OpenLDAP安装

参考：

http://54im.com/openldap/centos-6-yum-install-openldap-phpldapadmin-tls-%E5%8F%8C%E4%B8%BB%E9%85%8D%E7%BD%AE.html

1.规划：
用户：gongshaocheng,littlesuccess,cuckoo
组:administrator,analsyst,engineer

2.安装openldap

yum -y install openldap-servers openldap-clients
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap
cd /etc/openldap
mv slapd.d slapd.d.original
cp ldap.conf ldap.conf.original

设置openldap服务器密码

slappasswd
New password: (123456)
Re-enter new password: (123456)
{SSHA}5PD6lnr0JDKUg6n4/6irm/h5XRM3VYOa

配置slapd.con

cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf
vi /usr/share/openldap-servers/slapd.conf

修改内容如下:

database    bdb
suffix        "dc=clouderachina,dc=com"
checkpoint    1024 15
rootdn        "cn=Manager,dc=clouderachina,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw        secret
# rootpw        {crypt}ijFYNcSNctBYg
rootpw        {SSHA}5PD6lnr0JDKUg6n4/6irm/h5XRM3VYOa 

启动ldap服务

chkconfig slapd on
/etc/init.d/slapd start

检查:

ldapsearch -x -b "dc=clouderachina,dc=com"

3. 建立用户和组:

groupadd -g 500 -p 123456 administrator
groupadd -g 501 -p 123456 analsyst
groupadd -g 502 -p 123456 engineer

useradd -u 5000 -d /home/gongshaocheng -g administrator -p 123456 gongshaocheng
useradd -u 5010 -d /home/littlesuccess -g analsyst -p 123456 littlesuccess
useradd -u 5020 -d /home/cuckoo -g engineer -p 123456 cuckoo

安装及配置迁移工具

yum install migrationtools -y
cd /usr/share/migrationtools/

修改migrate_common.ph  

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "clouderachina.com";

# Default base 
$DEFAULT_BASE = "dc=clouderachina,dc=com";

./migrate_base.pl >base.ldif

base.ldiff文件里面很多内容是多余的，我们只要如下内容:

dn: clouderachina,dc=com
clouderachina: 
objectClass: top
objectClass: 

dn: ou=People,clouderachina,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,clouderachina,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

创建用户和组的数据库文件

grep gongshaocheng /etc/passwd >>user.txt
grep littlesuccess /etc/passwd >>user.txt
grep cuckoo /etc/passwd >>users.txt

./migrate_passwd.pl user.txt ./user.ldif


grep administrator /etc/group >>group.txt
grep analsyst /etc/group >>group.txt
grep engineer /etc/group >>group.txt

./migrate_group.pl group.txt ./group.ldif

迁移系统用户到ldap数据库

ldapadd -D "cn=Manager,dc=clouderachina,dc=com" -W -x -f /usr/share/migrationtools/base.ldif

ldapadd -D "cn=Manager,dc=clouderachina,dc=com" -W -x -f /usr/share/migrationtools/user.ldif

ldapadd -D "cn=Manager,dc=clouderachina,dc=com" -W -x -f /usr/share/migrationtools/group.ldif

ldap客户端配置
yum install authconfig-tui
进入authconfig-tui
选择使用LDAP，和LDAP验证
ldap地址：ldap://192.168.0.85/
基点DN: dc=clouderachina,dc=com

退出后会自动启sssd服务

验证：

输入 id gongshaocheng

[root@demo2 ~]# id gongshaocheng
uid=5000(gongshaocheng) gid=500(administrator) groups=500(administrator)

输入 su gongshaocheng

[root@demo3 ~]# su gongshaocheng
bash-4.1$ exit

5.在NFS服务器上建立用户主目录
在NFS服务器上执行：
/etc/init.d/rpcbind start
/etc/init.d/nfslock start
/etc/init.d/nfs start
chkconfig rpcbind on
chkconfig nfslock on
chkconfig nfs on

修改/etc/exports
增加如下内容：
vi /etc/exports
/home *(rw,sync)

设置完后，重启nfs 服务器：
service nfs restart

检查:
showmount -e localhost

6.在客户端挂载NFS主目录
确保客户端已经安装了 autofs 服务
配置 autofs 服务
#vi /etc/auto.master
最后加入如下行并保存：
/home /etc/auto.nfs //表示挂载到本地的位置和配置文件
#vi /etc/auto.nfs
输入如下内容并保存：
* -fstype=nfs,rw,sync 192.168.0.85:/home/&
说明，上面的*表示要挂载的某用户的目录，后面的&表示用户名。192.168.0.85为NFS服务器

测试:
su - gongshaocheng
mkdir test
这时在NFS服务器上/home/gongshaocheng/下就可以找到test