ドメイン名を合わせないとLDAPが起動しないのでOSのドメイン設定
domainname yourdomain.com
vim /etc/sysconfig/network
HOSTNAME=yourdomain.com
yumでOpenLDAPインストール
yum install openldap openldap-servers openldap-clients
LDAP管理者パスワード設定
slappasswd
slap.dフォルダ作成
cd /etc/openldap rm -rf slapd.d mkdir slapd.d cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG cp -p /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
ドメイン部分,rootpwを変更
vim /etc/openldap/slapd.conf
# enable server status monitoring (cn=monitor) database monitor access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=Manager,dc=yourdomain,dc=com" read by * none ####################################################################### # database definitions ####################################################################### database bdb suffix "dc=yourdomain,dc=com" checkpoint 1024 15 rootdn "cn=Manager,dc=yourdomain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX(slappasswdの出力結果)
slaptest -u -f /etc/openldap/slapd.conf -v slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
「id2entry.bdb」がいないとエラーはひとまず無視
chown -R ldap: slapd.d chown -R ldap: /var/lib/ldap service slapd start
vim init.ldif
dn: dc=yourdomain,dc=com objectClass: dcObject objectClass: organization dc: yourdomain o : yourdomain dn: cn=Manager,dc=yourdomain,dc=com objectClass: organizationalRole cn: Manager
ldapadd -x -h 127.0.0.1 -D "cn=Manager,dc=yourdomain,dc=com" -W -f init.ldif