1 理论基础
1.1 概念
RHDS是Red Hat Directory Service的简称,如果基于CentOS系统其别名为centos-ds或389目录服务,是一套基于openldap的企业目录服务。
1.2 功能
– 代替LDAP
– 同步微软的活动目录信息
2 最佳实践
2.1 系统环境配置
2.1.1 主机名称和IP配置
OS=CentOS-6.x x86_64
hostname=ds.cmdschool.org
ipaddress=10.168.0.155
2.1.2 升级系统
yum -y update
2.1.3 配置VNC环境
请根据以下文档配置VNC服务,
https://www.cmdschool.org/archives/5057
2.1.4 配置yum源
yum install -y epel-release
2.1.5 配置名称解析
echo '10.168.0.155 ds.cmdschool.org ds' >> /etc/hosts
注:以上仅用于测试,生产环境请使用DNS
2.1.4 检查进程可打开文件句柄数量
cat /proc/sys/fs/file-max
修改如下参数让其大于64000配置
fs.file-max = 64000
2.1.5 增加打开文件最大数目限制
echo '* - nofile 8192' > /etc/security/limits.d/389-ds.conf
2.1.6 配置密码复杂度
grep pam_limits /etc/pam.d/system-auth
确保包含如下模块,
session required pam_limits.so
2.2 软件环境配置
2.2.1 安装389 DS相关包
yum install -y 389-ds-base
2.2.2 安装389 Admin相关包
yum install -y 389-admin 389-ds-console 389-admin-console setup-ds-admin.pl
2.2.3 安装389 Console相关包
yum install -y 389-console
2.3 配置389 DS与admin服务
2.3.1 初始化DS服务
setup-ds-admin.pl
向导如下:
[...] Would you like to continue with set up? [yes]: [...] Would you like to continue? [no]: yes [...] Choose a setup type [2]: [...] Computer name [ds.cmdschool.org]: [...] System User [nobody]: System Group [nobody]: [...] configuration directory server? [no]: no [...] administrator ID [admin]: Password: Password (confirm): [...] Administration Domain [cmdschool.org]: [...] Directory server network port [389]: [...] Directory server identifier [ds]: [...] Suffix [dc=cmdschool, dc=org]: [...] Directory Manager DN [cn=Directory Manager]: Password: Password (confirm): [...] Administration port [9830]: [...] Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'ds' was successfully created. Creating the configuration directory server . . . Beginning Admin Server creation . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.conf with information from configuration directory server . . . Updating the configuration for the httpd engine . . . Starting admin server . . . output: Starting dirsrv-admin: output: [ OK ] The admin server was successfully started. Admin server was successfully created, configured, and started. Exiting . . . Log file is '/tmp/setupYDmmrA.log'
2.3.2 检查和设置服务自动启动
/etc/init.d/dirsrv status chkconfig dirsrv on /etc/init.d/dirsrv-admin status chkconfig dirsrv-admin on
2.3.3 编辑防火墙规则
vim /etc/sysconfig/iptables
加入如下配置,
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT
修改完配置之后,我们需要重启服务使配置生效,
/etc/init.d/iptables restart
2.4 使用389-console
如何使用请参阅如下链接,
https://www.cmdschool.org/archives/5341
参阅文档
====================================
安装文档,
————–
https://directory.fedoraproject.org/docs/389ds/legacy/install-guide.html
管理员文档,
——————-
https://directory.fedoraproject.org/docs/389ds/administration/adminserver.html#admin-server
软件的下载和安装,
—————-
https://directory.fedoraproject.org/docs/389ds/download.html
没有评论