=master,$root_dn
# TODO: change this for production
root_pass=rootpass
sed -i \
-e "/^olcRootDN: /s/: .*/: $root_user/" \
-e "/^olcSuffix: /s/: .*/: $root_dn/" \
-e '/^olcRootPW: /d' \
'/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif'
echo "olcRootPW: $root_pass" >> '/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif'
sed -i \
-e '/cn=auth/s/dn\.base="[^"]*"/dn.base="'"$root_user"'"/' \
'/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif'
sed -i \
-e '/^olcAccess: /d' \
'/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif'
cat >> '/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif' <<EOF
olcAccess: {0}to attrs=userPassword by self write by dn.base="$root_user" write by anonymous auth by * none
olcAccess: {1}to * by dn.base="$root_user" write by self write by * read
EOF
chkconfig slapd on
service slapd start
add_ldif() {
ldapadd -f "$1" -D $root_user -w $root_pass
}
cat > /tmp/tmp.ldif <<EOF
dn: $root_dn
objectClass: dcObject
objectClass: organization
dc: $org_name
o : $org_name
EOF
add_ldif /tmp/tmp.ldif
cat > /tmp/tmp.ldif <<EOF
dn: ou=users,$root_dn
objectClass: organizationalUnit
ou: users
EOF
add_ldif /tmp/tmp.ldif
rm /tmp/tmp.ldif
ldif 示例
添加用户
dn: cn=alice,ou=users,dc=example,dc=com
cn: alice
sn: alice
objectClass: inetOrgPerson
userPassword: xxxx
uid: alice
为 JIRA 添加一个组
dn: cn=jira-users,ou=jira,dc=example,dc=com
cn: jira-users
objectClass: groupOfUniqueNames
uniqueMember: cn=yiyun,ou=users,dc=example,dc=com