yum install openldap-servers.i386 openldap-devel openldap-clients compat-openldap
#加入Samba.schema
cd /etc/openldap/schema
wget http://www.samba.org/cgi-bin/cvsweb/samba/examples/LDAP/samba.schema?rev=1.1.4.1
mv samba.schema?rev=1.1.4.1 samba.schema
#編輯ldap設定檔
vi /etc/openldap/slapd.conf
#slapd.conf #add
include /etc/openldap/schema/samba.schema
#取得加密密碼
slappasswd -s root-dn-passwd {SSHA}F+zPYmGidD3HdO5eO3aidWTKjaRZDsUe
#modify
suffix "dc=im,dc=nuu,dc=edu,dc=tw" rootdn "cn=Manager,dc=im,dc=nuu,dc=edu,dc=tw" rootpw {SSHA}n9G1cmwcsikHDF1OAByZzrjr1f836S3i
#chown
chown -R ldap:ldap /var/lib/ldap/
#TLS
./CA -newcert
./CA –newca
openssl req -new -nodes -keyout newreq.pem -out newreq.pem
./CA -sign
mkdir /etc/openldap/ssl
mv demoCA/cacert.pem /etc/openldap/ssl
mv newcert.pem /etc/openldap/ssl/servercrt.pem
mv newreq.pem /etc/openldap/ssl/serverkey.pem
chown ldap:ldap /etc/openldap/ssl/serverkey.pem
chmod 600 /etc/openldap/ssl/serverkey.pem
scp /etc/openldap/ssl/cacert.pem
root@203.64.178.106:/etc/openldap/ssl/cacert.pem
在客戶端的/etc/openldap/ldap.conf 中加入
TLS_CACERT /etc/openldap/ssl/cacert.pem ,
注意此文件時從服務器上生成的。
No comments:
Post a Comment