1.安装 openldap
1) 卸载 slapd
apt remove --purge slapd2) 安装 slapd 包
第一次安装时会提示你输入管理员密码
apt install slapd3) 查看版本
root@localhost:~# slapd -V
@(#) $OpenLDAP: slapd 2.5.19+dfsg-0ubuntu0.22.04.1 (Apr 21 2025 23:42:05) $
Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com
2.查看默认管理员和密码
/etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif,配置主数据存储数据库
- olcSuffix:此数据库负责的命名上下文(即你的目录树根)。
- olcRootDN / olcRootPW:管理员 DN 和密码。
- olcDbDirectory:数据文件存储路径。
- olcAccess:访问控制列表(ACL)。
root@localhost:~# cat /etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 b8bf5294
dn: olcDatabase={1}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=localdomain
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=localdomain
olcRootPW:: e1NTSEF9Y2x4MUdGb0k2c0VhTkNRZFRqRkNPNkZNdklMNlFGeTY=
olcDbCheckpoint: 512 30
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq
olcDbIndex: member,memberUid eq
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: 38f9d1fa-1f42-1040-9677-25aa25fd096d
creatorsName: cn=admin,cn=config
createTimestamp: 20250906075246Z
entryCSN: 20250906075246.868085Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20250906075246Z3.确认主数据库的编号
root@localhost:~# ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b cn=config 'olcDatabase=mdb' dn
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: olcDatabase=mdb
# requesting: dn
#
# {1}mdb, config
dn: olcDatabase={1}mdb,cn=config
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 14.修改数据库后缀、修改管理员 DN、管理员密码
修改数据库后缀(olcSuffix)、修改管理员 DN(olcRootDN)、管理员密码(olcRootPW)
1) 生成密码
root@localhost:~# slappasswd -s 123456
{SSHA}4ri+F/KORkxLIx1WBPjC6CE2EBKF0Z2G2) 创建 change_suffix_rootdn_pw.ldif 文件
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}4ri+F/KORkxLIx1WBPjC6CE2EBKF0Z2G3) 执行修改
ldapmodify -Y EXTERNAL -H ldapi:/// -f change_suffix_rootdn_pw.ldif5.创建数据
1) 初始化根 DN
base.ldif
dn: dc=example,dc=com
o: example
dc: example
objectclass: top
objectclass: dcObject
objectclass: organizationldapadd -x -D "cn=admin,dc=example,dc=com" -w "123456" -f base.ldif2) 创建部门
department.ldif
dn: ou=people,dc=example,dc=com
ou: people
objectClass: organizationalUnitldapadd -x -D "cn=admin,dc=example,dc=com" -w "123456" -f department.ldif3) 创建用户
root@localhost:~# slappasswd -s 123456
{SSHA}12SIDTMuozku3U58BHrenvhSOaWjfbHGuser.ldif
dn: cn=test001,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: test001
sn: lll
givenName: test001
uid: test001
userPassword:: 12SIDTMuozku3U58BHrenvhSOaWjfbHGldapadd -x -D "cn=admin,dc=example,dc=com" -w "123456" -f user.ldif6.查看运行状态
systemctl status slapd7.docker 安装 openldap
docker-compose.yml 文件
version: '3'
services:
openldap:
image: osixia/openldap:latest
restart: no
container_name: openldap_1
environment:
- LDAP_ORGANISATION=example
- LDAP_DOMAIN=example.com
- LDAP_BASE_DN=dc=example,dc=com
- LDAP_ADMIN_PASSWORD=123456
ports:
- "389:389"