- 论坛徽章:
- 24
|
本帖最后由 woxizishen 于 2015-01-17 11:55 编辑
给你一个我在OpenLDAP-2.4.35新版编译模式下的sladp.conf模板文件。
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
(以上根据自己实际yum安装路径来更改)
database bdb
suffix "dc=qiqi,dc=com"
rootdn "cn=test,dc=qiqi,dc=com"
rootpw 3Exxxx+gKegvZ73HYz5c2c5JA==
directory /usr/local/var/openldap-data
index objectClass eq
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index entryUUID,entryCSN eq
这上面是最基本的一些openldap的slapd.conf配置了,参数就不多介绍了。
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:TLSv1
TLSCACertificateFile /usr/local/etc/openldap/cacerts/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/cacerts/newcert.cert
TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/newreq.key
TLSVerifyClient never
(上述5行是主从openldap服务器通过ssl加密同步,你应该用不到。)
(下面的也是openldap服务我做多主从同步用的,你也用不到)
overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 100
syncrepl rid=001
provider=ldaps://172.16.9.154:636
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=qiqi,dc=com"
attrs="*,+"
bindmethod=simple
binddn="cn=root,dc=qiqi,dc=com"
credentials=3Eg+gKegvZ73HYz5c2c5JA==
starttls=yes
tls_cert=/usr/local/etc/openldap/cacerts/newcert.cert
tls_key=/usr/local/etc/openldap/cacerts/newreq.key
tls_cacert=/usr/local/etc/openldap/cacerts/cacert.pem
tls_reqcert=never
mirrormode TRUE
|
|