OpenLDAP(2.4.3x)服务器搭建及配置说明
??CA??????
发布日期:2025-04-29 02:14:16
浏览次数:18
分类:精选文章
本文共 2981 字,大约阅读时间需要 9 分钟。
??OpenLDAP?BerkeleyDB
????
??OpenLDAP?BerkeleyDB???????????????
- ?????Ubuntu 14.04.1 (trusty) ? CentOS 7.x
- ???????build-essential?libssl-dev
- ???????50MB??????????
????
1. ??????
# ??apt-get??build-essential???sudo apt-get install build-essentialsudo apt-get install libssl-dev
2. ?????BerkeleyDB
# ???????cd /usr/local/src# ??BerkeleyDB??wget http://download.oracle.com/berkeley-db/db-5.1.29.NC.tar.gz
?????BerkeleyDB?
tar -zxf db-5.1.29.NC.tar.gzcd db-5.1.29.NC/build_unix/../dist/configure --prefix=/usr/local/berkeleydb-5.1makemake install
????????--prefix?????BerkeleyDB?????????/usr/local/berkeleydb-5.1?
3. ??OpenLDAP
# ??OpenLDAP?????cd /usr/local/srcwget http://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.31.tgz
?????OpenLDAP?
tar -zxf openldap-2.4.31.tgzcd openldap-2.4.31
?configure????CPPFLAGS?LDFLAGS??BerkeleyDB????
CPPFLAGS="-I/usr/local/berkeleydb-5.1/include" \LDFLAGS="-L/usr/local/berkeleydb-5.1/lib" \./configure --prefix=/usr/local/openldap-2.4make dependmakemake install
4. ??????
?/etc/profile?/etc/bash.bashrc????????
export BERKELEYDB_HOME="/usr/local/berkeleydb-5.1"export CPPFLAGS="-I$BERKELEYDB_HOME/include"export LDFLAGS="-L$BERKELEYDB_HOME/lib"export LD_LIBRARY_PATH="$BERKELEYDB_HOME/lib"export LDAP_HOME="/usr/local/openldap-2.4"export PATH="/usr/local/berkeleydb-5.1/bin:$LDAP_HOME/bin:$LDAP_HOME/sbin:$LDAP_HOME/libexec"
5. ??OpenLDAP??
????????
# slapd????sudo cp slapd.conf /usr/local/openldap-2.4/etc/openldap/slapd.conf
????????????
sudo slapadd -f /usr/local/openldap-2.4/etc/openldap/slapd.confsudo systemctl enable slapdsudo systemctl start slapd
6. TLS??????
????SSL/TLS???????????
# ??CA???????mkdir /etc/ssl/demoCAcd /etc/ssl/demoCAopenssl genrsa -out private/cakey.pem 2048openssl req -new -x509 -key private/cakey.pem -out cacert.pem
- ??LDAP??????
- ????????OpenLDAP?
mkdir privatetouch newcerts/index.txt serialecho "00" > serialopenssl genrsa -out ldap.keyopenssl req -new -key ldap.key -out ldap.csropenssl ca -in ldap.csr -out ldap.crt
# ??LDAP????mkdir /usr/local/openldap-2.4/etc/openldap/cacertscp cacert.pem /usr/local/openldap-2.4/etc/openldap/cacerts/cp ldap.crt /usr/local/openldap-2.4/etc/openldap/cp ldap.key /usr/local/openldap-2.4/etc/openldap/
??slapd.conf???
# ??slapd.conf????sudo nano /usr/local/openldap-2.4/etc/openldap/slapd.conf
??TLS???
TLSCACertificateFile /usr/local/openldap-2.4/etc/openldap/cacerts/cacert.pemTLSCertificateFile /usr/local/openldap-2.4/etc/openldap/ldap.crtTLSCertificateKeyFile /usr/local/openldap-2.4/etc/openldap/ldap.key
7. ??LDAP??
??ldapsearch?????
# ??TLS??ldapsearch -x -b 'dc=mydomain,dc=net' '(objectClass=*)' -H ldaps://apptest.mydomain.net:636 -D "cn=root,dc=mydomain,dc=net" -W
8. ?????OpenLDAP
??apt-get???????
sudo apt-get install slapd ldap-utils
????????
sudo systemctl start slapdsudo systemctl enable slapd
9. ???????
????????????????OpenLDAP?BerkeleyDB?????????????????????????slapd.conf?????????
?????????????????OpenLDAP?BerkeleyDB??????????????
发表评论
最新留言
第一次来,支持一个
[***.219.124.196]2026年06月21日 18时39分02秒
关于作者
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!
-- 愿君每日到此一游!
推荐文章
R-CNN算法优化策略
2023-03-01
PHP规范PSR0和PSR4的理解
2023-03-01
php解析ipa包,获取logo
2023-03-01
R&Rstudio安装各种包
2023-03-02
php设置cookie,在js中如何获取
2023-03-02
php设置socket超时时间
2023-03-02
php设计模式 萨莱 pdf,PHP设计模式 建造者模式
2023-03-02
PHP设计模式之----观察者模式
2023-03-02
php设计模式之装饰器模式
2023-03-02
R&Python Data Science系列:数据处理(5)--字符串函数基于R(一)
2023-03-02
PHP设计模式:观察者模式
2023-03-02
php访问mysql(1)
2023-03-02
php详细学习1
2023-03-02
php语言优劣
2023-03-02
PHP语言最优雅的支付SDK扩展包
2023-03-02
PHP请求https域名发生segment fault段错误
2023-03-02
PHP读写XML文件
2023-03-02
PHP读写XML文件
2023-03-02
R&Python Data Science 系列:数据处理(3)
2023-03-02
php读取xml 数据库字段超长处理
2023-03-02
白红宇的个人博客 - 记录点点滴滴的事 - 您是第 475217586 位访客