OpenLDAP 应用服务器部署

Pokeya2023-12-07 11:44

概念介绍

LDAP(轻型目录访问协议)中,oou 都是对象类的属性,用于表示组织或组织单元。

  • o 属性代表组织(Organization),通常用于表示整个组织或实体的名称。它可以是一个公司、学校、机构等的名称。
  • ou 属性代表组织单元(Organizational Unit),用于组织和分类具有共同特征的条目。通常将 ou 用于组织内部的部门、团队、组等。

LDAP 目录结构中,通常会使用 dc(Domain Component)作为根节点,然后使用 oou 来组织和层次化地管理条目。

例如,以下是一个示例的 LDAP 目录结构:

text 复制代码 
dc=example,dc=com
  |
  |- o=Example Organization
       |
       |- ou=Sales
       |     |
       |     |- cn=John Doe
       |     |- cn=Jane Smith
       |
       |- ou=Marketing
             |
             |- cn=Mike Johnson
             |- cn=Linda Brown

dc=example,dc=com 是根节点,o=Example Organization 表示该组织的名称。然后,ou=Salesou=Marketing 分别表示组织单元(部门),而 cn=John Doecn=Jane Smithcn=Mike Johnsoncn=Linda Brown 则表示个人或用户。

在一些常见的情况中,你可能会看到 ou(organizational unit)组织单元分为 'users' 和 'groups'。在这种情况下,'user' 通常会存储单个用户账户的信息,而 'groups' 通常会包含用户组的信息,而用户可能会属于一个或多个用户组。例如:

text 复制代码 
ou=users,ou=HR,o=My Company,dc=example,dc=com
ou=groups,ou=HR,o=My Company,dc=example,dc=com

然而,这并不是唯一可行的结构。LDAP 是一种非常灵活的协议,允许你根据自己的需要定制结构。因而,实际的目录结构可能会根据你的组织特定的需求有所不同。

LDAP、OpenLDAP、AD 三者的关系

LDAP OpenLDAP AD (Active Directory)
定义 轻量目录访问协议 开源 LDAP 服务器实现 微软开发的目录服务解决方案
功能 访问和管理分布式目录服务 提供符合 LDAP 标准的服务和功能 在 Windows 环境中集中管理用户、计算机、资源和策略等信息
平台支持 跨平台 跨平台 仅限于 Windows 平台
扩展性 可以通过添加自定义模式(schema)扩展 支持自定义模式(schema)的扩展 支持自定义模式(schema)及其他特性的扩展
认证方式 基于 LDAP 进行身份验证 基于 LDAP 进行身份验证 基于 Kerberos 和 NTLM 协议进行身份验证
用途 通用的分布式目录服务协议 构建企业级的目录服务 在 Windows 环境中集中管理用户、计算机、资源和策略等信息

层级结构规划

⚠️ 下面部门信息并非真实哦!

下面是一个较为完整的 LDAP(轻型目录访问协议)设计:

bash 复制代码 
dc=bytedance,dc=local                        # dc(Distinguished Name)(域名组成)
|
|-- o=Bytedance_China                        # o(Organization)组织机构、公司
|   |
|   |-- ou=Beijing                           # ou(Organization Unit)组织单元、城市
|   |   |
|   |   |-- ou=Douyin_Dep                    # 二级 ou、部门
|   |   |   |-- ou=Development               # 三级 ou、类别
|   |   |   |   |-- ou=Users                 # 四级 ou、用户
|   |   |   |   |   |-- uid=zhangsan         # Entry 项(包含若干 Object Classes 对象类 和 Attribute 属性)
|   |   |   |   |   |-- uid=liming
|   |   |   |   |-- ou=Groups                # 用户组
|   |   |   |       |-- gid=zhangsan
|   |   |   |       |-- gid=liming
|   |   |   |-- ou=Product
|   |   |   |-- ou=Operations
|   |   |   |-- ou=Live_Broadcasting
|   |   |   |-- ou=Ecommerce
|   |   |   etc...
|   |   |
|   |   |-- ou=Feishu_Dep
|   |   |   |-- ou=Development
|   |   |   |-- ou=Product
|   |   |   |-- ou=Testing
|   |   |   etc...
|   |   |
|   |   |-- ou=Dongchedi_Dep
|   |   |   |-- ou=Development
|   |   |   |-- ou=Sales
|   |   |   |-- ou=Marketing
|   |   |   etc...
|   |   |
|   |   |-- ou=Toutiao_Dep
|   |       |-- ou=Development
|   |       |-- ou=Advertisements
|   |       etc...
|   |
|   |-- ou=Shanghai
|   |-- ou=Guangzhou
|   etc...
|
|-- o=Bytedance_AMS
|   |
|   |-- ou=MountainView
|   |   |
|   |   |-- ou=Tiktok_Dep
|   |       |-- ou=Development
|   |       |   |-- ou=Users
|   |       |   |   |-- uid=John
|   |       |   |-- ou=Groups
|   |       |       |-- gid=John
|   |       etc...
|   |
|   |-- ou=SanJose
|       |
|       |-- ou=Lark_Dep
|           |-- ou=Product
|           |   |-- ou=Users
|           |   |   |-- uid=Alice
|           |   |-- ou=Groups
|           |       |-- gid=Alice
|           etc...
|
|-- o=Bytedance_APAC
|   |
|   |-- ou=Singapore
|   |-- ou=Tokyo
|   etc...
|
|-- o=Bytedance_EMEA
    |
    |-- ou=London
    |-- ou=Dublin
    etc...

环境介绍

OS IP Hostname Type
Debian11 10.2.102.201 ldap01.bytedance.local Master
Debian11 10.2.102.202 ldap02.bytedance.local Slave

设置服务器的 FQDN

使用 FQDN(Fully Qualified Domain Name) 完全限定域名 作为 LDAP 服务器的主机名是推荐的做法,尤其是在生产环境中,以避免潜在的冲突和配置问题。这有助于确保系统的可靠性、安全性和互操作性。 推荐使用 ".local" 这样的域后缀(如 domain.local),将 LDAP 服务器限定在内部网络中,而无需担心与公共域名相冲突的可能性。

bash 复制代码 
root@ldap01:~# hostnamectl set-hostname ldap01.bytedance.local

编辑 /etc/hosts 文件

bash 复制代码 
root@ldap01:~# echo "10.2.102.201       localhost       ldap01.bytedance.local  ldap01  ldap-master" >> /etc/hosts

安装 OpenLDAP

  1. 安装 OpenLDAP(slapd)LDAP 工具 (ldap-utils)
bash 复制代码 
root@ldap01:~# apt install -y slapd ldap-utils
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done

root@ldap01:~# dpkg -l slapd ldap-utils
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version               Architecture Description
+++-==============-=====================-============-=================================
ii  ldap-utils     2.4.57+dfsg-3+deb11u1 amd64        OpenLDAP utilities
ii  slapd          2.4.57+dfsg-3+deb11u1 amd64        OpenLDAP server (slapd)
  1. 设置 OpenLDAP 管理员用户的密码:

配置 OpenLDAP 服务器

创建默认根节点

  1. 重新配置 OpenLDAP
bash 复制代码 
root@ldap01:~# dpkg-reconfigure slapd
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.57+dfsg-3+deb11u1... done.
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
  • 当要求删除/忽略旧的 OpenLDAP 配置时,选择 No。 这将使旧配置保持可用。
  • 输入 OpenLDAP 服务器的 DNS 本地域名并选择 OK
  • 输入组织名称并选择 Ok。或者,您可以将其保留为默认名称,并使用与域名相同的名称。
  • 输入 OpenLDAP 管理员密码并选择 Ok 继续。
  • 确认 OpenLDAP 管理员密码并再次选择 Ok
  • 当要求删除旧的 slapd 数据库时 选择 No。
  • 选择 yes 以移动旧的 slapd 数据库。
  1. 验证 OpenLDAP 配置
bash 复制代码 
root@ldap01:~# slapcat
dn: dc=bytedance,dc=local                             # DN(Distinguished Name)表示此条目的唯一标识符
objectClass: top                                      # 对象类别,此条目属于top类别
objectClass: dcObject                                 # 对象类别,此条目属于dcObject类别
objectClass: organization                             # 对象类别,此条目属于organization类别
o: bytedance.local                                    # 组织名称(organization name),值为bytedance.local
dc: bytedance                                         # 域名组件(domain component),值为bytedance
structuralObjectClass: organization                   # 结构对象类别,此条目属于organization类别
entryUUID: 929034d4-2854-103e-8888-8543547a3b55       # 条目的唯一标识符UUID(Universally Unique Identifier)
creatorsName: cn=admin,dc=bytedance,dc=local          # 创建者的DN
createTimestamp: 20231206072653Z                      # 创建时间戳
entryCSN: 20231206072653.234848Z#000000#000#000000.   # 条目的变更序列号(Change Sequence Number)
modifiersName: cn=admin,dc=bytedance,dc=local         # 修改者的DN
modifyTimestamp: 20231206072653Z                      # 修改时间戳
  1. 重新启动 slapd 服务
bash 复制代码 
# 重新启动 slapd 服务以应用新的更改
root@ldap01:~# systemctl restart slapd.service

# 将 slapd 服务状态设置为 活动(正在运行)
root@ldap01:~# systemctl status slapd.service
● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
     Loaded: loaded (/etc/init.d/slapd; generated)
    Drop-In: /usr/lib/systemd/system/slapd.service.d
             └─slapd-remain-after-exit.conf
     Active: active (running) since Wed 2023-12-06 14:32:24 CST; 5s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 1634 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
      Tasks: 3 (limit: 9481)
     Memory: 5.0M
        CPU: 18ms
     CGroup:/system.slice/slapd.service
             └─1640 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Dec 06 14:32:24 ldap01.bytedance.local systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Dec 06 14:32:24 ldap01.bytedance.local slapd[1639]: @(#) $OpenLDAP: slapd 2.4.57+dfsg-3+deb11u1 (May 14 2022 18:32:57) $
                                                            Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Dec 06 14:32:24 ldap01.bytedance.local slapd[1640]: slapd starting
Dec 06 14:32:24 ldap01.bytedance.local slapd[1634]: Starting OpenLDAP: slapd.
Dec 06 14:32:24 ldap01.bytedance.local systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).

创建 ldap 自定义目录

当使用 OpenLDAP 服务器时,通常用于对计算机或服务器进行身份验证。可以通过使用 LDIF(LDAP 数据交换格式)文件来设置相应规则,并使用 ldapadd 等命令行工具来执行相应操作。

我们将所有自定义的 ldif 文件都存放到 /etc/ldap/custom-schema 目录下

bash 复制代码 
root@ldap01:~# mkdir /etc/ldap/custom-schema

root@ldap01:~# tree /etc/ldap/custom-schema
/etc/ldap/custom-schema
├── organizations.ldif
├── APAC_Level1_OUs.ldif
├── EMEA_Level1_OUs.ldif
├── AMS_Level1_OUs.ldif
├── AMS_Level2_OUs.ldif
├── AMS_Level3_OUs.ldif
├── China_Level1_OUs.ldif
├── China_Level2_OUs.ldif
├── China_Level3_OUs.ldif
├── UsersAndGroups_Level4_OUs.ldif
└── users
     ├── alice_group.ldif
     ├── alice.user.ldif
     ├── john_group.ldif
     ├── john_user.ldif
     ├── liming_group.ldif
     ├── liming_user.ldif
     ├── zhangsan_group.ldif
     └── zhangsan_user.ldif

创建 O(Organization)

  1. 创建 organizations.ldif 文件
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/organizations.ldif <<EOF
# China
dn: o=Bytedance_China,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_China
description: China

# Non-China (APAC)
dn: o=Bytedance_APAC,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_APAC
description: Asia-Pacific

# Non-China (EMEA)
dn: o=Bytedance_EMEA,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_EMEA
description: Europe, Middle East and Africa

# Non-China (AMS)
dn: o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_AMS
description: Americas
EOF
  1. 应用配置
bash 复制代码 
root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -W -f /etc/ldap/custom-schema/organizations.ldif
Enter LDAP Password:
adding new entry "o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "o=Bytedance_APAC,dc=bytedance,dc=local"

adding new entry "o=Bytedance_EMEA,dc=bytedance,dc=local"

adding new entry "o=Bytedance_AMS,dc=bytedance,dc=local"
  1. 列出所有 Organization
bash 复制代码 
root@ldap01:~# ldapsearch -x -b "dc=bytedance,dc=local" "(objectClass=organization)"
# extended LDIF
#
# LDAPv3
# base <dc=bytedance,dc=local> with scope subtree
# filter: (objectClass=organization)
# requesting: ALL
#

# bytedance.local
dn: dc=bytedance,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: bytedance.local
dc: bytedance

# Bytedance_China, bytedance.local
dn: o=Bytedance_China,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_China
description: China

# Bytedance_APAC, bytedance.local
dn: o=Bytedance_APAC,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_APAC
description: Asia-Pacific

# Bytedance_EMEA, bytedance.local
dn: o=Bytedance_EMEA,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_EMEA
description: Europe, Middle East and Africa

# Bytedance_AMS, bytedance.local
dn: o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_AMS
description: Americas

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5
  1. 查找指定 Organization
bash 复制代码 
root@ldap01:~# ldapsearch -x -b "dc=bytedance,dc=local" "(o=Bytedance_China)"
# extended LDIF
#
# LDAPv3
# base <dc=bytedance,dc=local> with scope subtree
# filter: (o=Bytedance_China)
# requesting: ALL
#

# Bytedance_China, bytedance.local
dn: o=Bytedance_China,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_China
description: China

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

创建 OU(Organizational Unit)

一级 OU 工作城市

  1. 创建 ldif 文件
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/China_Level1_OUs.ldif <<EOF
# Beijing
dn: ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Beijing
description: Beijing Office

# Shanghai
dn: ou=Shanghai,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Shanghai
description: Shanghai Office

# Guangzhou
dn: ou=Guangzhou,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Guangzhou
description: Guangzhou Office
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/APAC_Level1_OUs.ldif <<EOF
# Singapore
dn: ou=Singapore,o=Bytedance_APAC,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Singapore
description: Singapore Office

# Tokyo
dn: ou=Tokyo,o=Bytedance_APAC,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Tokyo
description: Tokyo Office
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/EMEA_Level1_OUs.ldif <<EOF
# London
dn: ou=London,o=Bytedance_EMEA,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: London
description: London Office

# Dublin
dn: ou=Dublin,o=Bytedance_EMEA,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Dublin
description: Dublin Office
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/AMS_Level1_OUs.ldif <<EOF
# Mountain View
dn: ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: MountainView
description: Mountain View Office

# San Jose
dn: ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: SanJose
description: San Jose Office
EOF
  1. 应用配置
bash 复制代码 
root@ldap01:~# files=("China_Level1_OUs.ldif" "APAC_Level1_OUs.ldif" "EMEA_Level1_OUs.ldif" "AMS_Level1_OUs.ldif")
for file in "${files[@]}"
do
    ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/$file
done
adding new entry "ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Shanghai,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Guangzhou,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Singapore,o=Bytedance_APAC,dc=bytedance,dc=local"

adding new entry "ou=Tokyo,o=Bytedance_APAC,dc=bytedance,dc=local"

adding new entry "ou=London,o=Bytedance_EMEA,dc=bytedance,dc=local"

adding new entry "ou=Dublin,o=Bytedance_EMEA,dc=bytedance,dc=local"

adding new entry "ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

adding new entry "ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"
  1. 检查 ou
bash 复制代码 
# 列出o下指定一级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"
dn: ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Beijing
description: Beijing Office

# 列出o下所有一级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "o=Bytedance_AMS,dc=bytedance,dc=local"
dn: o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organization
o: Bytedance_AMS
description: Americas

dn: ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: SanJose
description: San Jose Office

dn: ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: MountainView
description: Mountain View Office

二级 OU 业务部门

  1. 创建 ldif 文件
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/China_Level2_OUs.ldif <<EOF
# Douyin_Dep under Beijing
dn: ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Douyin_Dep
description: Douyin department in Beijing

# Feishu_Dep under Beijing
dn: ou=Feishu_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Feishu_Dep
description: Feishu department in Beijing

# Dongchedi_Dep under Beijing
dn: ou=Dongchedi_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Dongchedi_Dep
description: Dongchedi department in Beijing

# Toutiao_Dep under Beijing
dn: ou=Toutiao_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Toutiao_Dep
description: Toutiao department in Beijing
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/AMS_Level2_OUs.ldif <<EOF
# Tiktok_Dep under MountainView
dn: ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Tiktok_Dep
description: Tiktok department in MountainView

# Lark_Dep under SanJose
dn: ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Lark_Dep
description: Lark department in SanJose
EOF
  1. 应用配置
bash 复制代码 
root@ldap01:~# files=("China_Level2_OUs.ldif" "AMS_Level2_OUs.ldif")
for file in "${files[@]}"
do
    ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/$file
done
adding new entry "ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Feishu_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Dongchedi_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Toutiao_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

adding new entry "ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"
  1. 检查 ou
bash 复制代码 
# 列出一级ou下指定二级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"
dn: ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Tiktok_Dep
description: Tiktok department in MountainView

# 列出一级ou下所有二级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"
dn: ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Beijing
description: Beijing Office

dn: ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Douyin_Dep
description: Douyin department in Beijing

dn: ou=Feishu_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Feishu_Dep
description: Feishu department in Beijing

dn: ou=Toutiao_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Toutiao_Dep
description: Toutiao department in Beijing

dn: ou=Dongchedi_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Dongchedi_Dep
description: Dongchedi department in Beijing

三级 OU 职位类别

  1. 创建 ldif 文件
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/China_Level3_OUs.ldif <<EOF
# Development under Douyin_Dep
dn: ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Development
description: Development team in Douyin_Dep

# Product under Douyin_Dep
dn: ou=Product,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Product
description: Product team in Douyin_Dep

# Operations under Douyin_Dep
dn: ou=Operations,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Operations
description: Operations team in Douyin_Dep

# Live_Broadcasting under Douyin_Dep
dn: ou=Live_Broadcasting,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Live_Broadcasting
description: Live Broadcasting team in Douyin_Dep

# Ecommerce under Douyin_Dep
dn: ou=Ecommerce,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Ecommerce
description: Ecommerce team in Douyin_Dep
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/AMS_Level3_OUs.ldif <<EOF
# Development under Tiktok_Dep
dn: ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Development
description: Development team in Tiktok_Dep

# Product under Lark_Dep
dn: ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Product
description: Product team in Lark_Dep
EOF
  1. 应用配置
bash 复制代码 
root@ldap01:~# files=("China_Level3_OUs.ldif" "AMS_Level3_OUs.ldif")
for file in "${files[@]}"
do
    ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/$file
done
adding new entry "ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Product,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Operations,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Live_Broadcasting,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Ecommerce,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

adding new entry "ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"
  1. 检查 ou
bash 复制代码 
# 列出二级ou下指定三级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"
dn: ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Development
description: Development team in Tiktok_Dep

# 列出二级ou下所有三级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"
dn: ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Douyin_Dep
description: Douyin department in Beijing

dn: ou=Product,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Product
description: Product team in Douyin_Dep

dn: ou=Ecommerce,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Ecommerce
description: Ecommerce team in Douyin_Dep

dn: ou=Operations,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Operations
description: Operations team in Douyin_Dep

dn: ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Development
description: Development team in Douyin_Dep

dn: ou=Live_Broadcasting,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Live_Broadcasting
description: Live Broadcasting team in Douyin_Dep

四级 OU 用户与组

  1. 创建 ldif 文件
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/UsersAndGroups_Level4_OUs.ldif <<EOF
# Users / Development / Douyin_Dep / Beijing
dn: ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Users
description: Users in Development team

# Groups / Development / Douyin_Dep / Beijing
dn: ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Groups
description: Groups in Development team

# Users / Development / Tiktok_Dep / MountainView
dn: ou=Users,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Users
description: Users in Development team of Tiktok

# Groups / Development / Tiktok_Dep / MountainView
dn: ou=Groups,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Groups
description: Groups in Development team of Tiktok

# Users / Product / Lark_Dep / SanJose
dn: ou=Users,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Users
description: Users in Product team of Lark

# Groups / Product / Lark_Dep / SanJose
dn: ou=Groups,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Groups
description: Groups in Product team of Lark
EOF
  1. 应用配置
bash 复制代码 
root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/UsersAndGroups_Level4_OUs.ldif
adding new entry "ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

adding new entry "ou=Users,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

adding new entry "ou=Groups,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

adding new entry "ou=Users,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"

adding new entry "ou=Groups,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"
  1. 检查 ou
bash 复制代码 
# 列出三级ou下所有四级ou
root@ldap01:~# ldapsearch -x -LLL -H ldap://ldap01.bytedance.local -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -b "ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"
dn: ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Development
description: Development team in Douyin_Dep

dn: ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Users
description: Users in Development team

dn: ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: organizationalUnit
ou: Groups
description: Groups in Development team

设置 UFW 防火墙

  1. LDAPLDAPS 服务添加到 UFW 防火墙
bash 复制代码 
root@ldap01:~# ufw allow LDAP
Rule added
Rule added (v6)
root@ldap01:~# ufw allow LDAPS
Rule added
Rule added (v6)
  1. 重载 UFW 防火墙规则,以及查看启用的服务列表
bash 复制代码 
root@ldap01:~# ufw reload
Firewall reloaded

root@ldap01:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
LDAP                       ALLOW       Anywhere
LDAPS                      ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
LDAP (v6)                  ALLOW       Anywhere (v6)
LDAPS (v6)                 ALLOW       Anywhere (v6)
  1. 获取关于 LDAP 应用程序配置的信息
bash 复制代码 
root@ldap01:~# ufw app info LDAP
Profile: LDAP
Title: LDAP server
Description: LDAP server

Port:
  389/tcp                            # 默认监听端口:389(明文数据传输)

root@ldap01:~# ufw app info LDAPS
Profile: LDAPS
Title: LDAP server (LDAPS)
Description: LDAP server (LDAPS)

Port:
  636/tcp                            # 加密监听端口:636(密文数据传输)

创建 Entity 项

创建用户组

cn (Common Name) 通常被用于定义群组名称

  1. 创建用户组配置如下:
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/users/zhangsan_group.ldif <<EOF
# Group zhangsan
dn: cn=zhangsan,ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: posixGroup
gidNumber: 10001
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/users/liming_group.ldif <<EOF
# Group liming
dn: cn=liming,ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: posixGroup
gidNumber: 10002
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/users/john_group.ldif <<EOF
# Group john
dn: cn=john,ou=Groups,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: posixGroup
gidNumber: 10003
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/users/alice_group.ldif <<EOF
# Group alice
dn: cn=alice,ou=Groups,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: posixGroup
gidNumber: 10004
EOF
  1. 执行添加定义的用户组:
bash 复制代码 
root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/zhangsan_group.ldif
adding new entry "cn=zhangsan,ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/liming_group.ldif
adding new entry "cn=liming,ou=Groups,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/john_group.ldif
adding new entry "cn=john,ou=Groups,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/alice_group.ldif
adding new entry "cn=alice,ou=Groups,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"

创建新用户

uid (User ID) 通常被用于定义用户

  1. 使用 slappasswd 命令生成加密密码
bash 复制代码 
# 将加密后的默认密码替换到 LDIF 文件中的 userPassword 属性
root@ldap01:~# slappasswd -h {CRYPT} -s Password@12345
{CRYPT}guKt2Bb2pelOw2Bmei4jpMvc
  1. 创建用户配置文件
bash 复制代码 
root@ldap01:~# cat > /etc/ldap/custom-schema/users/zhangsan_user.ldif <<EOF
# Add user zhangsan to LDAP Server
dn: uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: zhangsan
uid: zhangsan
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/zhangsan
userPassword: {CRYPT}guKt2Bb2pelOw2Bmei4jpMvc
loginShell: /bin/bash
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/users/liming_user.ldif <<EOF
# Add user liming to LDAP Server
dn: uid=liming,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: liming
uid: liming
uidNumber: 10002
gidNumber: 10002
homeDirectory: /home/liming
userPassword: {CRYPT}guKt2Bb2pelOw2Bmei4jpMvc
loginShell: /bin/bash
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/users/john_user.ldif <<EOF
# Add user john to LDAP Server
dn: uid=john,ou=Users,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: john
uid: john
uidNumber: 10003
gidNumber: 10003
homeDirectory: /home/john
userPassword: {CRYPT}guKt2Bb2pelOw2Bmei4jpMvc
loginShell: /bin/bash
EOF

root@ldap01:~# cat > /etc/ldap/custom-schema/users/alice_user.ldif <<EOF
# Add user alice to LDAP Server
dn: uid=alice,ou=Users,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: alice
uid: alice
uidNumber: 10004
gidNumber: 10004
homeDirectory: /home/alice
userPassword: {CRYPT}guKt2Bb2pelOw2Bmei4jpMvc
loginShell: /bin/bash
EOF
  1. 基于 ldif 文件来添加新用户
bash 复制代码 
root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/zhangsan_user.ldif
adding new entry "uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/liming_user.ldif
adding new entry "uid=liming,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"

root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/john_user.ldif
adding new entry "uid=john,ou=Users,ou=Development,ou=Tiktok_Dep,ou=MountainView,o=Bytedance_AMS,dc=bytedance,dc=local"

root@ldap01:~# ldapadd -x -D "cn=admin,dc=bytedance,dc=local" -w 1qaz!QAZ -f /etc/ldap/custom-schema/users/alice_user.ldif
adding new entry "uid=alice,ou=Users,ou=Product,ou=Lark_Dep,ou=SanJose,o=Bytedance_AMS,dc=bytedance,dc=local"
  1. 获取指定用户信息
bash 复制代码 
root@ldap01:~# ldapsearch -x -b "uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local"
# extended LDIF
#
# LDAPv3
# base <uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# zhangsan, Users, Development, Douyin_Dep, Beijing, Bytedance_China, bytedance.local
dn: uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: zhangsan
uid: zhangsan
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/zhangsan
loginShell: /bin/bash

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
  1. 尝试使用 LDAP 用户进行身份验证
bash 复制代码 
root@ldap01:~# ldapwhoami -x -D "uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local" -W
Enter LDAP Password:    # 默认密码是 Password@12345
dn:uid=zhangsan,ou=Users,ou=Development,ou=Douyin_Dep,ou=Beijing,o=Bytedance_China,dc=bytedance,dc=local

客户端测试

  1. 添加域名解析
bash 复制代码 
root@localhost:~# echo "10.2.102.201    ldap01.bytedance.local" >> /etc/hosts
  1. 安装 LDAP 客户端工具及依赖包
bash 复制代码 
root@localhost:~# apt-get install -y ldap-utils libnss-ldapd libpam-ldapd
  • 配置 LDAP 服务器地址
  • 配置 LDAPdc (Domain Component)
  • 勾选 passwd/group/shadow 选项(或在 /etc/nsswitch.conf 配置文件中修改)
  1. 修改 /etc/ldap/ldap.conf 配置
bash 复制代码 
# 配置 LDAP 客户端
root@localhost:~# sed -i 's/^#BASE.*$/BASE    dc=bytedance,dc=local/' /etc/ldap/ldap.conf
root@localhost:~# sed -i 's|^#URI.*$|URI     ldap://ldap01.bytedance.local|' /etc/ldap/ldap.conf
  1. 配置 PAM 模块规则及检查 SSH 配置
bash 复制代码 
# 配置 PAM 进行 LDAP 身份验证
root@localhost:~# echo "auth    sufficient            pam_ldap.so" >> /etc/pam.d/common-auth

# 指定系统在获取用户、密码和组信息时要使用的 LDAP 认证源
root@localhost:~# sed -i 's/^passwd:.*$/passwd:         files systemd ldap/' /etc/nsswitch.conf
root@localhost:~# sed -i 's/^group:.*$/group:          files systemd ldap/' /etc/nsswitch.conf
root@localhost:~# sed -i 's/^shadow:.*$/shadow:         files systemd ldap/' /etc/nsswitch.conf

# 确认sshd配置中以下两行没有被注释
root@localhost:~# cat /etc/ssh/sshd_config | grep -Ei "^(PasswordAuthentication|UsePAM)"
PasswordAuthentication yes
UsePAM yes

# 重新加载 PAM 配置并重启相关服务
root@localhost:~# systemctl restart systemd-logind.service

# 重启名称解析服务
root@localhost:~# systemctl restart systemd-resolved.service
  1. 验证是否能够检索到 LDAP 的用户及群组信息
bash 复制代码 
# 验证是否能够正确检索到用户信息
root@localhost:~# getent passwd zhangsan
zhangsan:x:10001:10001:zhangsan:/home/zhangsan:/bin/bash

root@localhost:~# getent passwd liming
liming:x:10002:10002:liming:/home/liming:/bin/bash

root@localhost:~# getent passwd john
john:x:10003:10003:john:/home/john:/bin/bash

root@localhost:~# getent passwd alice
alice:x:10004:10004:alice:/home/alice:/bin/bash

# 验证是否能够正确检索到用户群组信息
root@localhost:~# getent group zhangsan
zhangsan:*:10001:

root@localhost:~# getent group liming
liming:*:10002:

root@localhost:~# getent group john
john:*:10003:

root@localhost:~# getent group alice
alice:*:10004:
  1. 设置家目录及属主权限
bash 复制代码 
# 创建本地家目录
root@localhost:~# mkdir /home/{zhangsan,liming,john,alice}

# 设置家目录权限
root@localhost:~# chown -R 10001:10001 /home/zhangsan
root@localhost:~# chown -R 10002:10002 /home/liming
root@localhost:~# chown -R 10003:10003 /home/john
root@localhost:~# chown -R 10004:10004 /home/alice

# 检查家目录权限与属组
root@localhost:~# ll -d /home/{zhangsan,liming,john,alice}
drwxr-x--- 2 alice    alice    6 Dec  6 21:23 /home/alice
drwxr-x--- 2 john     john     6 Dec  6 21:23 /home/john
drwxr-x--- 2 liming   liming   6 Dec  6 21:23 /home/liming
drwxr-x--- 2 zhangsan zhangsan 6 Dec  6 21:23 /home/zhangsan
  1. 本地 su 切换测试
bash 复制代码 
# su 到相应用户
root@localhost:~# su - liming
liming@localhost:~$ whoami
liming
liming@localhost:~$ exit
logout
  1. 远程 SSH 登录测试
bash 复制代码 
➜ ~ ssh -l zhangsan 10.2.102.250
zhangsan@10.2.102.250's password:
Linux localhost 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Dec  6 08:36:17 2023 from xx.xxx.xxx.xx
zhangsan@localhost:~$ id
uid=10001(zhangsan) gid=10001(zhangsan) groups=10001(zhangsan)
zhangsan@localhost:~$ whoami
zhangsan
zhangsan@localhost:~$ pwd
/home/zhangsan

OpenLDAP 主从复制

待完善...

参考

www.howtoforge.com/how-to-inst...

zhuanlan.zhihu.com/p/147768058

相关推荐
龙鸣丿31 分钟前
Linux基础学习笔记
linux·笔记·学习
耶啵奶膘2 小时前
uniapp-是否删除
linux·前端·uni-app
NiNg_1_2343 小时前
SpringBoot整合SpringSecurity实现密码加密解密、登录认证退出功能
java·spring boot·后端
_.Switch3 小时前
高级Python自动化运维:容器安全与网络策略的深度解析
运维·网络·python·安全·自动化·devops
2401_850410833 小时前
文件系统和日志管理
linux·运维·服务器
JokerSZ.3 小时前
【基于LSM的ELF文件安全模块设计】参考
运维·网络·安全
XMYX-03 小时前
使用 SSH 蜜罐提升安全性和记录攻击活动
linux·ssh
芯盾时代4 小时前
数字身份发展趋势前瞻:身份韧性与安全
运维·安全·网络安全·密码学·信息与通信
Chrikk4 小时前
Go-性能调优实战案例
开发语言·后端·golang
幼儿园老大*4 小时前
Go的环境搭建以及GoLand安装教程
开发语言·经验分享·后端·golang·go
热门推荐
01如何才能让手机厂商主动拥抱华为,接入鸿蒙系统?02【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总03组基轨迹建模 GBTM的介绍与实现(Stata 或 R)04【TC3xx芯片】TC3xx芯片电源管理系统PMS详解05基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测06【经验分享】Ubuntu22.04安装微信(linux官方版)07Macbook pro M1 安装Ubuntu教程08RAG 实践- Ollama+RagFlow 部署本地知识库09Windows10安装PCL1.14.0及点云配准10文件或文件夹名称中有空格如何批量去除