首页
/
每日頭條
/
圖文
/
怎樣用centos7搭建openstack
怎樣用centos7搭建openstack
更新时间:2025-07-19 07:49:49

怎樣用centos7搭建openstack?安裝ldap服務[root@ldap ~]# yum install -y openldap-servers openldap-clients,我來為大家講解一下關于怎樣用centos7搭建openstack?跟着小編一起來看一看吧!

怎樣用centos7搭建openstack(CentOS7簡單搭建OpenLDAP服務)1

怎樣用centos7搭建openstack

安裝ldap服務

[root@ldap ~]# yum install -y openldap-servers openldap-clients

[root@ldap ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@ldap ~]# chown ldap. /var/lib/ldap/DB_CONFIG

[root@ldap ~]# systemctl start slapd

[root@ldap ~]# systemctl enable slapd

配置ldap服務

# 生成管理員密碼

[root@ldap ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@ldap ~]# vim chrootpw.ldif

# specify the password generated above for "olcRootPW" section

dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@ldap ~]# ldapadd -Y external -H ldapi:/// -f chrootpw.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={0}config,cn=config"

導入基本模式

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=cosine,cn=schema,cn=config"

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=nis,cn=schema,cn=config"

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=inetorgperson,cn=schema,cn=config"

在ldap的DB中設置域名

# 生成目錄管理員密碼

[root@ldap ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

[root@ldap ~]# vim chdomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

# specify the password generated above for "olcRootPW" section

dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by

dn.base="gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth"

read by dn.base="cn=Manager,dc=jumpserver,dc=tk" read by * none

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=jumpserver,dc=tk

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=Manager,dc=jumpserver,dc=tk

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

dn: olcDatabase={2}hdb,cn=config

changetype: modify

add: olcAccess

olcAccess: {0}to attrs=userPassword,shadowLastChange by

dn="cn=Manager,dc=jumpserver,dc=tk" write by anonymous auth by self write by *

none

olcAccess: {1}to dn.base="" by * read

olcAccess: {2}to * by dn="cn=Manager,dc=jumpserver,dc=tk" write by * read

[root@ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={1}monitor,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

[root@ldap ~]# vim basedomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

dn: dc=jumpserver,dc=tk

objectClass: top

objectClass: dcObject

objectclass: organization

o: Server tk

dc: jumpserver

dn: cn=Manager,dc=jumpserver,dc=tk

objectClass: organizationalRole

cn: Manager

description: Directory Manager

dn: ou=People,dc=jumpserver,dc=tk

objectClass: organizationalUnit

ou: People

dn: ou=Group,dc=jumpserver,dc=tk

objectClass: organizationalUnit

ou: Group

[root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f basedomain.ldif

Enter LDAP Password: # 輸入目錄管理員密碼

adding new entry "dc=jumpserver,dc=tk"

adding new entry "cn=Manager,dc=jumpserver,dc=tk"

adding new entry "ou=People,dc=jumpserver,dc=tk"

adding new entry "ou=Group,dc=jumpserver,dc=tk"

開放端口

# firewall-cmd --add-service=ldap --permanent

success

# firewall-cmd --reload

success

添加一個用戶

# 生成用戶密碼

[root@ldap ~]# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxx

[root@ldap ~]# vi ldapuser.ldif

# create new

# replace to your own domain name for "dc=***,dc=***" section

dn: uid=test,ou=People,dc=jumpserver,dc=tk

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: shadowAccount

cn: test

sn: Linux

userPassword: {SSHA}xxxxxxxxxxxxxxxxx

loginShell: /bin/bash

uidNumber: 1000

gidNumber: 1000

homeDirectory: /home/test

dn: cn=test,ou=Group,dc=jumpserver,dc=tk

objectClass: posixGroup

cn: test

gidNumber: 1000

memberUid: test

[root@ldap ~]# ldapadd -x -D cn=Manager,dc=jumpserver,dc=tk -W -f ldapuser.ldif

Enter LDAP Password:

adding new entry "uid=test,ou=People,dc=jumpserver,dc=tk"

adding new entry "cn=test,ou=Group,dc=jumpserver,dc=tk"

[root@ldap ~]# ldapsearch -x -D "cn=Manager,dc=jumpserver,dc=tk" -W -b "

"dc=jumpserver,dc=tk"

Comments
Welcome to tft每日頭條 comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
推荐阅读
r語言約束條件
r語言約束條件
在R語言中的arules包有該算法的實現,故花時間研究了一下該算法的原理和産生的背景。關于什麼是關聯規則挖掘算法的可以看我的加權的原因是因為在現實生活中,事物都是有重要程度之分的。譬如說,在超市的購物記錄中,每條記錄和每個商品都會對應着相應...
2025-07-19
八大食物幫你降低血脂
八大食物幫你降低血脂
健康飲食有利于血脂控制,這6類食物對降低血脂有利。建議收藏起來。第一,主食要增加粗糧雜糧的比例,比如各種豆類、燕麥、山藥。第二,有一種植物油,相對來說比較健康,特别是橄榄油和亞麻籽油。不加熱的情況下是有益健康的,盡量少吃油炸食品和動物油。第...
2025-07-19
人生在世本無常七絕
人生在世本無常七絕
當童子帶惠能來到步廊禮拜神秀的偈子時,六祖來到寺中八個多月後要發生的大事終于要發生了。那麼,這件大事是什麼呢?這件大事就是六祖惠能所作無相偈的誕生,和禅宗衣法的傳承,也就是禅宗六祖的确認。讀了神秀的偈子,惠能突然提出一個“非分”的要求,請在...
2025-07-19
美國人自制面具
美國人自制面具
3月28日,在尼泊爾加德滿都,人們佩戴着自制的防護面具,應對新冠肺炎疫情。新華社發(蘇拉韋·什雷斯塔攝)3月28日,在尼泊爾加德滿都,一名女子制作防護面具,以應對新冠肺炎疫情。新華社發(蘇拉韋·什雷斯塔攝)3月28日,在尼泊爾加德滿都,人們...
2025-07-19
動漫周邊怎麼來的
動漫周邊怎麼來的
想當年,你是不是和我一樣,在上學、放學的時候不惜擠傷臉上的痘痘,也要拼死擠入學校門口的小賣部。就為了看看老闆有沒有上新的海報和貼貼紙。嗯,這些算是入門級的僞周邊吧,畢竟都是國産山寨的。但是能把課本啊文具盒什麼的都貼滿,向同學們炫耀還是很重要...
2025-07-19
Copyright 2023-2025 - www.tftnews.com All Rights Reserved