LdapServer 

#!/bin/bash
#
# LdapServer install Script
# author: liulingfeng
# 2023-04-29
#--------------------------------------------

#1、关闭防火墙

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
systemctl disable firewalld.service && systemctl stop firewalld.service
systemctl stop NetworkManager && systemctl disable NetworkManager

yum install -y epel-release

yum -y install openldap compat-openldap \
openldap-clients openldap-servers openldap-servers-sql \
openldap-devel migrationtools

AdminPd="Huawei@123"
PassWord="$(slappasswd -s $AdminPd)"
DomainPrefix="huawei"
DomainSuffix="com"
LdifPath="/etc/openldap/schema"
DomainName="huawei.com"

配置OpenLDAP数据库
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/DB_CONFIG

cat >> /etc/rsyslog.conf << EOF
local4.* /var/log/slapd.log
EOF

systemctl restart rsyslog && systemctl enable slapd && systemctl start slapd
slapd -VV

#2、更改管理用户密码
cat>${LdifPath}/chrootpw.ldif<<EOF
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: ${PassWord}
EOF

#3、导入信息配置信息
ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/chrootpw.ldif

#4、定义了后续创建条目可以使用哪些属性:
ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/core.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/inetorgperson.ldif

#5、配置 LDAP 的顶级域(以 dc=huawei,dc=com 为例)及其管理域:
cat>${LdifPath}/chdomain.ldif<<EOFB
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=${DomainPrefix},dc=${DomainSuffix}

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: ${PassWord}

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" write by * read
EOFB

#6、导入顶级域配置信息
ldapmodify -Y EXTERNAL -H ldapi:/// -f ${LdifPath}/chdomain.ldif

#7、创建Huawei News Agency 的组织,并在其下创建一个  (可用"基础base.ldif文件生成"内容进行导入)
#Manager 的组织角色(该角色内的用户具有管理整个 LDAP 的权限)和 People 和 Group 两个组织单元:
cat>${LdifPath}/basedomain.ldif<<EOFC
# replace to your own domain name for "dc=***,dc=***" section

dn: dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: top
objectClass: dcObject
objectclass: organization
o: ${DomainPrefix}.${DomainSuffix}
dc: ${DomainPrefix}

dn: cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: organizationalRole
cn: Manager

dn: ou=people,dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: organizationalUnit
ou: people

dn: ou=group,dc=${DomainPrefix},dc=${DomainSuffix}
objectClass: organizationalUnit
ou: group
EOFC

#8、修改migrate_common.ph文件配置并创建Mybase.ldif
rpm -qa migrationtools || yum install -y migrationtools
sed -i.bak -e '90 s/0/1/g' -e '71 s/padl.com/'${DomainName}'/g' \
-e '74 s/dc=padl,dc=com/'dc=${DomainPrefix},dc=${DomainSuffix}'/g' \
/usr/share/migrationtools/migrate_common.ph

#生成基础base.ldif文件
/usr/share/migrationtools/migrate_base.pl > ${LdifPath}/Mybase.ldif  

#8、导入顶级域配置信息
ldapadd -x -D cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} -w ${AdminPd} -f ${LdifPath}/Mybase.ldif

#ldapadd -x -D cn=admin,dc=${DomainPrefix},dc=${DomainSuffix} -w ${AdminPd} -f ${LdifPath}/basedomain.ldif

 

posted @ 2023-05-04 22:41  vmsysjack  阅读(64)  评论(0)    收藏  举报