首页
/
每日頭條
/
圖文
/
怎樣用centos7搭建openstack
怎樣用centos7搭建openstack
更新时间:2025-07-08 21:02:22

怎樣用centos7搭建openstack?安裝ldap服務[root@ldap ~]# yum install -y openldap-servers openldap-clients,我來為大家講解一下關于怎樣用centos7搭建openstack?跟着小編一起來看一看吧!

怎樣用centos7搭建openstack(CentOS7簡單搭建OpenLDAP服務)1

怎樣用centos7搭建openstack

安裝ldap服務

[root@ldap ~]# yum install -y openldap-servers openldap-clients

[root@ldap ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@ldap ~]# chown ldap. /var/lib/ldap/DB_CONFIG

[root@ldap ~]# systemctl start slapd

[root@ldap ~]# systemctl enable slapd

配置ldap服務

# 生成管理員密碼

[root@ldap ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@ldap ~]# vim chrootpw.ldif

# specify the password generated above for "olcRootPW" section

dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@ldap ~]# ldapadd -Y external -H ldapi:/// -f chrootpw.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={0}config,cn=config"

導入基本模式

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=cosine,cn=schema,cn=config"

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=nis,cn=schema,cn=config"

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=inetorgperson,cn=schema,cn=config"

在ldap的DB中設置域名

# 生成目錄管理員密碼

[root@ldap ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@ldap ~]# vim chdomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

# specify the password generated above for "olcRootPW" section

dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by

dn.base="gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth"

read by dn.base="cn=Manager,dc=jumpserver,dc=tk" read by * none

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=jumpserver,dc=tk

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=Manager,dc=jumpserver,dc=tk

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcAccess

olcAccess: {0}to attrs=userPassword,shadowLastChange by

dn="cn=Manager,dc=jumpserver,dc=tk" write by anonymous auth by self write by *

none

olcAccess: {1}to dn.base="" by * read

olcAccess: {2}to * by dn="cn=Manager,dc=jumpserver,dc=tk" write by * read

[root@ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={1}monitor,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

[root@ldap ~]# vim basedomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

dn: dc=jumpserver,dc=tk

objectClass: top

objectClass: dcObject

objectclass: organization

o: Server tk

dc: jumpserver

dn: cn=Manager,dc=jumpserver,dc=tk

objectClass: organizationalRole

cn: Manager

description: Directory Manager

dn: ou=People,dc=jumpserver,dc=tk

objectClass: organizationalUnit

ou: People

dn: ou=Group,dc=jumpserver,dc=tk

objectClass: organizationalUnit

ou: Group

[root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f basedomain.ldif

Enter LDAP Password: # 輸入目錄管理員密碼

adding new entry "dc=jumpserver,dc=tk"

adding new entry "cn=Manager,dc=jumpserver,dc=tk"

adding new entry "ou=People,dc=jumpserver,dc=tk"

adding new entry "ou=Group,dc=jumpserver,dc=tk"

開放端口

# firewall-cmd --add-service=ldap --permanent

success

# firewall-cmd --reload

success

添加一個用戶

# 生成用戶密碼

[root@ldap ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxx

[root@ldap ~]# vi ldapuser.ldif

# create new

# replace to your own domain name for "dc=***,dc=***" section

dn: uid=test,ou=People,dc=jumpserver,dc=tk

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: shadowAccount

cn: test

sn: Linux

userPassword: {SSHA}xxxxxxxxxxxxxxxxx

loginShell: /bin/bash

uidNumber: 1000

gidNumber: 1000

homeDirectory: /home/test

dn: cn=test,ou=Group,dc=jumpserver,dc=tk

objectClass: posixGroup

cn: test

gidNumber: 1000

memberUid: test

[root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f ldapuser.ldif

Enter LDAP Password:

adding new entry "uid=test,ou=People,dc=jumpserver,dc=tk"

adding new entry "cn=test,ou=Group,dc=jumpserver,dc=tk"

[root@ldap ~]# ldapsearch -x -D "cn=Manager,dc=jumpserver,dc=tk" -W -b "

"dc=jumpserver,dc=tk"

Comments
Welcome to tft每日頭條 comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
推荐阅读
新型農村土地承包法實施時間
新型農村土地承包法實施時間
新型農村土地承包法實施時間?與法同行中華人民共和國農村土地承包法,今天小編就來聊一聊關于新型農村土地承包法實施時間?接下來我們就一起去研究一下吧!新型農村土地承包法實施時間與法同行中華人民共和國農村土地承包法(2002年8月29日第九屆全國...
2025-07-08
新買的格力空調壞了怎麼辦
新買的格力空調壞了怎麼辦
新買的格力空調壞了怎麼辦?來源:中國經濟網“1月份我在新鄉格力空調專賣店買了一個格力空調,放了半年都沒開6月19号去開了,然後空調不制冷(記者:你買的是制冷空調嗎)是制冷空調等于放了半年我一次都沒用過,然後打售後他都過來了來了三次,一次比一...
2025-07-08
綠茶一般都有哪些
綠茶一般都有哪些
我國是主要的綠茶生産、消費國,在我國制茶曆史上,綠茶制法也是首先被發展出來的。綠茶,是把采摘的鮮葉通過高溫殺青、做形、幹燥制作而成的茶。其中殺青是制綠茶的主要工序,根據殺青和幹燥方式的不同,綠茶可分為炒青、烘青、蒸青、曬青四大類,快來看看你...
2025-07-08
美好的東西都是轉瞬即逝
美好的東西都是轉瞬即逝
陳陽慢慢的從懷裡掏出一本手賬,然後輕聲對夏沫說:“今天想聽什麼故事呢?夏沫撓了撓頭說:“今天為什麼突然想起來講故事了。”陳陽微微一笑說道:“我隻是把晚安揉碎成這故事裡的一字一句而已,晚是開始,安是結局。’“那你愛我嗎?”“我當然愛你啦。不論...
2025-07-08
青島航班恢複
青島航班恢複
青島航班恢複?本報訊(記者李濤通訊員仙博)11月27日消息,為滿足市民的出行需求,太原機場在冬航季恢複前往青島、南陽的航班,市民前往上述城市更加方便,下面我們就來聊聊關于青島航班恢複?接下來我們就一起去了解一下吧!青島航班恢複本報訊(記者李...
2025-07-08
Copyright 2023-2025 - www.tftnews.com All Rights Reserved