OpenEluer 安装 OpenLDAP

Lumos_2025-06-06 18:31

一、版本信息

OpenEluer版本信息

查询版本信息命令 复制代码 
cat /etc/os-release

OpenLDAP版本信息 2.4.44

下载地址

二、修改yum数据源

备份原有 YUM 源配置

bash 复制代码 
cd /etc/yum.repos.d/
mv openEuler.repo openEuler.repo.bak  # 备份原有配置

创建阿里云 YUM 源配置文件

创建 /etc/yum.repos.d/aliyun-openeuler.repo 文件:

bash 复制代码 
sudo vim /etc/yum.repos.d/aliyun-openeuler.repo

填入以下内容(适用于 openEuler 22.03 LTS SP4):

ini 复制代码 
[OS]
name=openEuler-OS
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler

[everything]
name=openEuler-everything
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/everything/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/everything/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler

[EPOL]
name=openEuler-EPOL
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler

[debuginfo]
name=openEuler-debuginfo
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/debuginfo/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/debuginfo/$basearch/metalink
# 调试信息通常不需要,可按需启用
enabled=0  
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/debuginfo/$basearch/RPM-GPG-KEY-openEuler

[source]
name=openEuler-source
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/metalink
# 源代码通常不需要,可按需启用
enabled=0  
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/RPM-GPG-KEY-openEuler

[update]
name=openEuler-update
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/$basearch/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/$basearch/metalink
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler

[update-source]
name=openEuler-update-source
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/source/
metalink=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/update/source/metalink
# 源代码更新通常不需要,可按需启用
enabled=0  
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS-SP4/source/RPM-GPG-KEY-openEuler

清理并生成缓存

css 复制代码 
sudo yum clean all
sudo yum makecache

验证配置

复制代码 
sudo yum repolist

正常输出应显示阿里云镜像源的仓库列表。

三、安装​​GNU Libtool 运行时库

安装 libtool-ltdl

​安装运行时库​​:

复制代码 
bash
复制
sudo yum install -y libtool-ltdl

​安装开发库(如需编译依赖)​​:

复制代码 
bash
复制
sudo yum install -y libtool-ltdl-devel

验证安装​**​

安装完成后,验证 libtool-ltdl 是否成功安装:

bash 复制代码 
# 查看 Libtool 版本(间接验证) 
ldd --version 
# 或直接检查库文件 
ls /usr/lib64/libltdl.so*

四、解压OpenLDAP

上传源码包 /opt/

把下载的openldap-2.4.44.tgz安装包上传到服务中

解压源码包

bash 复制代码 
tar -zxvf openldap-2.4.44.tgz
cd openldap-2.4.44

五、编译OpenLDAP

执行编译命令

css 复制代码 
./configure --prefix=/usr/local/openLDAP-2.4.44 --enable-modules=yes --enable-rewrite --enable-memberof=yes  --enable-refint=yes --enable-hdb=no --enable-bdb=no --enable-overlays

注意:

编译时可以不用添加BDB或HDB数据库,上述命令中已包含,具体需要添加如下参数:

ini 复制代码 
--enable-hdb=no --enable-bdb=no

执行成功后的末尾如图所示:

执行依赖检测命令,依次执行下述命令

go 复制代码 
make depend
go 复制代码 
make

执行测试命令

这一步会比较耗时,耐心等待执行完成

bash 复制代码 
make test

执行install

go 复制代码 
make install

这一步执行成功后,会在--prefix=/usr/local/openldap-2.4.44 命令目录下生成编译后的程序目录

六、设置快捷方式

对OpenLDAP客户端(bin)与服务器端(sbin)相关执行档添加软链接,也可以通过增加环境变量的方式设置

bash 复制代码 
cd /usr/local/openldap-2.4.44
ln -s /usr/local/openldap-2.4.44/bin/* /usr/local/bin/
ln -s /usr/local/openldap-2.4.44/sbin/* /usr/local/sbin/

七、验证

生成初始密码密钥

复制代码 
slappasswd -s bywx2020

这里的{SSHA}bd3Fb/vIKXjavSwAA8iYsaHTeC8zwOUM就是加密后生成的密钥

修改配置文件slapd.conf

bash 复制代码 
vim /usr/local/openldap-2.4.44/etc/openldap/slapd.conf

追加如下内容:

bash 复制代码 
#schema默认只有core.schema,各级需要添加,这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中;
include /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

追加日志文件级别与路径

bash 复制代码 
loglevel 256 
logfile /usr/local/openldap-2.4.44/var/slapd.log

修改域名及管理员账户名;

ini 复制代码 
suffix "dc=demo,dc=com" 
rootdn "cn=admin,dc=demo,dc=com"

修改密码,使用前面slappasswd生成的密文或明文密码

复制代码 
rootpw		{SSHA}P4BlRK+eYi234rwWWsYc9ziURbqWXh9B

完整示例

bash 复制代码 
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/openldap-2.4.44/etc/openldap/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/usr/local/openldap-2.4.44/var/run/slapd.pid
argsfile	/usr/local/openldap-2.4.44/var/run/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/local/openldap-2.4.44/libexec/openldap
# moduleload	back_mdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# MDB database definitions
#######################################################################

database	mdb
maxsize		1073741824
suffix		"dc=demo,dc=com"
rootdn		"cn=admin,dc=demo,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		{SSHA}P4BlRK+eYi234rwWWsYc9ziURbqWXh9B
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/usr/local/openldap-2.4.44/var/openldap-data
# Indices to maintain
index	objectClass	eq


#schema默认只有core.schema,各级需要添加,这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中;
include /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

loglevel    256
logfile    /usr/local/openldap-2.4.44/var/slapd.log

建立openldap-data目录

bash 复制代码 
cd /usr/local/openldap-2.4.44/var/
mkdir openldap-data

八、启动OpenLDAP

bash 复制代码 
/usr/local/openldap-2.4.44/libexec/slapd -d 256

验证openldap服务是否正常启动

csharp 复制代码 
ldapsearch -x -b '' -s base'(objectclass=*)'

看到如下输出,则说明openldap启动成功,且可以正常使用:

相关推荐
GoGeekBaird21 小时前
69天探索操作系统-第69天:高级进程调度:实时和基于优先级的任务管理技术
后端·操作系统
GoGeekBaird2 天前
69天探索操作系统-第68天:从用户到内核:实现动态系统调用处理以构建健壮的操作系统
后端·操作系统
免檒2 天前
第二章 进程管理
算法·操作系统
egoist20232 天前
【Linux仓库】冯诺依曼体系结构与操作系统【进程·壹】
linux·运维·服务器·开发语言·操作系统·冯诺依曼体系结构
望获linux3 天前
【Linux基础知识系列】第八篇-基本网络配置
linux·数据库·postgresql·操作系统·php·开源软件·rtos
GoGeekBaird3 天前
69天探索操作系统-第67天:从恐慌到解决:实施内核调试技术进行崩溃分析
后端·操作系统
shark-chili3 天前
Java并发编程哲学系列汇总
linux·运维·服务器·操作系统
不爱说话郭德纲3 天前
你需要来自XXX的权限才能对此文件夹进行更改?看我三步暴删
linux·windows·操作系统
诸葛悠闲4 天前
设备驱动与文件系统:02 键盘
操作系统
热门推荐
01基于STM32的智能电池管理系统02KGG转MP3工具|非KGM文件|解密音频03YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】04海康Visionmaster-常见问题排查方法-启动阶段05从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑06【SpeedAI科研小助手】2分钟极速解决知网维普重复率、AIGC率过高,一键全文降!文件格式不变,公式都保留的!07VMware虚拟机安装Win7专业版保姆级教程(附镜像包)08DeepSeek各版本说明与优缺点分析09组基轨迹建模 GBTM的介绍与实现(Stata 或 R)10柬埔寨语翻译通App,一款真正实现高棉语翻译、语音识别和中柬双语无障碍交流的应用程序。