OpenLDAP 설치

LDAP(Lightweight Directory Access Protocol) : 경량화된 디렉토리 엑세스 프로토콜

HOST 정보

ldap1.kobic.kr : 192.168.45.128
ldap2.kobic.kr : 192.168.45.129
client.kobic.kr : 192.168.45.130

 

ldap1,2 # yum -y install openldap-servers openldap-clients openldap-devel migrationtools
client # yum -y install openldap-clients openldap-devel migrationtools pam_ldap nss-pam-ldapd

 

ldap1,2 # cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
ldap1,2 # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
ldap1,2 # chown -R ldap:ldap /var/lib/ldap

ldap1 # vi /etc/openldap/slapd.conf

modulepath /usr/lib64/openldap

moduleload syncprov.la 

  access to attrs=userPassword
        by self write
        by anonymous auth
        by dn.base="cn=Manager,dc=kobic,dc=kr" write
        by * none

  access to *
        by self write
        by dn.base="cn=Manager,dc=kobic,dc=kr" write
        by * read

database config
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
        by * none

database monitor
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=Manager,dc=kobic,dc=kr" read
        by * none

 

database        bdb
suffix          "dc=kobic,dc=kr"
checkpoint      1024 15
rootdn          "cn=Manager,dc=kobic,dc=kr"

rootpw  ldapadmin

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

directory       /var/lib/ldap

serverId        1
syncrepl        rid=001
                provider=ldap://192.168.45.129:389/
                bindmethod=simple
                binddn="cn=Manager,dc=kobic,dc=kr"
                credentials=ldapadmin
                searchbase="dc=kobic,dc=kr"
                schemachecking=on
                type=refreshAndPersist
                retry="60 +"
mirrormode on

 

ldap2 # vi /etc/openldap/slapd.conf

modulepath /usr/lib64/openldap

moduleload syncprov.la 

  access to attrs=userPassword
        by self write
        by anonymous auth
        by dn.base="cn=Manager,dc=kobic,dc=kr" write
        by * none

  access to *
        by self write
        by dn.base="cn=Manager,dc=kobic,dc=kr" write
        by * read

database config
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
        by * none

database monitor
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=Manager,dc=kobic,dc=kr" read
        by * none

 

database        bdb
suffix          "dc=kobic,dc=kr"
checkpoint      1024 15
rootdn          "cn=Manager,dc=kobic,dc=kr"

rootpw  ldapadmin

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

directory       /var/lib/ldap

serverId        2
syncrepl        rid=001
                provider=ldap://192.168.45.128:389/
                bindmethod=simple
                binddn="cn=Manager,dc=kobic,dc=kr"
                credentials=ldapadmin
                searchbase="dc=kobic,dc=kr"
                schemachecking=on
                type=refreshAndPersist
                retry="60 +"
mirrormode on

 

ldap1,ldap2 # service slapd restart

ldap1,ldap2 # vi /etc/openldap/base.ldif

dn: dc=kobic,dc=kr
dc: kobic
objectClass: top
objectClass: domain

dn: ou=People,dc=kobic,dc=kr
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=kobic,dc=kr
ou: Group
objectClass: top
objectClass: organizationalUnit

 

ldap1,ldap2 # ldapadd -x -D "cn=Manager,dc=kobic,dc=kr" -w ldapadmin -f /etc/openldap/base.ldif

adding new entry "dc=kobic,dc=kr"

adding new entry "ou=People,dc=kobic,dc=kr"

adding new entry "ou=Group,dc=kobic,dc=kr"

 

client # /usr/sbin/authconfig --enableldap --enableldapauth --enablemkhomedir --enablelocauthorize --ldapserver=ldap://192.168.45.128,ldap://192.168.45.129 --ldapbasedn='dc=kobic,dc=kr' --updateall