CentOS6.4_x64配置OpenLDAP+PhpldapAdmin

[root@OpenLDAP-Server ~]# yuminstall openldap openldap-servers openldap-devel openldap-clients -y

[root@OpenLDAP-Server ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG[root@OpenLDAP-Server ~]# ll /var/lib/ldap/DB_CONFIG-rw-r--r-- 1 root root 845 Jul 2301:26 /var/lib/ldap/DB_CONFIG[root@OpenLDAP-Server ~]# chown ldap.ldap /var/lib/ldap/DB_CONFIG

[root@OpenLDAP-Server ~]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf[root@OpenLDAP-Server ~]# cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak

[root@OpenLDAP-Server openldap]# slappasswd New password: Re-enter new password: {SSHA}RSrMQsEKK1O/K6OmUpMF7V0iZ73cS2qg    //这里输入完密码后就被加密了，这串字符后面有用，先保存下来。

[root@OpenLDAP-Server openldap]# vim slapd.conf        by dn.exact="cn=Manager,dc=my-domain,dc=com" read108         by * none109110 #######################################################################111 # database definitions112 #######################################################################113114 database        bdb112 #######################################################################113103 # enable server status monitoring (cn=monitor)104 database monitor105 access to *
106         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read107         by dn.exact="cn=Manager,dc=yangxiaofei,dc=com" read108         by * none109110 #######################################################################111 # database definitions112 #######################################################################113114 database        bdb115 suffix          "dc=yangxiaofei,dc=com"116 checkpoint      102415117 rootdn          "cn=Manager,dc=yangxiaofei,dc=com"118 # Cleartext passwords, especially for the rootdn, should119 # be avoided.  See slappasswd(8) and slapd.conf(5) for details.120 # Use of strong authentication encouraged.121 # rootpw                secret122 # rootpw                {crypt}ijFYNcSNctBYg123 rootpw        {SSHA}RSrMQsEKK1O/K6OmUpMF7V0iZ73cS2qg124 # The database directory MUST exist prior to running slapd AND 125 # should only be accessible by the slapd and slap tools.126 # Mode 700 recommended.

[root@OpenLDAP-Server openldap]# vim slapd.conf  1 #  2 # See slapd.conf(5) for details on configuration options.  3 # This file should NOT be world readable.  4 #  5 loglevel 296[root@OpenLDAP-Server openldap]# vim /etc/rsyslog.conf # rsyslog v5 configuration file# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html#### MODULES #####$ModLoad immark  # provides --MARK-- message capability# Provides UDP syslog reception#$ModLoad imudp#$UDPServerRun 514# Provides TCP syslog reception#$ModLoad imtcp#$InputTCPServerRun 514# rsyslog v5 configuration file# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html#### MODULES ####$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)$ModLoad imklog   # provides kernel logging support (previously done by rklogd)#$ModLoad immark  # provides --MARK-- message capability# Provides UDP syslog reception#$ModLoad imudp#$UDPServerRun 514local4.* /var/log/ldap.log[root@OpenLDAP-Server openldap]# touch  /var/log/ldap.log[root@OpenLDAP-Server openldap]# chown ldap.ldap  /var/log/ldap.log

[root@OpenLDAP-Server openldap]# rm -rf /etc/openldap/slapd.d/*[root@OpenLDAP-Server openldap]# chown ldap.ldap /var/lib/ldap/[root@OpenLDAP-Server openldap]# /etc/init.d/slapd restartStopping slapd:                                            [  OK  ]Starting slapd:                                            [  OK  ][root@OpenLDAP-Server openldap]# chown -R ldap.ldap /etc/openldap/slapd.d/[root@OpenLDAP-Server openldap]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/config file testing succeeded

[root@OpenLDAP-Server openldap]# ps -aux | grep ldapWarning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQldap      16140.01.04885085352 ?        Ssl  01:460:00 /usr/sbin/slapd -h  ldap:/// ldapi:/// -u ldap
root      16430.00.1103312876 pts/0    S+   01:500:00grep ldap[root@OpenLDAP-Server openldap]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   tcp        000.0.0.0:3890.0.0.0:*                   LISTEN      1614/slapd          tcp        000.0.0.0:220.0.0.0:*                   LISTEN      1274/sshd           tcp        00127.0.0.1:250.0.0.0:*                   LISTEN      1354/master         tcp        00 :::389                      :::*                        LISTEN      1614/slapd          tcp        00 :::22                       :::*                        LISTEN      1274/sshd           tcp        00 ::1:25                      :::*                        LISTEN      1354/master    

[root@OpenLDAP-Server openldap]# yuminstall MigrationTools -yLoaded plugins: fastestmirrorSetting up Install ProcessLoading mirror speeds from cached hostfile * base: mirrors.zju.edu.cn * extras: mirrors.zju.edu.cn * updates: mirrors.zju.edu.cnNo package MigrationTools available.  * Maybe you meant: migrationtoolsError: Nothing to do[root@OpenLDAP-Server openldap]# yuminstall migrationtools -yLoaded plugins: fastestmirrorSetting up Install ProcessLoading mirror speeds from cached hostfile * base: mirrors.yun-idc.com * extras: mirrors.btte.net * updates: mirrors.yun-idc.comResolving Dependencies--> Running transaction check---> Package migrationtools.noarch 0:47-7.el6 will be installed--> Finished Dependency ResolutionDependencies Resolved========================================================================================================================= Package                           Arch                      Version                       Repository               Size=========================================================================================================================Installing: migrationtools                    noarch                    47-7.el6                      base                     25 kTransaction Summary=========================================================================================================================Install       1 Package(s)Total download size: 25 kInstalled size: 104 kDownloading Packages:migrationtools-47-7.el6.noarch.rpm                                                                |  25 kB     00:00     Running rpm_check_debugRunning Transaction TestTransaction Test SucceededRunning Transaction  Installing : migrationtools-47-7.el6.noarch                                                                        1/1   Verifying  : migrationtools-47-7.el6.noarch                                                                        1/1 Installed:  migrationtools.noarch 0:47-7.el6                                                                                       Complete!编译：[root@OpenLDAP-Server openldap]# wget'http://www.padl.com/download/MigrationTools.tgz'
--2016-07-2302:00:39--  http://www.padl.com/download/MigrationTools.tgz
Resolving www.padl.com... 216.154.215.154Connecting to www.padl.com|216.154.215.154|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 21284 (21K) [application/x-gzip]Saving to: “MigrationTools.tgz”100%[==============================>] 21,2841.89K/s   in 11s                   ] 2,8561.21K/s              2016-07-2302:00:52 (1.89 KB/s) - “MigrationTools.tgz” saved [21284/21284][root@OpenLDAP-Server openldap]# tar zxvf MigrationTools.tgz 

[root@OpenLDAP-Server openldap]# cd /usr/share/migrationtools/[root@OpenLDAP-Server migrationtools]# lsmigrate_aliases.pl              migrate_all_offline.sh  migrate_hosts.pl            migrate_protocols.plmigrate_all_netinfo_offline.sh  migrate_all_online.sh   migrate_netgroup_byhost.pl  migrate_rpc.plmigrate_all_netinfo_online.sh   migrate_automount.pl    migrate_netgroup_byuser.pl  migrate_services.plmigrate_all_nis_offline.sh      migrate_base.pl         migrate_netgroup.pl         migrate_slapd_conf.plmigrate_all_nis_online.sh       migrate_common.ph       migrate_networks.plmigrate_all_nisplus_offline.sh  migrate_fstab.pl        migrate_passwd.plmigrate_all_nisplus_online.sh   migrate_group.pl        migrate_profile.pl[root@OpenLDAP-Server migrationtools]# vim  migrate_common.ph # Default DNS domain$DEFAULT_MAIL_DOMAIN = "yangxiaofei.com";# Default base $DEFAULT_BASE = "dc=yangxiaofei,dc=com";

[root@OpenLDAP-Server migrationtools]#  ./migrate_base.pl > /tmp/base.ldif[root@OpenLDAP-Server migrationtools]# ./migrate_passwd.pl  /etc/passwd > /tmp/passwd.ldif[root@OpenLDAP-Server migrationtools]# ./migrate_group.pl  /etc/group > /tmp/group.ldif[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/base.ldifadding new entry "dc=yangxiaofei,dc=com"adding new entry "ou=Hosts,dc=yangxiaofei,dc=com"adding new entry "ou=Rpc,dc=yangxiaofei,dc=com"adding new entry "ou=Services,dc=yangxiaofei,dc=com"adding new entry "nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com"adding new entry "ou=Mounts,dc=yangxiaofei,dc=com"adding new entry "ou=Networks,dc=yangxiaofei,dc=com"adding new entry "ou=People,dc=yangxiaofei,dc=com"adding new entry "ou=Group,dc=yangxiaofei,dc=com"adding new entry "ou=Netgroup,dc=yangxiaofei,dc=com"adding new entry "ou=Protocols,dc=yangxiaofei,dc=com"adding new entry "ou=Aliases,dc=yangxiaofei,dc=com"adding new entry "nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com"[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/passwd.ldif adding new entry "uid=root,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=bin,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=daemon,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=adm,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=lp,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=sync,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=shutdown,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=halt,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=mail,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=uucp,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=operator,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=games,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=gopher,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=ftp,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=nobody,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=vcsa,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=saslauth,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=postfix,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=sshd,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=apache,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=ldap,ou=People,dc=yangxiaofei,dc=com"[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/group.ldif adding new entry "cn=root,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=bin,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=daemon,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=sys,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=adm,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=tty,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=disk,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=lp,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=mem,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=kmem,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=wheel,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=mail,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=uucp,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=man,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=games,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=gopher,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=video,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=dip,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=ftp,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=lock,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=audio,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=nobody,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=users,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=floppy,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=vcsa,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=utmp,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=utempter,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=cdrom,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=tape,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=dialout,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=saslauth,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=postdrop,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=postfix,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=fuse,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=sshd,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=apache,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=stapusr,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=stapsys,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=stapdev,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=ldap,ou=Group,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -H ldap://192.168.2.10 -b "dc=yangxiaofei,dc=com"# extended LDIF## LDAPv3# base <dc=yangxiaofei,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL## yangxiaofei.comdn: dc=yangxiaofei,dc=comdc: yangxiaofeiobjectClass: topobjectClass: domain# Hosts, yangxiaofei.comdn: ou=Hosts,dc=yangxiaofei,dc=comou: HostsobjectClass: topobjectClass: organizationalUnit# Rpc, yangxiaofei.comdn: ou=Rpc,dc=yangxiaofei,dc=comou: RpcobjectClass: topobjectClass: organizationalUnit# Services, yangxiaofei.comdn: ou=Services,dc=yangxiaofei,dc=comou: ServicesobjectClass: topobjectClass: organizationalUnit# netgroup.byuser, yangxiaofei.comdn: nisMapName=netgroup.byuser,dc=yangxiaofei,dc=comnisMapName: netgroup.byuserobjectClass: topobjectClass: nisMap# Mounts, yangxiaofei.comdn: ou=Mounts,dc=yangxiaofei,dc=comou: MountsobjectClass: topobjectClass: organizationalUnit# Networks, yangxiaofei.comdn: ou=Networks,dc=yangxiaofei,dc=comou: NetworksobjectClass: topobjectClass: organizationalUnit# People, yangxiaofei.comdn: ou=People,dc=yangxiaofei,dc=comou: PeopleobjectClass: topobjectClass: organizationalUnit# Group, yangxiaofei.comdn: ou=Group,dc=yangxiaofei,dc=comou: GroupobjectClass: topobjectClass: organizationalUnit# Netgroup, yangxiaofei.comdn: ou=Netgroup,dc=yangxiaofei,dc=comou: NetgroupobjectClass: topobjectClass: organizationalUnit# Protocols, yangxiaofei.comdn: ou=Protocols,dc=yangxiaofei,dc=comou: ProtocolsobjectClass: topobjectClass: organizationalUnit# Aliases, yangxiaofei.comdn: ou=Aliases,dc=yangxiaofei,dc=comou: AliasesobjectClass: topobjectClass: organizationalUnit# netgroup.byhost, yangxiaofei.comdn: nisMapName=netgroup.byhost,dc=yangxiaofei,dc=comnisMapName: netgroup.byhostobjectClass: topobjectClass: nisMap# root, People, yangxiaofei.comdn: uid=root,ou=People,dc=yangxiaofei,dc=comuid: rootcn: rootobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSQ2JFc4R0ZTelYzSk5MR0FWZmckUW5ZbWliQWF4U3pUUW9iT1FJbEF TUGVEZXlZcmhPM0FWSHlMRDlNanhscTRvTVhNU0p5ZWMwTVB2eEFKTzNNWi40T2o4cFdteHRuQXdl MWZQWGVGcy8=shadowLastChange: 16984shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 0gidNumber: 0homeDirectory: /rootgecos: root# bin, People, yangxiaofei.comdn: uid=bin,ou=People,dc=yangxiaofei,dc=comuid: bincn: binobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 1gidNumber: 1homeDirectory: /bingecos: bin# daemon, People, yangxiaofei.comdn: uid=daemon,ou=People,dc=yangxiaofei,dc=comuid: daemoncn: daemonobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 2gidNumber: 2homeDirectory: /sbingecos: daemon# adm, People, yangxiaofei.comdn: uid=adm,ou=People,dc=yangxiaofei,dc=comuid: admcn: admobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 3gidNumber: 4homeDirectory: /var/admgecos: adm# lp, People, yangxiaofei.comdn: uid=lp,ou=People,dc=yangxiaofei,dc=comuid: lpcn: lpobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 4gidNumber: 7homeDirectory: /var/spool/lpdgecos: lp# sync, People, yangxiaofei.comdn: uid=sync,ou=People,dc=yangxiaofei,dc=comuid: synccn: syncobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/syncuidNumber: 5gidNumber: 0homeDirectory: /sbingecos: sync# shutdown, People, yangxiaofei.comdn: uid=shutdown,ou=People,dc=yangxiaofei,dc=comuid: shutdowncn: shutdownobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/shutdownuidNumber: 6gidNumber: 0homeDirectory: /sbingecos: shutdown# halt, People, yangxiaofei.comdn: uid=halt,ou=People,dc=yangxiaofei,dc=comuid: haltcn: haltobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/haltuidNumber: 7gidNumber: 0homeDirectory: /sbingecos: halt# mail, People, yangxiaofei.comdn: uid=mail,ou=People,dc=yangxiaofei,dc=comuid: mailcn: mailobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 8gidNumber: 12homeDirectory: /var/spool/mailgecos: mail# uucp, People, yangxiaofei.comdn: uid=uucp,ou=People,dc=yangxiaofei,dc=comuid: uucpcn: uucpobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 10gidNumber: 14homeDirectory: /var/spool/uucpgecos: uucp# operator, People, yangxiaofei.comdn: uid=operator,ou=People,dc=yangxiaofei,dc=comuid: operatorcn: operatorobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 11gidNumber: 0homeDirectory: /rootgecos: operator# games, People, yangxiaofei.comdn: uid=games,ou=People,dc=yangxiaofei,dc=comuid: gamescn: gamesobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 12gidNumber: 100homeDirectory: /usr/gamesgecos: games# gopher, People, yangxiaofei.comdn: uid=gopher,ou=People,dc=yangxiaofei,dc=comuid: gophercn: gopherobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 13gidNumber: 30homeDirectory: /var/gophergecos: gopher# ftp, People, yangxiaofei.comdn: uid=ftp,ou=People,dc=yangxiaofei,dc=comuid: ftpcn: FTP UserobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 14gidNumber: 50homeDirectory: /var/ftpgecos: FTP User# nobody, People, yangxiaofei.comdn: uid=nobody,ou=People,dc=yangxiaofei,dc=comuid: nobodycn: NobodyobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSo=shadowLastChange: 15628shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /sbin/nologinuidNumber: 99gidNumber: 99homeDirectory: /gecos: Nobody# vcsa, People, yangxiaofei.comdn: uid=vcsa,ou=People,dc=yangxiaofei,dc=comuid: vcsacn: virtual console memory ownerobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 16984loginShell: /sbin/nologinuidNumber: 69gidNumber: 69homeDirectory: /devgecos: virtual console memory owner# saslauth, People, yangxiaofei.comdn: uid=saslauth,ou=People,dc=yangxiaofei,dc=comuid: saslauthcn: "Saslauthd user"objectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 16984loginShell: /sbin/nologinuidNumber: 499gidNumber: 76homeDirectory: /var/empty/saslauthgecos: "Saslauthd user"# postfix, People, yangxiaofei.comdn: uid=postfix,ou=People,dc=yangxiaofei,dc=comuid: postfixcn: postfixobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 16984loginShell: /sbin/nologinuidNumber: 89gidNumber: 89homeDirectory: /var/spool/postfix# sshd, People, yangxiaofei.comdn: uid=sshd,ou=People,dc=yangxiaofei,dc=comuid: sshdcn: Privilege-separated SSHobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 16984loginShell: /sbin/nologinuidNumber: 74gidNumber: 74homeDirectory: /var/empty/sshdgecos: Privilege-separated SSH# apache, People, yangxiaofei.comdn: uid=apache,ou=People,dc=yangxiaofei,dc=comuid: apachecn: ApacheobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 16984loginShell: /sbin/nologinuidNumber: 48gidNumber: 48homeDirectory: /var/wwwgecos: Apache# ldap, People, yangxiaofei.comdn: uid=ldap,ou=People,dc=yangxiaofei,dc=comuid: ldapcn: LDAP UserobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 17005loginShell: /sbin/nologinuidNumber: 55gidNumber: 55homeDirectory: /var/lib/ldapgecos: LDAP User# root, Group, yangxiaofei.comdn: cn=root,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: rootuserPassword:: e2NyeXB0fXg=gidNumber: 0# bin, Group, yangxiaofei.comdn: cn=bin,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: binuserPassword:: e2NyeXB0fXg=gidNumber: 1memberUid: daemon# daemon, Group, yangxiaofei.comdn: cn=daemon,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: daemonuserPassword:: e2NyeXB0fXg=gidNumber: 2memberUid: bin# sys, Group, yangxiaofei.comdn: cn=sys,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: sysuserPassword:: e2NyeXB0fXg=gidNumber: 3memberUid: admmemberUid: bin# adm, Group, yangxiaofei.comdn: cn=adm,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: admuserPassword:: e2NyeXB0fXg=gidNumber: 4memberUid: daemon# tty, Group, yangxiaofei.comdn: cn=tty,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: ttyuserPassword:: e2NyeXB0fXg=gidNumber: 5# disk, Group, yangxiaofei.comdn: cn=disk,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: diskuserPassword:: e2NyeXB0fXg=gidNumber: 6# lp, Group, yangxiaofei.comdn: cn=lp,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: lpuserPassword:: e2NyeXB0fXg=gidNumber: 7memberUid: daemon# mem, Group, yangxiaofei.comdn: cn=mem,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: memuserPassword:: e2NyeXB0fXg=gidNumber: 8# kmem, Group, yangxiaofei.comdn: cn=kmem,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: kmemuserPassword:: e2NyeXB0fXg=gidNumber: 9# wheel, Group, yangxiaofei.comdn: cn=wheel,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: wheeluserPassword:: e2NyeXB0fXg=gidNumber: 10# mail, Group, yangxiaofei.comdn: cn=mail,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: mailuserPassword:: e2NyeXB0fXg=gidNumber: 12memberUid: postfix# uucp, Group, yangxiaofei.comdn: cn=uucp,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: uucpuserPassword:: e2NyeXB0fXg=gidNumber: 14# man, Group, yangxiaofei.comdn: cn=man,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: manuserPassword:: e2NyeXB0fXg=gidNumber: 15# games, Group, yangxiaofei.comdn: cn=games,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: gamesuserPassword:: e2NyeXB0fXg=gidNumber: 20# gopher, Group, yangxiaofei.comdn: cn=gopher,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: gopheruserPassword:: e2NyeXB0fXg=gidNumber: 30# video, Group, yangxiaofei.comdn: cn=video,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: videouserPassword:: e2NyeXB0fXg=gidNumber: 39# dip, Group, yangxiaofei.comdn: cn=dip,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: dipuserPassword:: e2NyeXB0fXg=gidNumber: 40# ftp, Group, yangxiaofei.comdn: cn=ftp,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: ftpuserPassword:: e2NyeXB0fXg=gidNumber: 50# lock, Group, yangxiaofei.comdn: cn=lock,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: lockuserPassword:: e2NyeXB0fXg=gidNumber: 54# audio, Group, yangxiaofei.comdn: cn=audio,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: audiouserPassword:: e2NyeXB0fXg=gidNumber: 63# nobody, Group, yangxiaofei.comdn: cn=nobody,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: nobodyuserPassword:: e2NyeXB0fXg=gidNumber: 99# users, Group, yangxiaofei.comdn: cn=users,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: usersuserPassword:: e2NyeXB0fXg=gidNumber: 100# floppy, Group, yangxiaofei.comdn: cn=floppy,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: floppyuserPassword:: e2NyeXB0fXg=gidNumber: 19# vcsa, Group, yangxiaofei.comdn: cn=vcsa,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: vcsauserPassword:: e2NyeXB0fXg=gidNumber: 69# utmp, Group, yangxiaofei.comdn: cn=utmp,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: utmpuserPassword:: e2NyeXB0fXg=gidNumber: 22# utempter, Group, yangxiaofei.comdn: cn=utempter,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: utempteruserPassword:: e2NyeXB0fXg=gidNumber: 35# cdrom, Group, yangxiaofei.comdn: cn=cdrom,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: cdromuserPassword:: e2NyeXB0fXg=gidNumber: 11# tape, Group, yangxiaofei.comdn: cn=tape,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: tapeuserPassword:: e2NyeXB0fXg=gidNumber: 33# dialout, Group, yangxiaofei.comdn: cn=dialout,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: dialoutuserPassword:: e2NyeXB0fXg=gidNumber: 18# saslauth, Group, yangxiaofei.comdn: cn=saslauth,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: saslauthuserPassword:: e2NyeXB0fXg=gidNumber: 76# postdrop, Group, yangxiaofei.comdn: cn=postdrop,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: postdropuserPassword:: e2NyeXB0fXg=gidNumber: 90# postfix, Group, yangxiaofei.comdn: cn=postfix,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: postfixuserPassword:: e2NyeXB0fXg=gidNumber: 89# fuse, Group, yangxiaofei.comdn: cn=fuse,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: fuseuserPassword:: e2NyeXB0fXg=gidNumber: 499# sshd, Group, yangxiaofei.comdn: cn=sshd,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: sshduserPassword:: e2NyeXB0fXg=gidNumber: 74# apache, Group, yangxiaofei.comdn: cn=apache,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: apacheuserPassword:: e2NyeXB0fXg=gidNumber: 48# stapusr, Group, yangxiaofei.comdn: cn=stapusr,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: stapusruserPassword:: e2NyeXB0fXg=gidNumber: 156# stapsys, Group, yangxiaofei.comdn: cn=stapsys,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: stapsysuserPassword:: e2NyeXB0fXg=gidNumber: 157# stapdev, Group, yangxiaofei.comdn: cn=stapdev,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: stapdevuserPassword:: e2NyeXB0fXg=gidNumber: 158# ldap, Group, yangxiaofei.comdn: cn=ldap,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: ldapuserPassword:: e2NyeXB0fXg=gidNumber: 55# search resultsearch: 2result: 0 Success# numResponses: 75# numEntries: 74

[root@OpenLDAP-Server migrationtools]# ldapdelete -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -r "dc=yangxiaofei,dc=com"[root@OpenLDAP-Server migrationtools]# echo $?
0

[root@OpenLDAP-Server migrationtools]# useradd ldapuser01[root@OpenLDAP-Server migrationtools]# useradd ldapuser02[root@OpenLDAP-Server migrationtools]# tail -n 2 /etc/passwdldapuser01:x:500:500::/home/ldapuser01:/bin/bashldapuser02:x:501:501::/home/ldapuser02:/bin/bash[root@OpenLDAP-Server migrationtools]# grep ldapuser* /etc/passwd > /tmp/passwd[root@OpenLDAP-Server migrationtools]# tail -n 2 /etc/groupldapuser01:x:500:ldapuser02:x:501:[root@OpenLDAP-Server migrationtools]# grep ldapuser* /etc/group > /tmp/group[root@OpenLDAP-Server migrationtools]# cat /tmp/passwdldapuser01:x:500:500::/home/ldapuser01:/bin/bashldapuser02:x:501:501::/home/ldapuser02:/bin/bash[root@OpenLDAP-Server migrationtools]# more /tmp/groupldapuser01:x:500:ldapuser02:x:501:[root@OpenLDAP-Server migrationtools]# ldapsearch -x -b "dc=yangxiaofei,dc=com" -LLLNo such object (32)  //查询提示没有对象ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/base.ldif[root@OpenLDAP-Server migrationtools]# ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/passwd.ldif adding new entry "uid=ldapuser01,ou=People,dc=yangxiaofei,dc=com"adding new entry "uid=ldapuser02,ou=People,dc=yangxiaofei,dc=com"[root@OpenLDAP-Server migrationtools]# ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/group.ldif adding new entry "cn=ldapuser01,ou=Group,dc=yangxiaofei,dc=com"adding new entry "cn=ldapuser02,ou=Group,dc=yangxiaofei,dc=com"[root@OpenLDAP-Server migrationtools]# echo $?
0

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -b "dc=yangxiaofei,dc=com" -LLLdn: dc=yangxiaofei,dc=comdc: yangxiaofeiobjectClass: topobjectClass: domaindn: ou=Hosts,dc=yangxiaofei,dc=comou: HostsobjectClass: topobjectClass: organizationalUnitdn: ou=Rpc,dc=yangxiaofei,dc=comou: RpcobjectClass: topobjectClass: organizationalUnitdn: ou=Services,dc=yangxiaofei,dc=comou: ServicesobjectClass: topobjectClass: organizationalUnitdn: nisMapName=netgroup.byuser,dc=yangxiaofei,dc=comnisMapName: netgroup.byuserobjectClass: topobjectClass: nisMapdn: ou=Mounts,dc=yangxiaofei,dc=comou: MountsobjectClass: topobjectClass: organizationalUnitdn: ou=Networks,dc=yangxiaofei,dc=comou: NetworksobjectClass: topobjectClass: organizationalUnitdn: ou=People,dc=yangxiaofei,dc=comou: PeopleobjectClass: topobjectClass: organizationalUnitdn: ou=Group,dc=yangxiaofei,dc=comou: GroupobjectClass: topobjectClass: organizationalUnitdn: ou=Netgroup,dc=yangxiaofei,dc=comou: NetgroupobjectClass: topobjectClass: organizationalUnitdn: ou=Protocols,dc=yangxiaofei,dc=comou: ProtocolsobjectClass: topobjectClass: organizationalUnitdn: ou=Aliases,dc=yangxiaofei,dc=comou: AliasesobjectClass: topobjectClass: organizationalUnitdn: nisMapName=netgroup.byhost,dc=yangxiaofei,dc=comnisMapName: netgroup.byhostobjectClass: topobjectClass: nisMapdn: uid=ldapuser01,ou=People,dc=yangxiaofei,dc=comuid: ldapuser01cn: ldapuser01objectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 17005shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 500gidNumber: 500homeDirectory: /home/ldapuser01dn: uid=ldapuser02,ou=People,dc=yangxiaofei,dc=comuid: ldapuser02cn: ldapuser02objectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSEhshadowLastChange: 17005shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 501gidNumber: 501homeDirectory: /home/ldapuser02dn: cn=ldapuser01,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: ldapuser01userPassword:: e2NyeXB0fXg=gidNumber: 500dn: cn=ldapuser02,ou=Group,dc=yangxiaofei,dc=comobjectClass: posixGroupobjectClass: topcn: ldapuser02userPassword:: e2NyeXB0fXg=gidNumber: 501[root@OpenLDAP-Server migrationtools]# 

[root@OpenLDAP-Client ~]# yuminstall nss-pam-ldapd pam_ldap openldap-clients -y

#找到下面三行passwd:     filesshadow:     filesgroup:      files#修改为passwd:     files ldapshadow:     files ldapgroup:      files ldap

#以下的no替换为yesUSESYSNETAUTH=yesUSESHADOW=yesUSELOCAUTHORIZE=yesUSELDAP=yesUSELDAPAUTH=yesUSEMKHOMEDIR=yes

#%PAM-1.0# This file is auto-generated.# User changes will be destroyed the next time authconfig is run.auth        required      pam_env.soauth        sufficient    pam_fprintd.soauth        sufficient    pam_unix.so nullok try_first_passauth        sufficient    pam_ldap.so auth        required      pam_deny.soaccount     required      pam_unix.so broken_shadowaccount     sufficient    pam_localuser.soaccount     sufficient    pam_succeed_if.so uid < 500 quietaccount     [default=bad success=ok user_unknown=ignore] pam_ldap.soaccount     required      pam_permit.sopassword    requisite     pam_cracklib.so try_first_pass retry=3 type=password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtokpassword    sufficient    pam_ldap.so use_authtokpassword    required      pam_deny.sosession     optional      pam_keyinit.so revokesession     required      pam_limits.sosession     optional      pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uidsession     required      pam_unix.sosession     optional      pam_ldap.so

URI ldap://192.168.2.10/
BASE dc=yangxiaofei;dc=com

base dc=yangxiaofei,dc=com

[domain/default]enumerate=trueldap_id_use_start_tls = Falsecache_credentials = Trueldap_search_base = dc=example,dc=comkrb5_realm = EXAMPLE.COMkrb5_server = kerberos.example.comid_provider = ldapauth_provider = ldapchpass_provider = ldapldap_uri = ldap://192.168.1.203/
ldap_tls_cacertdir = /etc/openldap/cacerts[sssd]services = nss, pamconfig_file_version = 2domains = default[nss][pam][sudo][autofs][ssh][pac]

/etc/init.d/nscd start

[root@OpenLDAP-Server ~]# wget http://ncu.dl.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.2/phpldapadmin-1.2.2.tgz

[root@OpenLDAP-Server ~]# tar zxvf phpldapadmin-1.2.2.tgz [root@OpenLDAP-Server ~]# cd phpldapadmin-1.2.2[root@OpenLDAP-Server phpldapadmin-1.2.2]# cd config/[root@OpenLDAP-Server config]# lsconfig.php.example[root@OpenLDAP-Server config]# mv config.php.example config.php[root@OpenLDAP-Server config]# cd ../../[root@OpenLDAP-Server ~]# lsanaconda-ks.cfg              download     install.log.syslog  jdk-7u67-linux-x64.tar.gz  phpldapadmin-1.2.2apache-tomcat-8.0.36.tar.gz  install.log  jdk1.7.0_67         jdk-8u92-linux-x64.rpm     phpldapadmin-1.2.2.tgz[root@OpenLDAP-Server ~]# mv hpldapadmin-1.2.2 ^C[root@OpenLDAP-Server ~]# mv phpldapadmin-1.2.2 phpldapadmin[root@OpenLDAP-Server ~]# yuminstall httpd [root@OpenLDAP-Server ~]# mv phpldapadmin /var/www/html/

$servers = new Datastore();$servers->newServer('ldap_pla');$servers->setValue('server','name','My LDAP Server');$servers->setValue('server','host','192.168.2.10');$servers->setValue('server','port',389);$servers->setValue('server','base',array('dc=yangxiaofei,dc=com'));$servers->setValue('login','auth_type','session');$servers->setValue('login','bind_id','cn=Manager,dc=yangxiaofei,dc=com');$servers->setValue('login','bind_pass','shinezone');$servers->setValue('server','tls',false);

[root@OpenLDAP-Server ~]# service httpd restartStopping httpd:                                            [  OK  ]Starting httpd:                                            [  OK  ][root@OpenLDAP-Server ~]# service iptables stop[root@OpenLDAP-Server ~]# setenforce 0setenforce: SELinux is disabled