Vous êtes sur la page 1sur 4

OpenLDAP Server

compat-openldap.i386 0:2.1.30-6.4E openldap-clients.i386 0:2.2.13-6.4E openldap-devel.i386 0:2.2.13-6.4E openldap-servers.i386 0:2.2.13-6.4E openldap-servers-sql.i386 0:2.2.13-6.4E ou can install them using the command:

yum install *openldap* -y

-----------------------------------------------------------

vi /etc/openldap/sldap.conf

openssl passwd

add in /etc/openldap/sldap.conf

suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw {crypt}BreLcru48OqmA

-------------------------------------------------------------------------

service ldap restart tail -f /var/log/messages

useradd -d /home/users/system1-user01 system1-user01 useradd -d /home/users/system2-user02 system2-user02 useradd -d /home/users/system3-user03 system3-user03 useradd -d /home/users/system4-user04 system4-user04 useradd -d /home/users/system5-user05 system5-user05 useradd -d /home/users/system6-user06 system6-user06 useradd -d /home/users/system7-user07 system7-user07 useradd -d /home/users/system8-user08 system8-user08 useradd -d /home/users/system9-user09 system9-user09 useradd -d /home/users/system10-user10 system10-user10

passwd system1-user01 passwd system2-user02 passwd system3-user03 passwd system4-user04 passwd system5-user05 passwd system6-user06 passwd system7-user07 passwd system8-user08

passwd system9-user09 passwd system10-user10 groupadd -g 10000 system01 groupadd -g 10001 system02 usermod -G 10000 system1-user01 usermod -G 10000 system2-user02 usermod -G 10001 system3-user03

--------------------------------------------------------------------------------------

vi /etc/exports

/home/users 192.168.0.0/255.255.255.0(rw,sync)

----------------------------------------------------------------------------------

vi /etc/openldap/init.ldif

dn: dc=example,dc=com objectClass: dcObject objectClass: organization o: example dc: example dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole cn: Manager dn: ou=Account,dc=example,dc=com objectClass: organizationalUnit ou: Account dn: ou=Group,dc=example,dc=com objectClass: organizationalUnit ou: Group #ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f init.ldif #ldapsearch -x -LLL -b "dc=example, dc=com" "(objectClass=*)"

----------------------------------------------------------------------------------------

vi /etc/openldap/group.ldif

dn: cn=system01,ou=Group,dc=example,dc=com objectClass: posixGroup objectClass: top cn: system01 gidNumber: 10000 dn: cn=system02,ou=Group,dc=example,dc=com objectClass: posixGroup objectClass: top cn: system02 gidNumber: 10001 ldapadd -x -D "cn=Manager, dc=example, dc=com" -W -f group.ldif

before create user.ldif su - system1-user01 id <-- check user id

openssl passwd copy and paste on

---------------------------------------------------------------

vi /etc/openldap/user.ldif dn: uid=system1-user01,ou=Account,dc=example,dc=com uid: system1-user01 cn: test user 01 objectClass: account objectClass: posixAccount objectClass: top userPassword: {crypt}FLVvKA5gz4RUk loginShell: /bin/bash uidNumber: 511 gidNumber: 10000 homeDirectory: /home/users/system1-user01

dn: uid=system2-user02,ou=Account,dc=example,dc=com uid: system2-user02 cn: test user 02 objectClass: account objectClass: posixAccount objectClass: top userPassword: {crypt}9oB/59btUGpGM loginShell: /bin/bash uidNumber: 512 gidNumber: 10000 homeDirectory: /home/users/system2-user02 dn: uid=system3-user03,ou=Account,dc=example,dc=com uid: system3-user03 cn: test user 03 objectClass: account objectClass: posixAccount objectClass: top userPassword: {crypt}xopW7X41D.w/6 loginShell: /bin/bash uidNumber: 513 gidNumber: 10001 homeDirectory: /home/users/system3-user03 ldapadd -x -D "cn=Manager, dc=example, dc=com" -W -f user.ldif

---------------------------------------------------------------------

export home directory on server1.example.com /home/users 192.168.0.0/255.255.255.0(rw,sync)

--------------------------------------------------------------------

### LDAP Clients ### authconfig-tui

- Use LDAP

- Use LDAP Authentication

ldap://server1.example.com

dc=example,dc=com

---------------------------------------------------------------------

vi /etc/auto.master

/home/users /etc/auto.users --timeout=60

vi /etc/auto.users

* -fstype=nfs,rw,soft,intr server1.example.com:/home/users/&