OpenEluer 安装 OpenLDAP

Lumos_2025-06-06 18:31

一、版本信息

OpenEluer版本信息

查询版本信息命令 复制代码 
cat /etc/os-release

OpenLDAP版本信息 2.4.44

下载地址

二、修改yum数据源

备份原有 YUM 源配置

bash 复制代码 
cd /etc/yum.repos.d/
mv openEuler.repo openEuler.repo.bak  # 备份原有配置

创建阿里云 YUM 源配置文件

创建 /etc/yum.repos.d/aliyun-openeuler.repo 文件:

bash 复制代码 
sudo vim /etc/yum.repos.d/aliyun-openeuler.repo

填入以下内容(适用于 openEuler 22.03 LTS SP4):

ini 复制代码 
[OS]
name=openEuler-OS
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler

[everything]
name=openEuler-everything
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/everything/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/everything/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler

[EPOL]
name=openEuler-EPOL
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler

[debuginfo]
name=openEuler-debuginfo
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/debuginfo/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/debuginfo/$basearch/metalink
# 调试信息通常不需要,可按需启用
enabled=0  
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/debuginfo/$basearch/RPM-GPG-KEY-openEuler

[source]
name=openEuler-source
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/metalink
# 源代码通常不需要,可按需启用
enabled=0  
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/RPM-GPG-KEY-openEuler

[update]
name=openEuler-update
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler

[update-source]
name=openEuler-update-source
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/source/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/source/metalink
# 源代码更新通常不需要,可按需启用
enabled=0  
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/RPM-GPG-KEY-openEuler

清理并生成缓存

css 复制代码 
sudo yum clean all
sudo yum makecache

验证配置

复制代码 
sudo yum repolist

正常输出应显示阿里云镜像源的仓库列表。

三、安装​​GNU Libtool 运行时库

安装 libtool-ltdl

​安装运行时库​​:

复制代码 
bash
复制
sudo yum install -y libtool-ltdl

​安装开发库(如需编译依赖)​​:

复制代码 
bash
复制
sudo yum install -y libtool-ltdl-devel

验证安装​**​

安装完成后,验证 libtool-ltdl 是否成功安装:

bash 复制代码 
# 查看 Libtool 版本(间接验证) 
ldd --version 
# 或直接检查库文件 
ls /usr/lib64/libltdl.so*

四、解压OpenLDAP

上传源码包 /opt/

把下载的openldap-2.4.44.tgz安装包上传到服务中

解压源码包

bash 复制代码 
tar -zxvf openldap-2.4.44.tgz
cd openldap-2.4.44

五、编译OpenLDAP

执行编译命令

css 复制代码 
./configure --prefix=/usr/local/openLDAP-2.4.44 --enable-modules=yes --enable-rewrite --enable-memberof=yes  --enable-refint=yes --enable-hdb=no --enable-bdb=no --enable-overlays

注意:

编译时可以不用添加BDB或HDB数据库,上述命令中已包含,具体需要添加如下参数:

ini 复制代码 
--enable-hdb=no --enable-bdb=no

执行成功后的末尾如图所示:

执行依赖检测命令,依次执行下述命令

go 复制代码 
make depend
go 复制代码 
make

执行测试命令

这一步会比较耗时,耐心等待执行完成

bash 复制代码 
make test

执行install

go 复制代码 
make install

这一步执行成功后,会在--prefix=/usr/local/openldap-2.4.44 命令目录下生成编译后的程序目录

六、设置快捷方式

对OpenLDAP客户端(bin)与服务器端(sbin)相关执行档添加软链接,也可以通过增加环境变量的方式设置

bash 复制代码 
cd /usr/local/openldap-2.4.44
ln -s /usr/local/openldap-2.4.44/bin/* /usr/local/bin/
ln -s /usr/local/openldap-2.4.44/sbin/* /usr/local/sbin/

七、验证

生成初始密码密钥

复制代码 
slappasswd -s bywx2020

这里的{SSHA}bd3Fb/vIKXjavSwAA8iYsaHTeC8zwOUM就是加密后生成的密钥

修改配置文件slapd.conf

bash 复制代码 
vim /usr/local/openldap-2.4.44/etc/openldap/slapd.conf

追加如下内容:

bash 复制代码 
#schema默认只有core.schema,各级需要添加,这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中;
include /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

追加日志文件级别与路径

bash 复制代码 
loglevel 256 
logfile /usr/local/openldap-2.4.44/var/slapd.log

修改域名及管理员账户名;

ini 复制代码 
suffix "dc=demo,dc=com" 
rootdn "cn=admin,dc=demo,dc=com"

修改密码,使用前面slappasswd生成的密文或明文密码

复制代码 
rootpw		{SSHA}P4BlRK+eYi234rwWWsYc9ziURbqWXh9B

完整示例

bash 复制代码 
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/openldap-2.4.44/etc/openldap/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/usr/local/openldap-2.4.44/var/run/slapd.pid
argsfile	/usr/local/openldap-2.4.44/var/run/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/local/openldap-2.4.44/libexec/openldap
# moduleload	back_mdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# MDB database definitions
#######################################################################

database	mdb
maxsize		1073741824
suffix		"dc=demo,dc=com"
rootdn		"cn=admin,dc=demo,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		{SSHA}P4BlRK+eYi234rwWWsYc9ziURbqWXh9B
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/usr/local/openldap-2.4.44/var/openldap-data
# Indices to maintain
index	objectClass	eq


#schema默认只有core.schema,各级需要添加,这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中;
include /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

loglevel    256
logfile    /usr/local/openldap-2.4.44/var/slapd.log

建立openldap-data目录

bash 复制代码 
cd /usr/local/openldap-2.4.44/var/
mkdir openldap-data

八、启动OpenLDAP

bash 复制代码 
/usr/local/openldap-2.4.44/libexec/slapd -d 256

验证openldap服务是否正常启动

csharp 复制代码 
ldapsearch -x -b '' -s base'(objectclass=*)'

看到如下输出,则说明openldap启动成功,且可以正常使用:

相关推荐
望获linux2 天前
【实时Linux实战系列】CPU 隔离与屏蔽技术
java·linux·运维·服务器·操作系统·开源软件·嵌入式软件
数据智能老司机3 天前
Linux内核编程——网络驱动程序
linux·架构·操作系统
数据智能老司机3 天前
Linux内核编程——字符设备驱动程序
linux·架构·操作系统
数据智能老司机3 天前
Linux内核编程——Linux设备模型
linux·架构·操作系统
望获linux3 天前
【Linux基础知识系列】第四十篇 - 定制彩色终端与 Prompt
linux·运维·前端·chrome·操作系统·开源软件·嵌入式软件
望获linux13 天前
【实时Linux实战系列】实时I/O操作与中断处理
linux·服务器·microsoft·操作系统·交互·rtos·嵌入式软件
redreamSo13 天前
世俗点,假如幸福能量化,公式是什么?
操作系统
智践行13 天前
ROS2 Jazzy:编写可组合节点(C++)
操作系统
444A4E14 天前
理解Linux环境:从命令行参数到环境变量
linux·操作系统
ん贤14 天前
操作系统概述
面试·操作系统·王道
热门推荐
01GPU 进阶笔记(二):华为昇腾 910B GPU02Word粘贴时出现“运行时错误53,文件未找到:MathPage.WLL“的解决方案03Coze扣子平台完整体验和实践(附国内和国际版对比)04MIUI显示/隐藏5G开关的方法,信号弱时开启手机Wifi通话方法05扣子空间的使用教程与大模型技术思考06扣子(coze)实战|我用扣子搭建了一个自动分析小红薯笔记内容的AI应用|详细步骤拆解07集群聊天服务器---MySQL数据库的建立08Coze实战第13讲:飞书多维表格读取+豆包生图模型,轻松批量生成短剧封面09DeepSeek各版本说明与优缺点分析10使用Ruby接入实时行情API教程