堂-DayDayUP VIM Linux Life
堂-DayDayUP
VIM Linux Life

Openldap 常用操作

已发表 
备份还原1:
ldapsearch -LLL -x -H ldap://127.0.0.1:389 -b "dc=vimll,dc=com" -D "cn=admin,dc=vimll,dc=com" -w T@123 >vimll-ldap-bak.ldif
ldapdelete -x -H ldap://127.0.0.1:389 -b "dc=vimll,dc=com" -D "cn=admin,dc=vimll,dc=com" -w T@123 -r "dc=vimll,dc=com"
ldapsearch -x -LLL
ldapadd -x -H ldap://127.0.0.1:389 -b "dc=vimll,dc=com" -D "cn=admin,dc=vimll,dc=com" -w T@123  -f  vimll-ldap-bak.ldif

备份还原2:
slapcat命令只能在openldap服务器上执行,备份openldap的全部数据
slapcat -n 2 -l /root/ldapbackup.ldif
openldap的数据恢复,就是通过slapadd命令实现的。恢复到原来openldap服务所在的服务器!
systemctl stop slapd
rm -fr /var/lib/ldap/*
slapadd -l /root/ldapbackup.ldif
最后进行如下操作:
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap -R /var/lib/ldap/
ls -al /var/lib/ldap/
systemctl start slapd
systemctl status slapd

LDAP迁移
systemctl stop slapd
rm -rf /var/lib/ldap/*
rm -rf /etc/openldap/*
rsync -aP /var/lib/ldap/  ldap-server:/var/lib/ldap
rsync -aP /etc/openldap/   ldap-server:/etc/openldap
chown -R ldap.ldap  /var/lib/ldap
systemctl restart slapd

修改管理员密码:
slappasswd -s 123456
cat > /root/newpasswd.ldif <<“EOF”
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}pt7lRcwAYH7qGD6EAzAX0M81T9P19Bru
EOF
ldapmodify -H ldapi:// -Y EXTERNAL -f /root/newpasswd.ldif

修改config配置管理员密码
cat > chrootpw.ldif <<“EOF”
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}DYELxjZOacbjJcz985vF5MLotjLUJC5n
EOF
ldapmodify -H ldapi:// -Y EXTERNAL -f chrootpw.ldif 

修改用户属性
cat > mod_users.ldif << EOF
dn: cn=wuyutang,ou=Users,ou=People,dc=vimll,dc=com
changetype: modify
replace: homeDirectory
homeDirectory: /home/wuyutang
-
add: objectClass
objectClass: ldapPublicKey
-
add: sshPublicKey
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUL/dpkEf7HFIMU2nau6aP/CaYyriopLobWNU7DY1DwUdzEG+f5qlET4OflVKdtgos7s3aSNinoRgMoO9c5xNuq1KZWfh3RAw5v6VLUqHqaoeekkQqfkLHKhaVoksriSUIBpMRInZTABr/lCafoBrv+vlX80oB5SL2evNrDi30tXmuiI+LQHgeQAjI+fOJYyIjiBh9ULgXmNEcA6ZpeBldrOQgw/lJuTl78aP0feTEJOvUmAkCfKzYbP+8PQKsirvK+chfSHWJGhGXmpReUIvhz0MSp9ApLq9pwYI1XBXzOhq77nE6K/YHI6xbUCnKIKEerUfjcMu+5Ri4hjOMxQV7 root@home.tang.com
EOF

ldapmodify -x -H ldap://127.0.0.1:389 -D "cn=admin,dc=vimll,dc=com" -w "T@123" -f mod_users.ldif

增加用户
cat > usersadd.ldif << EOF
dn: uid=wuyutang,ou=People,dc=vimll,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: wuyutang
cn: Wuyutang
sn: wu
userPassword: {SSHA}LFey4/d2RBsJPam2yjCg2xlBY5YId0JN
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/wuyutang
EOF
ldapadd -x -H ldap://127.0.0.1:389 -b "dc=vimll,dc=com" -D "cn=admin,dc=vimll,dc=com" -w T@123  -f   usersadd.ldif