Single

OpenLDAP常用ldif文件编写

1,通过 migrationtools 模板文件生成LDIF文件

# ls /usr/share/migrationtools/
migrate_aliases.pl              migrate_automount.pl        migrate_networks.pl
migrate_all_netinfo_offline.sh  migrate_base.pl             migrate_passwd.pl
migrate_all_netinfo_online.sh   migrate_common.ph           migrate_profile.pl
migrate_all_nis_offline.sh      migrate_fstab.pl            migrate_protocols.pl
migrate_all_nis_online.sh       migrate_group.pl            migrate_rpc.pl
migrate_all_nisplus_offline.sh  migrate_hosts.pl            migrate_services.pl
migrate_all_nisplus_online.sh   migrate_netgroup.pl         migrate_slapd_conf.pl
migrate_all_offline.sh          migrate_netgroup_byhost.pl
migrate_all_online.sh           migrate_netgroup_byuser.pl

(1)生成用户的 ldif 文件

# tail -n 5 /etc/passwd > system_user
# /usr/share/migrationtools/migrate_passwd.pl system_user user.ldif
# cat user.ldif 
dn: uid=systemd-network,ou=People,dc=padl,dc=com
uid: systemd-network
cn: systemd Network Management
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!!
shadowLastChange: 17512
loginShell: /sbin/nologin
uidNumber: 192
gidNumber: 192
homeDirectory: /
gecos: systemd Network Management
......

(2)生成组文件

# tail -n 5 /etc/group > system_group
# /usr/share/migrationtools/migrate_group.pl system_group group.ldif
# cat group.ldif
# cat group.ldif 
dn: cn=systemd-network,ou=Group,dc=padl,dc=com
objectClass: posixGroup
objectClass: top
cn: systemd-network
userPassword: {crypt}x
gidNumber: 192
......

1.2 创建用户

# cat << EOF | ldapadd -x -W -H ldaps://192.168.20.230  -D cn=admin,dc=chaiio,dc=cn
dn: cn=xuefeng zang,ou=people,dc=chaiio,dc=cn
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: top
cn: xingming
sn: xing
givenName: ming
uid: loginname
uidNumber: 1000
gidNumber: 500
gecos: miaoshu
homeDirectory: /home/users/xuefengzang
loginShell: /bin/bash
userPassword:: e1NIQTUxMn1XcTZsaTNJL3VCMG1vd3JWaG0rRURmR0p0bjNsb1ZMaEg5UTd3bzc
 vWFBUNGRMbmhubmNuTnFpc3pzTGZhWk1McUt3L3ErOCtWMjdvYXpnbS8yQUlSUT09
EOF

1.3 创建组

# cat << EOF | ldapadd -x -W -H ldaps://192.168.20.230  -D cn=admin,dc=chaiio,dc=cn
dn: cn=admin,ou=group,dc=chaiio,dc=cn
objectClass: posixGroup
cn: admin
gidNumber: 3001
EOF

2. 初始化域

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=admin,dc=chaiio,dc=cn" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=chaiio,dc=cn

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=chaiio,dc=cn

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}uH19COO/iEnrh6r14rZeAbTBRDMv2YPu

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="dc=chaiio,dc=cn" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=chaiio,dc=cn" write by * read

3. 日志修改

// 版本1
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: stats

// 版本2
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: any

4. 主从同步

# 主
# add module
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la

# config syncprov
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 10
olcSpSessionLog: 100
# 从
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=002
  provider=ldaps://192.168.20.223:636/
  bindmethod=simple
  binddn="cn=admin,dc=chaiio,dc=cn"
  credentials=chaiio.cn
  searchbase="dc=chaiio,dc=cn"
  scope=sub
  schemachecking=on
  type=refreshAndPersist
  retry="5 5 300 +"
  attrs="*,+"
  interval=00:00:00:10

5. 组织单元(OU)操作

# cat << EOF | ldapadd -x -W -H ldaps://192.168.20.230 -D cn=admin,dc=chaiio,dc=cn
dn: ou=Servers,dc=chaiio,dc=cn
ou: Servers
objectClass: organizationalUnit

dn: ou=people,dc=chaiio,dc=cn
ou=People
objectClass: organizationalUnit
EOF

暂无评论

发表评论