ドメイン名を合わせないとLDAPが起動しないのでOSのドメイン設定
domainname yourdomain.com
vim /etc/sysconfig/network
HOSTNAME=yourdomain.com
yumでOpenLDAPインストール
yum install openldap openldap-servers openldap-clients
LDAP管理者パスワード設定
slappasswd
slap.dフォルダ作成
cd /etc/openldap rm -rf slapd.d mkdir slapd.d cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG cp -p /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
ドメイン部分,rootpwを変更
vim /etc/openldap/slapd.conf
# enable server status monitoring (cn=monitor)
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=Manager,dc=yourdomain,dc=com" read
by * none
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=yourdomain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=yourdomain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX(slappasswdの出力結果)
slaptest -u -f /etc/openldap/slapd.conf -v slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
「id2entry.bdb」がいないとエラーはひとまず無視
chown -R ldap: slapd.d chown -R ldap: /var/lib/ldap service slapd start
vim init.ldif
dn: dc=yourdomain,dc=com objectClass: dcObject objectClass: organization dc: yourdomain o : yourdomain dn: cn=Manager,dc=yourdomain,dc=com objectClass: organizationalRole cn: Manager
ldapadd -x -h 127.0.0.1 -D "cn=Manager,dc=yourdomain,dc=com" -W -f init.ldif
