如何部署基于CentOS 6.x的389-DS服务?

RHDS

1 理论基础

1.1 概念

RHDS是Red Hat Directory Service的简称,如果基于CentOS系统其别名为centos-ds或389目录服务,是一套基于openldap的企业目录服务。

1.2 功能

– 代替LDAP
– 同步微软的活动目录信息

2 最佳实践

2.1 系统环境配置

2.1.1 主机名称和IP配置

OS=CentOS-6.x x86_64
hostname=ds.cmdschool.org
ipaddress=10.168.0.155

2.1.2 升级系统

yum -y update

2.1.3 配置VNC环境

请根据以下文档配置VNC服务,
https://www.cmdschool.org/archives/5057

2.1.4 配置yum源

yum install -y epel-release

2.1.5 配置名称解析

echo '10.168.0.155 ds.cmdschool.org ds' >> /etc/hosts

注:以上仅用于测试,生产环境请使用DNS

2.1.4 检查进程可打开文件句柄数量

cat /proc/sys/fs/file-max

修改如下参数让其大于64000配置

fs.file-max = 64000

2.1.5 增加打开文件最大数目限制

echo '*        -        nofile        8192' > /etc/security/limits.d/389-ds.conf

2.1.6 配置密码复杂度

grep pam_limits /etc/pam.d/system-auth

确保包含如下模块,

session     required      pam_limits.so

2.2 软件环境配置

2.2.1 安装389 DS相关包

yum install -y 389-ds-base

2.2.2 安装389 Admin相关包

yum install -y 389-admin 389-ds-console 389-admin-console setup-ds-admin.pl

2.2.3 安装389 Console相关包

yum install -y 389-console

2.3 配置389 DS与admin服务

2.3.1 初始化DS服务

setup-ds-admin.pl

向导如下:

[...]
Would you like to continue with set up? [yes]:
[...]
Would you like to continue? [no]: yes
[...]
Choose a setup type [2]: 
[...]
Computer name [ds.cmdschool.org]:
[...]
System User [nobody]:
System Group [nobody]:
[...]
configuration directory server? [no]: no
[...]
administrator ID [admin]:
Password:
Password (confirm):
[...]
Administration Domain [cmdschool.org]:
[...]
Directory server network port [389]:
[...]
Directory server identifier [ds]:
[...]
Suffix [dc=cmdschool, dc=org]:
[...]
Directory Manager DN [cn=Directory Manager]:
Password:
Password (confirm):
[...]
Administration port [9830]:
[...]
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance 'ds' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin:
output:                                                    [  OK  ]
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupYDmmrA.log'

2.3.2 检查和设置服务自动启动

/etc/init.d/dirsrv status
chkconfig dirsrv on

/etc/init.d/dirsrv-admin status
chkconfig dirsrv-admin on

2.3.3 编辑防火墙规则

vim /etc/sysconfig/iptables

加入如下配置,

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT

修改完配置之后,我们需要重启服务使配置生效,

/etc/init.d/iptables restart

2.4 使用389-console

如何使用请参阅如下链接,
https://www.cmdschool.org/archives/5341

参阅文档
====================================

安装文档,
————–
https://directory.fedoraproject.org/docs/389ds/legacy/install-guide.html

管理员文档,
——————-
https://directory.fedoraproject.org/docs/389ds/administration/adminserver.html#admin-server

软件的下载和安装,
—————-
https://directory.fedoraproject.org/docs/389ds/download.html

没有评论

发表评论

RHDS
如何使用389-DS服务的Console?

1 简介 本章将尝试使用389 DS的Console工具去维护LDAP的账号等信息。 2 最佳实践 …

RHDS
如何部署RHDS服务?

1 理论基础 1.1 概念 RHDS是Red Hat Directory Service的简称,如果 …