{"id":79,"date":"2021-05-16T20:00:41","date_gmt":"2021-05-16T12:00:41","guid":{"rendered":"http:\/\/www.yunloveting.com\/?p=79"},"modified":"2021-05-16T20:00:41","modified_gmt":"2021-05-16T12:00:41","slug":"%e9%83%a8%e7%bd%b2ldap","status":"publish","type":"post","link":"http:\/\/www.yunloveting.com\/?p=79","title":{"rendered":"\u90e8\u7f72ldap"},"content":{"rendered":"\n

#! \/bin\/bash<\/h1>\n\n\n\n

echo \u5173\u95ed\u9632\u706b\u5899 \u5b89\u5168linux
service iptables stop &> \/dev\/null
\/usr\/sbin\/setenforce 0 &> \/dev\/null
sed -i ‘s\/SELINUX=enforcing\/SELINUX=disabled\/gp’ \/etc\/selinux\/config &> \/dev\/null
[ $? -ne 0 ] && echo “\u5931\u8d25”<\/p>\n\n\n\n

echo “\u914d\u7f6e\u521d\u59cb\u5316\u4fe1\u606f”
cat >\/etc\/sysconfig\/network-scripts\/ifcfg-eth0 << EOT DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=none IPADDR=192.168.1.254 NETMASK=255.255.255.0 GATEWAY=192.168.1.2 EOT echo “NETWORKING=yes” > \/etc\/sysconfig\/network
echo “HOSTNAME=openldap-server.uplooking” >>\/etc\/sysconfig\/network
nisdomainname openldap-server.uplooking &> \/dev\/null
service network restart &> \/dev\/null<\/p>\n\n\n\n

echo “192.168.1.254 openldap-server.uplooking” >>\/etc\/hosts
echo “192.168.1.100 STARCL” >>\/etc\/hosts<\/p>\n\n\n\n

echo “\u5b89\u88c5ldap\u670d\u52a1\u7aef\u8f6f\u4ef6\u5305”<\/p>\n\n\n\n

yum -y install openldap openldap-devel openldap-clients openldap-servers migrationtools &> \/dev\/null<\/p>\n\n\n\n

cp \/usr\/share\/openldap-servers\/slapd.conf.obsolete \/etc\/openldap\/slapd.conf<\/p>\n\n\n\n

mv \/etc\/openldap\/slapd.d\/ \/etc\/openldap\/slapd.d.bak<\/p>\n\n\n\n

cp \/usr\/share\/openldap-servers\/DB_CONFIG.example \/etc\/openldap\/DB_CONFIG<\/p>\n\n\n\n

chown -R ldap.ldap \/var\/lib\/ldap\/<\/p>\n\n\n\n

cat >\/etc\/openldap\/slapd.conf <<EOF
include \/etc\/openldap\/schema\/corba.schema
include \/etc\/openldap\/schema\/core.schema
include \/etc\/openldap\/schema\/cosine.schema
include \/etc\/openldap\/schema\/duaconf.schema
include \/etc\/openldap\/schema\/dyngroup.schema
include \/etc\/openldap\/schema\/inetorgperson.schema
include \/etc\/openldap\/schema\/java.schema
include \/etc\/openldap\/schema\/misc.schema
include \/etc\/openldap\/schema\/nis.schema
include \/etc\/openldap\/schema\/openldap.schema
include \/etc\/openldap\/schema\/ppolicy.schema
include \/etc\/openldap\/schema\/collective.schema
allow bind_v2
pidfile \/var\/run\/openldap\/slapd.pid
argsfile \/var\/run\/openldap\/slapd.args
TLSCACertificatePath \/etc\/openldap\/certs\/ca.crt
TLSCertificateFile \/etc\/openldap\/certs\/ldap.crt
TLSCertificateKeyFile \/etc\/openldap\/certs\/ldap.key
database config
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” manage
by * none
database monitor
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” read
by dn.exact=”cn=Manager,dc=my-domain,dc=com” read
by * none
database bdb
suffix “dc=STAR,dc=com”
checkpoint 1024 15
rootdn “cn=Manager,dc=STAR,dc=com”
rootpw 123456
directory \/var\/lib\/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub<\/p>\n\n\n\n

EOF<\/p>\n\n\n\n

service slapd start
chkconfig slapd on<\/p>\n\n\n\n

sed -i ‘s\/\\$DEFAULT_MAIL_DOMAIN = “padl.com”;\/\\$DEFAULT_MAIL_DOMAIN = “STAR.com”;\/’ \/usr\/share\/migrationtools\/migrate_common.ph
sed -i ‘s\/\\$DEFAULT_BASE = “dc=padl,dc=com”;\/\\$DEFAULT_BASE = “dc=STAR,dc=com”;\/’ \/usr\/share\/migrationtools\/migrate_common.ph
sed -i ‘s\/\\$EXTENDED_SCHEMA = 0;\/\\$EXTENDED_SCHEMA = 1;\/’ \/usr\/share\/migrationtools\/migrate_common.ph<\/p>\n\n\n\n

cd \/usr\/share\/migrationtools\/
.\/migrate_base.pl > \/tmp\/base.ldif<\/p>\n\n\n\n

echo “BASE dc=STAR,dc=com “>> \/etc\/openldap\/ldap.conf
echo “URL ldap:\/\/127.0.0.1 ” >> \/etc\/openldap\/ldap.conf<\/p>\n\n\n\n

mkdir \/rhome<\/p>\n\n\n\n

for i in {01..10}
do
useradd ldapuser$i -d \/rhome\/ldapuser$i
echo “123” |passwd –stdin ldapuser$i
done &> \/dev\/null<\/p>\n\n\n\n

egrep ‘ldapuser[0-9]+’ \/etc\/passwd > \/root\/user.txt
egrep ‘ldapuser[0-9]+’ \/etc\/group > \/root\/group.txt<\/p>\n\n\n\n

\/usr\/share\/migrationtools\/migrate_passwd.pl \/root\/user.txt > \/tmp\/user.ldif
\/usr\/share\/migrationtools\/migrate_group.pl \/root\/group.txt > \/tmp\/group.ldif<\/p>\n","protected":false},"excerpt":{"rendered":"

#! \/bin\/bash echo \u5173\u95ed\u9632\u706b\u5899 \u5b89\u5168linuxservice iptables stop &a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"_links":{"self":[{"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=\/wp\/v2\/posts\/79"}],"collection":[{"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=79"}],"version-history":[{"count":1,"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=\/wp\/v2\/posts\/79\/revisions"}],"predecessor-version":[{"id":80,"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=\/wp\/v2\/posts\/79\/revisions\/80"}],"wp:attachment":[{"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=79"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=79"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.yunloveting.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}