OpenLDAP是轻量级目录访问协议(LDAP)的开源实现,用于管理网络上的用户帐户和其他目录信息。它为联网计算机提供了一个集中的身份验证系统,使管理用户帐户和访问权限变得更加容易。
在 Ubuntu 22.04 LTS Jammy Jellyfish 上安装 OpenLDAP
第 1 步。首先,通过在终端中运行以下命令,确保所有系统软件包都是最新的。apt
<span class="pln">sudo apt update sudo apt upgrade</span>
第 2 步。在 Ubuntu 22.04 上安装 OpenLDAP。
默认情况下,OpenLDAP 在 Ubuntu 22.04 基础存储库中可用。现在运行以下命令,将最新版本的OpenLDAP安装到您的Ubuntu系统上:
<span class="pln">sudo apt install slapd ldap</span><span class="pun">-</span><span class="pln">utils</span>
在安装过程中,系统将提示您提供管理员帐户的密码。此密码用于管理 OpenLDAP 服务器。
第 3 步。配置 OpenLDAP。
安装完成后,我们需要配置 OpenLDAP 服务器。这将启动配置向导。请按照以下步骤配置 OpenLDAP:
<span class="pln">sudo dpkg</span><span class="pun">-</span><span class="pln">reconfigure slapd</span>
第 4 步。将用户添加到 OpenLDAP 服务器。
现在我们已经运行并配置了OpenLDAP服务器,我们可以开始向其添加用户了。以下命令将为我们的用户创建新的组织单位 (OU),并将新用户添加到目录中。
<span class="pln">nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ldap</span><span class="pun">/</span><span class="pln">ldif</span><span class="pun">/</span><span class="pln">newusers</span><span class="pun">.</span><span class="pln">ldif</span>
添加以下文件:
<span class="pln">dn</span><span class="pun">:</span><span class="pln"> ou</span><span class="pun">=</span><span class="pln">users</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="pln">com objectClass</span><span class="pun">:</span><span class="pln"> organizationalUnit ou</span><span class="pun">:</span><span class="pln"> users</span>
保存并关闭文件,然后使用命令将 OU 添加到目录中:ldapadd
<span class="pln">sudo ldapadd </span><span class="pun">-</span><span class="pln">x </span><span class="pun">-</span><span class="pln">D cn</span><span class="pun">=</span><span class="pln">admin</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="pln">com </span><span class="pun">-</span><span class="pln">W </span><span class="pun">-</span><span class="pln">f </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ldap</span><span class="pun">/</span><span class="pln">ldif</span><span class="pun">/</span><span class="pln">newusers</span><span class="pun">.</span><span class="pln">ldif</span>
系统将提示您输入 LDAP 管理员密码。输入密码,然后按回车键。
接下来,让我们向目录中添加一个新用户。创建一个新的 LDIF 文件:
<span class="pln">sudo nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ldap</span><span class="pun">/</span><span class="pln">ldif</span><span class="pun">/</span><span class="pln">newuser</span><span class="pun">.</span><span class="pln">ldif</span>
添加以下文件:
<span class="pln">dn</span><span class="pun">:</span><span class="pln"> cn</span><span class="pun">=</span><span class="pln">meilana</span><span class="pun">,</span><span class="pln">ou</span><span class="pun">=</span><span class="pln">users</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="pln">com
objectClass</span><span class="pun">:</span><span class="pln"> top
objectClass</span><span class="pun">:</span><span class="pln"> person
objectClass</span><span class="pun">:</span><span class="pln"> organizationalPerson
objectClass</span><span class="pun">:</span><span class="pln"> inetOrgPerson
cn</span><span class="pun">:</span><span class="pln"> meilana
sn</span><span class="pun">:</span><span class="pln"> mei
givenName</span><span class="pun">:</span><span class="pln"> geulis
mail</span><span class="pun">:</span><span class="pln"> meilana@my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com
userPassword</span><span class="pun">:</span> <span class="pun">{</span><span class="pln">SSHA</span><span class="pun">}</span><span class="pln">password_hash</span>
将“”替换为要使用的用户名,并将“”替换为用户密码的SHA-1哈希。您可以使用以下命令生成新的密码哈希:meilanapassword_hashslappasswd
<span class="pln">sudo slappasswd</span>
输入要用于用户的密码,然后按 Enter 键。该命令将输出密码哈希。复制哈希并将 LDIF 文件中的 “” 替换为哈希。password_hash
保存并关闭文件。然后,使用该命令将用户添加到目录中:ldapadd
<span class="pln">sudo ldapadd </span><span class="pun">-</span><span class="pln">x </span><span class="pun">-</span><span class="pln">D cn</span><span class="pun">=</span><span class="pln">admin</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="pln">com </span><span class="pun">-</span><span class="pln">W </span><span class="pun">-</span><span class="pln">f </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ldap</span><span class="pun">/</span><span class="pln">ldif</span><span class="pun">/</span><span class="pln">newuser</span><span class="pun">.</span><span class="pln">ldif</span>
系统将提示您输入 LDAP 管理员密码。输入密码,然后按回车键。
第 4 步。防火墙配置。
默认情况下,OpenLDAP 服务器在端口 389 上侦听 LDAP 流量。我们需要配置防火墙以允许此端口上的流量。运行以下命令以打开端口:
<span class="pln">sudo ufw allow ldap</span>
第5步。测试OpenLDAP。
要测试我们的 OpenLDAP 服务器,我们可以使用该命令从目录中检索信息。若要检索目录中所有条目的列表,请运行以下命令:ldapsearch
<span class="pln">sudo ldapsearch </span><span class="pun">-</span><span class="pln">x </span><span class="pun">-</span><span class="pln">b dc</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="pln">com</span>
若要搜索特定条目,请运行以下命令:
<span class="pln">sudo ldapsearch </span><span class="pun">-</span><span class="pln">x </span><span class="pun">-</span><span class="pln">b dc</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">,</span><span class="pln">dc</span><span class="pun">=</span><span class="pln">com </span><span class="str">"(cn=meilana)"</span>
这将在目录中搜索用户 “”。如果搜索成功,您应该会在终端中看到用户的信息。meilana
感谢您使用本教程在 Ubuntu 22.04 LTS Jammy Jellyfish 系统上安装 OpenLDAP。有关其他帮助或有用信息,我们建议您查看OpenLDAP官方网站。
