1. 安装软件包
    yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    yum install ansible -y
    yum install -y openldap openldap-servers openldap-clients
    cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
    chown ldap:ldap /var/lib/ldap/DB_CONFIG
    — 启动ldap
    systemctl start slapd
    systemctl enable slapd
    systemctl status slapd
    2. 设置root密码
    slappasswd -s domain1234(该命令会输出一个字符串)
    vi rootpwd.ldif(把上述产生的字符串替换到下图的位置)
    image.png
    ldapadd -Y EXTERNAL -H ldapi:/// -f rootpwd.ldif

  1. 导入模式
    ls /etc/openldap/schema/*.ldif | while read f; do ldapadd -Y EXTERNAL -H ldapi:/// -f $f; done

  2. 设置默认域
    ldapmodify -Y EXTERNAL -H ldapi:/// -f domain.ldif
    ldapadd -x -w “domain1234” -D “cn=Manager,dc=c,dc=citic” -f basedomain.ldif

5.添加用户组
ldapadd -x -w “domain1234” -D “cn=Manager,dc=c,dc=citic” -f group.ldif -h hdp -p 389#其中hdp是主机名,可根据自己主机名自行配置
ldapadd -x -w “domain1234” -D “cn=Manager,dc=c,dc=citic” -f user.ldif -h hdp -p 389
ldapadd -x -w “domain1234” -D “cn=Manager,dc=c,dc=citic” -f user_group.ldif -h hdp -p 389

6.设置linux用户(其中hosts.txt里面的配置自行修改)
ansible ambari-agent -m yum -a “name=nss-pam-ldapd state=present” -i hosts.txt
ansible ambari-agent -m shell -a “authconfig —enableldap —enableldapauth —enablemkhomedir —enableforcelegacy —disablesssd —disablesssdauth —disableldaptls —enablelocauthorize —ldapserver=hdp—ldapbasedn=\”dc=c,dc=citic\” —enableshadow —update” -i hosts.txt
ansible ambari-agent -m service -a “name=nslcd state=restarted enabled=yes” -i hosts.txt
ansible ambari-agent -m service -a “name=sshd state=restarted enabled=yes” -i hosts.txt

7.导入本系统用户到ldap
yum install migrationtools -y
vi /usr/share/migrationtools/migrate_common.ph
替换下面的值
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = “c.citic”;

Default base
$DEFAULT_BASE = “dc=c,dc=citic”;

cat /etc/passwd > people
cat /etc/group > group
/usr/share/migrationtools/migrate_passwd.pl people people.ldif
/usr/share/migrationtools/migrate_group.pl group group.ldif
ldapadd -x -w “domain1234” -D “cn=Manager,dc=c,dc=citic” -f group.ldif -h hdp -p 389
ldapadd -x -w “domain1234” -D “cn=Manager,dc=c,dc=citic” -f people.ldif -h hdp -p 389

8,在ranger中配置
image.png
image.png
image.png

image.png
image.png