1、递归创建指定的多级目录路径:
mkdir -p /usr/local/openldap-2.4.47/etc/openldap
2、通过 Here Document(EOF 分界符)快速创建 slapd.conf 文件
slapd.conf 是 OpenLDAP 服务(slapd)的核心配置文件,定义了 LDAP 数据库的结构、权限、存储路径等关键信息
cat >/usr/local/openldap-2.4.47/etc/openldap/slapd.conf <<EOF
include /app/openldap/etc/openldap/schema/core.schema
pidfile /app/openldap/var/run/slapd.pid
argsfile /app/openldap/var/run/slapd.args
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "dc=hisunsray,dc=com"
rootdn "cn=Manager,dc=hisunsray,dc=com"
rootpw {SSHA}NZnVyBOipJH2oZbqzecyczrun9+WmSgQ
directory /app/openldap/var/openldap-data
index objectClass eqEOF
3、openldap用户查询、添加、删除
查询用户存在:
/usr/local/openldap/bin/ldapsearch -x -h 210.14.70.217 -p 31320 -D "cn=Manager,dc=enjoyalldays,dc=com" -b "cn=${user_name},ou=${ou_name},dc=enjoyalldays,dc=com" -w '管理密码'
返回result: 0 Success代表存在
返回result: 32 No such object代表用户不存在
新增用户:
①为用户创建一个随机性密码:
/usr/bin/mkpasswd -l 15 -d 5 -c 4 -C 4 -s 2 |sed "s/'\|\"/%/g"
②将密码加密:
/usr/local/openldap/sbin/slappasswd -h {SSHA} -s "${pass_word}"
③在一个临时文件中写入:
dn: cn=${user_name},ou=${ou_name},dc=enjoyalldays,dc=com
cn: ${user_name}
objectclass: top
objectclass: person
sn: ${user_name}
userpassword: ${ssha_password}④导入用户:
/usr/local/openldap/bin/ldapmodify -a -c -h 210.14.70.217 -p 31320 -x -D "cn=Manager,dc=enjoyalldays,dc=com" -w '管理密码' -f /tmp/ldap_add_user_temp.file
删除用户:
/usr/local/openldap/bin/ldapdelete -x -h 210.14.70.217 -p 31320 -D "cn=Manager,dc=enjoyalldays,dc=com" "cn=${user_name},ou=${ou_name},dc=enjoyalldays,dc=com" -w '管理密码'