Ubuntu下LDAP 部署文档
2024-06-03 20:19:22
LDAP 基本概念
LDAP 部署文档
环境准备
# cat /etc/issue
Ubuntu 16.04.6 LTS \n \l
# uname -r
4.4.0-142-generic
# slapd -VV
@(#) $OpenLDAP: slapd (Ubuntu) (Apr 10 2019 13:01:36) $buildd@lgw01-amd64-031:/build/openldap-QaSHhB/openldap-2.4.42+dfsg/debian/build/servers/slapd
一. 安装
1、安装软件包
# apt install slapd ldap-utils -y
在安装过程中,将要求您输入并确认LDAP的管理员密码。
2、初始化配置
OpenLDAP 2.3 and later have transitioned to using a dynamic runtime configuration engine, slapd-config. Configuring slapd
# dpkg-reconfigure slapd
1. Omit OpenLDAP server configuration: No
2. DNS domain name as base DN: wecash.net
3. Organization name: wecash Organization
4. Administrator password: wecash@2019
5. Database backend to use: MDB
6. Do you want the database to be removed when slapd is purged: No
7. Move old database: Yes
8. Allow LDAPv2 protocol? No
- 配置显示了示例配置树
- 验证是否运行
# ps -ef | grep slapd
openldap 11394 1 0 11:54 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
root 11419 1227 0 11:55 pts/0 00:00:00 grep --color=auto slapd
# netstat -ntlp | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 11394/slapd
tcp6 0 0 :::389 :::* LISTEN 11394/slapd
注: 软件默认安装路径为/etc/ldap,mdb数据库文件存放路径为/var/lib/ldap/4. 测试LDAP的接口
# ldapwhoami -H ldap:// -x
anonymous
anonymous是匿名用户的查询结果,因为我们运行ldapwhoami而不登录到LDAP服务器.这意味着服务器正在运行并应答查询. 5. 启动停止
# systemctl stop slapd.service
# systemctl start slapd.service
至此,LDAP的初步基本配置已经完成.官方文档解释在2.3之后的版本使用动态的配置文件的方式,使用ldapadd, ldapdelete or ldapmodify修改更新配置信息以及数据库信息,不建议使用slapd.conf配置文件方式进行管理.
二. 查看初始化信息
# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: olcBackend={0}mdb,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}mdb,cn=config# ldapsearch -x -LLL -H ldap:/// -b dc=wecash,dc=net dn
dn: dc=wecash,dc=net
dn: cn=admin,dc=wecash,dc=net
三. TLS
1、安装gnutls-bin和ssl-cert软件包
# apt install gnutls-bin ssl-cert
2、为证书颁发机构创建私钥
# sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem"
3、创建模板文件/etc/ssl/ca.info来定义CA
cn = Wecash Company
ca
cert_signing_key
4、创建自签名CA证书
# certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem
5、为服务器创建私钥
# certtool --generate-privkey --sec-param Medium --outfile /etc/ssl/private/tldap.wecash.net-key.pem
6、创建/etc/ssl/tldap.wecash.net.info信息文件,其中包含
organization = Wecash Company
cn = tldap.wecash.net
tls_www_server
encryption_key
signing_key
expiration_days = 3650
7、创建服务器的证书
# certtool --generate-certificate --load-privkey /etc/ssl/private/tldap.wecash.net-key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/tldap.wecash.net.info --outfile /etc/ssl/certs/tldap.wecash.net.pem
8、调整权限和所有权
# mkdir /etc/ldap/certs
# cp /etc/ssl/private/tldap.wecash.net-key.pem /etc/ldap/certs/
# cp /etc/ssl/certs/cacert.pem /etc/ldap/certs/
# cp /etc/ssl/certs/tldap.wecash.net.pem /etc/ldap/certs/
# chown -R openldap.openldap /etc/ldap/certs/
# chmod 0640 /etc/ssl/private/tldap.wecash.net-key.pem
# gpasswd -a openldap ssl-cert
9、创建文件certinfo.ldif
# cat certinfo.ldif
# create new
dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/certs/cacert.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/certs/tldap.wecash.net.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/certs/tldap.wecash.net-key.pem
10、使用ldapmodify命令通过slapd-config数据库告诉slapd我们的TLS工作
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
11.需要在/etc/default/slapd中添加ldaps:///才能使用加密。
# vim /etc/default/slapd
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
12、修改请求域名
# cat slapd.ldif
# log
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
-
add: olcIdleTimeout
olcIdleTimeout: 30
-
add: olcReferral
olcReferral: ldaps://tldap.wecash.net
-
add: olcLogFile
olcLogFile: /var/log/sladp.log# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f slapd.ldif
modifying entry "cn=config"# ldapsearch -Y external -H ldapi:/// -b cn=config "(objectClass=olcGlobal)" olcReferral
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectClass=olcGlobal)
# requesting: olcReferral
## config
dn: cn=config
olcReferral: ldaps://tldap.wecash.net# search result
search: 2
result: 0 Success# numResponses: 2
# numEntries: 1
13、重启slapd服务
# systemctl restart slapd.service
# netstat -ntlp | grep slapd
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 13728/slapd
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 13728/slapd
tcp6 0 0 :::389 :::* LISTEN 13728/slapd
tcp6 0 0 :::636 :::* LISTEN 13728/slapd
四. 验证数据
1、初始化一些数据
# cat add_content.ldif
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: Peopledn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groupsdn: cn=miners,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: miners
gidNumber: 5000dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: johnldap
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
# ldapadd -x -W -D "cn=admin,dc=wecash,dc=net" -f add_content.ldif
Enter LDAP Password: ********
adding new entry "ou=People,dc=example,dc=com"
adding new entry "ou=Groups,dc=example,dc=com"
adding new entry "cn=miners,ou=Groups,dc=example,dc=com"
adding new entry "uid=john,ou=People,dc=example,dc=com"
此时,使用客户端工具phpLDAPadmin或者LDAP Admin Tool访问LDAP server端即可以查看到数据. 2. 查询目录结构树
# ldapsearch -x -LLL -H ldap:/// -b dc=wecash,dc=net dn
dn: dc=wecash,dc=net
dn: cn=admin,dc=wecash,dc=net
dn: ou=Hosts,dc=wecash,dc=net
dn: ou=Devops,dc=wecash,dc=net
dn: ou=Groups,dc=wecash,dc=net
dn: ou=People,dc=wecash,dc=net
dn: ou=Marketing,dc=wecash,dc=net
dn: ou=department,dc=wecash,dc=net
dn: cn=iris+ipHostNumber=192.168.1.51,ou=Hosts,dc=wecash,dc=net
dn: cn=gojira+ipHostNumber=192.168.1.1,ou=Hosts,dc=wecash,dc=net
dn: cn=zedan+ipHostNumber=192.168.1.52,ou=Hosts,dc=wecash,dc=net
dn: cn=gamera+ipHostNumber=192.168.1.50,ou=Hosts,dc=wecash,dc=net
dn: cn=git-wecash01cn-p001.pek3.wecash.net,ou=Hosts,dc=wecash,dc=net
dn: uid=shuke,ou=Devops,dc=wecash,dc=net
dn: cn=dba,ou=Groups,dc=wecash,dc=net
dn: cn=devops,ou=Groups,dc=wecash,dc=net
dn: cn=tester,ou=Groups,dc=wecash,dc=net
dn: cn=manager,ou=Groups,dc=wecash,dc=net
dn: cn=developer,ou=Groups,dc=wecash,dc=net
dn: cn=Pete Minsky,ou=Marketing,dc=wecash,dc=net# 账号登录认证
# ldapwhoami -H ldapi:/// -x -D cn=admin,dc=wecash,dc=net -W
Enter LDAP Password:
dn:cn=admin,dc=wecash,dc=net
五. Logging设置
1、使用以下内容创建文件logging.ldif
# cat logging.ldif
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
2、更新数据
# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif
3、在/etc/rsyslog.conf增加内容
# Disable rate limiting
# (default is 200 messages in 5 seconds; below we make the 5 become 0)
$SystemLogRateLimitInterval 0
4、重启rsyslog服务
systemctl restart syslog.service
此时,tail -f /var/log/syslog查看日志文件内容,可以查看到LDAP相关log
六. LDAP命令介绍
ldapmodrdn 命令用于对 OpenLDAP 目录树中 RDN 条目的修改,可以从标准的条目信息输入或者使用 -f 指定 LDIF 文件的格式输入。
# ldapmodrdn -x -D cn=admin,dc=wecash,dc=net -w weopenldap -H ldapi:/// "cn=dba,ou=Groups,dc=wecash,dc=net" cn=wedba
ldappasswd 命令用于修改密码
# ldappasswd -x -D cn=admin,dc=wecash,dc=net -w weopenldap -H ldapi:/// "cn=wedba,ou=Groups,dc=wecash,dc=net" -S
ldapdelete 命令用于从目录树中删除指定条目,并根据 DN 条目删除一个或多个条目,但必须提供所要删除指定条目的权限所绑定的 DN(整个目录树的唯一标识名称)。
# ldapdelete -x -w weopenldap -D cn=admin,dc=wecash,dc=net "cn=tester,ou=Groups,dc=wecash,dc=net"
要检测配置文件的可用性,可设置输出级别:
# slaptest -F /etc/ldap/slapd.d
config file testing succeeded
# slaptest -d 3 -F /etc/ldap/slapd.d
slapcat 命令用于将数据条目转换为 OpenLDAP 的 LDIF 文件,可用于 OpenLDAP 条目的备份以及结合 slapdadd 指定用于恢复条目。
下面通过slapcat 备份 OpenLDAP 所有目录树条目:
# slapcat -v -l openldap.ldif
# 通过 ldapsearch 查看 shuke 用户及 sre 组相关信息,命令如下:
# ldapsearch -x -LLL uid=shuke
dn: uid=shuke,ou=stuff,dc=shuke,dc=com
givenName: shu
sn: ke
userPassword:: e01ENX00UXJjT1VtNldhdStWdUJYOGcrSVBnPT0=
gidNumber: 5000
homeDirectory: /home/shuke
loginShell: /bin/bash
cn: shuke
uid: shuke
uidNumber: 1100
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: person
objectClass: ldapPublicKey
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp[root@tldap ldap]# ldapsearch -x -LLL cn=sre
dn: cn=sre,ou=groups,dc=shuke,dc=com
cn: sre
objectClass: posixGroup
objectClass: top
gidNumber: 5000
description: sre group
memberUid: uid=wangwu,ou=stuff,dc=shuke,dc=com
memberUid: uid=guoliman,ou=stuff,dc=shuke,dc=com
memberUid: uid=fengfengzhao,ou=stuff,dc=shuke,dc=com
memberUid: uid=shuke,ou=stuff,dc=shuke,dc=com
memberUid: uid=mazengsui,ou=stuff,dc=shuke,dc=com
LDAP客户端机器验证:
# getent passwd shuke
shuke:*:12514:10202:shuke:/home/shuke:/bin/bash
OpenLDAP 命令介绍-OpenLDAP
七. 卸载LDAP
1、命令卸载
# apt-get purge --auto-remove slapd ldap-utils
2、删除目录
# rm -rf /etc/ldap && rm -rf /var/lib/ldap
八. Backup and Restore
1、下载脚本文件
wget --no-check-certificate https://raw.githubusercontent.com/alexanderjackson/ldap-backup-and-restore/master/ldap-backup -O /usr/local/sbin/ldap-backup
wget --no-check-certificate https://raw.githubusercontent.com/alexanderjackson/ldap-backup-and-restore/master/ldap-restore -O /usr/local/sbin/ldap-restore
chown root.root /usr/local/sbin/ldap-backup /usr/local/sbin/ldap-restore
chmod 500 /usr/local/sbin/ldap-backup /usr/local/sbin/ldap-restore
备份脚本
2、备份脚本
# grep -v '^#' /usr/local/sbin/ldap-backup
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BACKUP_PATH=/data/backups/ldap/${TIMESTAMP}
echo " Creating backup at ${BACKUP_PATH}"
mkdir -p ${BACKUP_PATH}
/usr/bin/nice /usr/sbin/slapcat -n 0 > ${BACKUP_PATH}/config.ldif
/usr/bin/nice /usr/sbin/slapcat -n 1 > ${BACKUP_PATH}/domain.ldif
/usr/bin/nice /usr/sbin/slapcat -n 2 > ${BACKUP_PATH}/access.ldif
chmod 640 ${BACKUP_PATH}/*.ldif
tar cpzf ${BACKUP_PATH}/etc_ldap.tgz /etc/ldap >/dev/null 2>&1
tar cpzf ${BACKUP_PATH}/var_lib_ldap.tgz /var/lib/ldap >/dev/null 2>&1
ls -ahl ${BACKUP_PATH}
echo "Run ldap-restore to restore previous backups..."
3、计划任务
# cat /etc/cron.d/ldap-backup
MAILTO=yunwei@wecash.net
0 0 * * * root /usr/local/sbin/ldap-backup
4、恢复LDAP数据
sudo systemctl stop slapd.service
sudo mkdir /var/lib/ldap/accesslog
sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /data/backups/ldap/${TIMESTAMP}/config.ldif
sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /data/backups/ldap/${TIMESTAMP}/domain.com.ldif
sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /data/backups/ldap/${TIMESTAMP}/access.ldif
sudo chown -R openldap:openldap /etc/ldap/slapd.d/
sudo chown -R openldap:openldap /var/lib/ldap/
sudo systemctl start slapd.service
参考脚本文件:GitHub - alexanderjackson/ldap-backup-and-restoreHow To Backup and Restore OpenLDAP - Tyler’s Guides
ldap3 client example
ldap3-client-example
ldapPublicKey
1、配置文件
# cat openssh-lpk.ldif
# LDAP SSH Public Key schema
# Source: https://serverfault.com/questions/653792/ssh-key-authentication-using-ldap
# Homepage: https://github.com/AndriiGrytsenko/openssh-ldap-publickeydn: cn=openssh-lpk,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openssh-lpk
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'DESC 'MANDATORY: OpenSSH Public key'EQUALITY octetStringMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey'DESC 'MANDATORY: OpenSSH LPK objectclass'SUP top AUXILIARYMAY ( sshPublicKey $ uid ))
2、导入配置信息
# ldapadd -Y EXTERNAL -H ldapi:/// -f openssh-lpk.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=openssh-lpk,cn=schema,cn=config"
此时,可以使用sshPublicKey属性进行user登录验证.
LDAP server端配置sudo
# cat exports.ldifdn: dc=shuke,dc=com
objectClass: top
objectClass: domain
dc: shukedn: ou=stuff,dc=shuke,dc=com
description:: 5ZGY5bel
ou: stuff
objectClass: top
objectClass: organizationalUnit
objectClass: labeledURIObjectdn: ou=groups,dc=shuke,dc=com
description:: 57uE
ou: groups
objectClass: top
objectClass: organizationalUnitdn: ou=department,dc=shuke,dc=com
description:: 6YOo6Zeo
ou: department
objectClass: organizationalUnit
objectClass: topdn: cn=sre,ou=groups,dc=shuke,dc=com
description: sre group
cn: sre
objectClass: posixGroup
objectClass: top
gidNumber: 5000
memberUid: uid=wangwu,ou=stuff,dc=shuke,dc=com
memberUid: uid=guoliman,ou=stuff,dc=shuke,dc=com
memberUid: uid=fengfengzhao,ou=stuff,dc=shuke,dc=com
memberUid: uid=shuke,ou=stuff,dc=shuke,dc=com
memberUid: uid=mazengsui,ou=stuff,dc=shuke,dc=comdn: uid=fengfengzhao,ou=stuff,dc=shuke,dc=com
uid: fzhao
uid: fengfengzhao
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
homeDirectory: /home/fzhao
sn: zhao
uidNumber: 1110
cn: fengfengzhao
cn: uid
givenName: fengfeng
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: ldapPublicKey
objectClass: shadowAccount
userPassword: {SSHA}zcDVAK2aCjni6gjm1YIX8KfmgCYoUgmY
gidNumber: 5000dn: uid=shuke,ou=stuff,dc=shuke,dc=com
uid: shuke
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
homeDirectory: /home/shuke
sn: ke
cn: shuke
uidNumber: 1100
givenName: shu
userPassword: {MD5}4QrcOUm6Wau+VuBX8g+IPg==
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: person
objectClass: ldapPublicKey
gidNumber: 5000dn: uid=zhangsan,ou=stuff,dc=shuke,dc=com
displayName: zhangchao
shadowMax: 99999
shadowWarning: 7
cn: zhangchao
userPassword: {SSHA}8Bh8j9CCMOAk/73q700DYSnO02WAkMEveP8CeA==
gidNumber: 5000
uid: orange1
uid: zhangsan
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0lrkO0xCQnkheasZ1oLtkNR2oMhpUM/51V7ULfm6YvUMUyFdv04zZMfF/eCFYVTtHSu95MJIZ5HYS23Vn0J9qsjWMh3KvPqNM0dTFbmj0Uq45ndaq8pRxwU/C7hGyAIR7mFyfkflNNNAa/MwGP7iI8hpdW1r4+mF2+lV6QXJFQxJTiqZhDu0lxwx2D/oXQsv8P1S/2WOOtoNeLSx0onaPhi/+Veq9d+XZtkMaP6sXg1vNS3+oCxLosKG8at8JBTGnHRBqPF3yoFAZwhpDcR/ti5/cE6sKwIcIka4eVxb/QSQRol1WLNdrOs5KRXrrPgfF1eaoIB0vg14DGJB4kuth shuke@MacBooKPro
loginShell: /bin/bash
mail: zhangchao@pyg168.com
description: zhangchao's Home
homeDirectory: /home/zhangchao
shadowMin: 0
sn: zhangchao
uidNumber: 1102
givenName: zhangchao
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: ldapPublicKey
mobile: 136868866688dn: uid=mazengsui,ou=stuff,dc=shuke,dc=com
displayName: mazengsui
shadowMax: 99999
shadowWarning: 7
cn: uid
userPassword: {SSHA}CLbC3r65e+W5aNBu8P1c+Nlx1yoSRGLw
gidNumber: 5000
uid: mazengsui
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
mail: mazengsui@pyg168.com
description: mazengsui's Home
homeDirectory: /home/mazengsui
shadowMin: 0
sn: mazengsui
uidNumber: 1104
givenName: mazengsui
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: ldapPublicKey
mobile: 136868866688dn: uid=guoliman,ou=stuff,dc=shuke,dc=com
displayName: guoliman
shadowMax: 99999
shadowWarning: 7
cn: uid
userPassword: {SSHA}IKP3AfbrX0acBejnXL00AlafrRCFDU9I8z6erg==
gidNumber: 5000
uid: guoliman
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
mail: guoliman@pyg168.com
description: guoliman's Home
homeDirectory: /home/guoliman
shadowMin: 0
sn: guoliman
uidNumber: 1106
givenName: guoliman
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: ldapPublicKey
mobile: 136868866688dn: uid=chenghuikai,ou=stuff,dc=shuke,dc=com
displayName: chenghuikai
shadowMax: 99999
shadowWarning: 7
cn: uid
userPassword: {SSHA}cPbXPfJR2BWhmf7+zb955uFd6vciwH3+Q/dxKA==
gidNumber: 5000
uid: chenghuikai
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
mail: chenghuikai@pyg168.com
description: chenghuikai's Home
homeDirectory: /home/chenghuikai
shadowMin: 0
sn: chenghuikai
uidNumber: 1108
givenName: chenghuikai
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: ldapPublicKey
mobile: 136868866688dn: uid=wangwu,ou=stuff,dc=shuke,dc=com
displayName: wangwu
shadowMax: 99999
shadowWarning: 7
cn: uid
userPassword: {SSHA}Cn73NepMT0TeHU85Nh1Otu2mGboPpM/OU7vwrQ==
gidNumber: 5000
uid: wangwu
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
mail: wangwu@pyg168.com
description: wangwu's Home
homeDirectory: /home/wangwu
shadowMin: 0
sn: wangwu
uidNumber: 1112
givenName: wangwu
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: ldapPublicKey
mobile: 136868866688dn: cn=data,ou=department,dc=shuke,dc=com
description:: 5pWw5o2u6L+Q6JCl
cn: data
objectClass: organizationalRole
objectClass: topdn: cn=risk,ou=department,dc=shuke,dc=com
description:: 6aOO5o6n
cn: risk
objectClass: organizationalRole
objectClass: topdn: cn=bigdata,ou=department,dc=shuke,dc=com
description:: 5aSn5pWw5o2u
cn: bigdata
objectClass: organizationalRole
objectClass: topdn: cn=customer,ou=department,dc=shuke,dc=com
postalCode: 100000
description:: 5a6i5pyN
cn: customer
street: BeiJing
telephoneNumber: 010-10032003
l: BeiJing
objectClass: organizationalRole
objectClass: topdn: cn=bigdata,ou=groups,dc=shuke,dc=com
description: bigdata group
cn: bigdata
objectClass: posixGroup
objectClass: top
gidNumber: 5001dn: cn=hr,ou=groups,dc=shuke,dc=com
description: hr group
cn: hr
objectClass: posixGroup
gidNumber: 5003
memberUid: uid=wangwu,ou=stuff,dc=shuke,dc=comdn: cn=dev,ou=groups,dc=shuke,dc=com
description: dev group
cn: dev
objectClass: posixGroup
gidNumber: 5005dn: cn=risk,ou=groups,dc=shuke,dc=com
description: risk group
cn: risk
objectClass: posixGroup
objectClass: top
gidNumber: 5001
memberUid: uid=wangwu,ou=stuff,dc=shuke,dc=comdn: uid=oracle,ou=stuff,dc=shuke,dc=com
uid: oracle
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMPwi6Q/Zcb1N6sWnFf5/EwTvmpfEZyRI0XUnCtZKWEPPCbgjPfQ2ZKYPCsmfvqA6uaVolBzLM04BZEbbeHmC1mB3kpvOXmZtH7iAt22khCyS5A/jzaE9lwgyGzO/mhJQ83EIBt4MtO/UgGyk1EAyQH0gAGgfqQ2Htyp44wxul0plpbcmTElQQUZiLMNUspKS4i3BDGSWwu+Y2q7h3jTfgMpyLweqnt4vuUwhaGouP1P6q7M7HCRMKbXL5MH3K0sz5G1WpiqsXxtHbFgQZiniOwO/EaUvca9MQRwY5zeMxkUJ38HlpvRjp16HevpuLqvUqy2Uw2migJNW52ZubtGlOzc8mJh/qSLUTV1238Z6dgR6nELa260RnsPNp3Utb7HkhY6WZSRYxNxjvsGWDIKMczPHbfhHf0iuuxGt96dPhpM6V8UH0zbPUEL/6+VRTMThflewLA+2/9J5VzG+Ugqm3vU3jVZxgMqqFlJmI9nfw0/H+1H+6AEU556fNTqBFQAEQDNKltv4hv/YLmpcYh7lSJU9TjHaHCXpbLDaAQPLcNBFzA1lL3KU+rx1xwww4Tbn77qU/JmSACLP/oczrLvb+kLjO2dyi0WfEjqgeIn83OPPv4CtTMlpHZj2kP2L7Sw8RZHXurL1wLqBnVrCGzHcC2huB9jn3QUedWjVqdA6Sw== shuke@shukes-mbp
loginShell: /bin/bash
homeDirectory: /home/oracle
cn: oracle
sn: ke
uidNumber: 1114
givenName: oracle
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: person
objectClass: ldapPublicKey
userPassword: {MD5}4QrcOUm6Wau+VuBX8g+IPg==
gidNumber: 5000dn: cn=dba,ou=groups,dc=shuke,dc=com
description: dba group
cn: dba
objectClass: posixGroup
objectClass: top
gidNumber: 5003
memberUid: uid=oracle,ou=stuff,dc=shuke,dc=com
memberUid: uid=wangwu,ou=stuff,dc=shuke,dc=comdn: ou=sudoers,dc=shuke,dc=com
description:: c3VkbyDmnYPpmZDnu4Q=
ou: sudoers
objectClass: top
objectClass: organizationalUnitdn: cn=%admin,ou=sudoers,dc=shuke,dc=com
sudoOption: authenticate
sudoHost: ALL
description: admin group
sudoUser: %admin
sudoCommand: /bin/rm
sudoCommand: /bin/rmdir
sudoCommand: /bin/chmod
sudoCommand: /bin/chown
sudoCommand: /bin/dd
sudoCommand: /bin/mv
sudoCommand: /bin/cp
sudoCommand: /sbin/fsck*
sudoCommand: /sbin/*remove
sudoCommand: /usr/bin/chattr
sudoCommand: /sbin/mkfs*
sudoCommand: !/usr/bin/passwd
cn: %admin
sudoOrder: 0
objectClass: sudoRole
objectClass: topdn: cn=%dba,ou=sudoers,dc=shuke,dc=com
sudoOption: !authenticate
sudoRunAsUser: oracle
sudoRunAsUser: grid
sudoHost: ALL
sudoUser: %dba
sudoCommand: /bin/bash
cn: %dba
objectClass: sudoRole
objectClass: topdn: cn=%limit,ou=sudoers,dc=shuke,dc=com
sudoOption: !authenticate
sudoRunAsUser: ALL
sudoHost: limit.shuke.com
sudoUser: %limit
sudoCommand: /usr/bin/chattr
cn: %limit
objectClass: sudoRole
objectClass: topdn: cn=%manager,ou=sudoers,dc=shuke,dc=com
sudoOption: !authenticate
sudoRunAsUser: ALL
sudoHost: ALL
sudoUser: ALL
sudoCommand: /bin/bash
cn: %manager
objectClass: sudoRole
objectClass: topdn: cn=%risk,ou=sudoers,dc=shuke,dc=com
sudoOption: !authenticate
sudoRunAsUser: app
sudoHost: ALL
sudoUser: %risk
sudoCommand: /bin/bash
cn: %risk
objectClass: sudoRole
objectClass: topdn: cn=%wheel,ou=sudoers,dc=shuke,dc=com
sudoRunAsUser: ALL
sudoHost: ALL
sudoUser: %wheel
sudoCommand: ALL
cn: %wheel
objectClass: top
objectClass: sudoRoledn: cn=defaults,ou=sudoers,dc=shuke,dc=com
sudoOption: !visiblepw
sudoOption: always_set_home
sudoOption: match_group_by_gid
sudoOption: always_query_group_plugin
sudoOption: env_reset
sudoOption: env_keep=COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS
sudoOption: env_keep+=MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE
sudoOption: env_keep+=LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES
sudoOption: env_keep+=LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE
sudoOption: env_keep+=LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY
sudoOption: secure_path=/sbin:/bin:/usr/sbin:/usr/bin
description: Default sudoOption's go here
cn: defaults
objectClass: top
objectClass: sudoRoledn: cn=root,ou=sudoers,dc=shuke,dc=com
sudoRunAsUser: ALL
sudoHost: ALL
sudoUser: root
sudoCommand: ALL
cn: root
objectClass: top
objectClass: sudoRoledn: cn=ubuntu,ou=sudoers,dc=shuke,dc=com
sudoOption: !authenticate
sudoHost: ALL
sudoUser: ubuntu
sudoCommand: ALL
cn: ubuntu
objectClass: top
objectClass: sudoRoledn: cn=%sre,ou=sudoers,dc=shuke,dc=com
sudoOption: !authenticate
sudoRunAsUser: ALL
sudoHost: ALL
sudoUser: %sre
sudoCommand: /usr/bin/chattr
sudoCommand: /bin/bash
sudoCommand: /usr/bin/pwd
sudoCommand: /bin/ls
sudoCommand: /bin/whoami
sudoCommand: /bin/ps -ef
sudoCommand: netstat -ntlpu
sudoCommand: /bin/ps -aux
cn: %sre
objectClass: sudoRole
objectClass: top
OpenLDAP Sudo 权限讲解OpenLDAP Sudo 规则
Q&A
1、如何修改默认的数据库文件创建路径? 默认的数据库文件路径是/var/lib/ldap
2、创建存放DB数据的路径,并修改权限
# mkdir /data/ldap/data -pv
# chown -R openldap.openldap /data/ldap/data
编写修改db路径的ldif文件
# cat dbpath.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcDbDirectory
olcDbDirectory: /data/ldap/data
执行修改命令,提示错误信息如下
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f dbpath.ldif
adding new entry "olcDatabase={1}hdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)additional info: olcDbDirectory: value #0: invalid path: Permission denied
log信息 ldap启动失败,/var/log/syslog日志显示:olcDbDirectory: value #0: invalid path: Permission denied
问题原因 AppArmor的配置导致
AppArmor (Application Armor) 是一个类似于 SELinux 的一个强制访问控制方法,通过它你可以指定程序可以读、写或运行哪些文件,是否可以打开网络端口等。AppArmor 配置比 SELinux 更加方便比较适合学习 I believe if you want to install the LDAP Db to another directory you would need to add that directory to the apparmor profile for slapd. In my case that would have been editing “/etc/apparmor.d/usr.sbin.slapd” and changing
解决方法
# vim /etc/apparmor.d/usr.sbin.slapd# the databases and logs/var/lib/ldap/ r,/var/lib/ldap/** rwk,# lock file/var/lib/ldap/alock kw,/data/ldap/data/ r,/data/ldap/data/** rwk,# lock file/data/ldap/data/alock kw,添加DB路径到配置文件中,如上所示
重启apparmor服务
# /etc/init.d/apparmor restart
修改路径
# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f dbpath.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
重启ldap服务
# systemctl restart slapd.service
查看验证
# ldapsearch -H ldapi:// -Y EXTERNAL -b "olcDatabase={1}mdb,cn=config" "(objectClass=olcDatabaseConfig)" olcDbDirectory -LLL
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={1}mdb,cn=config
olcDbDirectory: /data/ldap/data
参考资料
2、如何设置LDAP管理员密码?
生成密码
# slappasswd
New password:
Re-enter new password:
{SSHA}XsxctHt+Ae3Saq2Kcead4UdZ0kOTZRn8
生成LDIF文件
cat << EOF > chrootpw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}XsxctHt+Ae3Saq2Kcead4UdZ0kOTZRn8
EOF
执行LDIF文件
# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
参考链接 :
LDAP 部署文档 https://mp.weixin.qq.com/s/aqdw71tR_xpIWeIa9J5eHQ
Ubuntu下LDAP 部署文档相关推荐
- ubuntu下man帮助文档不全怎么办?如何解决?
真心后悔用ubuntu学习linux 发现很多东西不全,kate没有,vi版本低,帮助文档不全一系列的问题.ubuntu下man帮助文档不全怎么办?如何解决?不用担心,下边小编就为大家带来最详细的解决 ...
- ubuntu下新建txt文档的快捷方式
① 进入模板文件夹~/Templates,右键打开终端 ② 输入如下命令: sudo gedit txt文档.txt ③ 点击右上角保存,退出. 即可通过右键新建txt模板.
- CentOS5.5下SVN部署文档
简述: SVN是一个安全虚拟网络系统,它将系统整体的信息安全功能均衡合理地分布在不同的子系统中, 使各子系统的功能得到最大限度的发挥,子系统之间互相补充,系统整体性能大于各子系统功能之和,用均衡互 ...
- Fabric部署文档汇总(仅供参考)
老久之前研究Fabric记录的部署文档,有需要的可以做个参考! 这里编辑器不太好用,看起来有些乱,有要求的可以在这https://download.csdn.net/download/vohyeah/ ...
- Docker部署文档
Docker部署文档 目录 Docker部署文档 1 一.什么是Docker 3 1.1Docker简介 3 1.2对比传统虚拟机总结 4 1.3Docker通常用于如下场景: 5 1.4基本概念 5 ...
- centos7安装rabbitmq_rabbitmq v3.7.16安装部署文档
RabbitMQ v3.7.16安装部署文档 部署安装过程严格按照官方文档的流程. 前言 软件版本 os centos7(ubuntu也适用,需要替换部分命令) rabbitmq v3.7.16 (r ...
- centos7 后端部署文档
centos7 部署文档 环境说明 pyenv的安装与使用 pipenv的安装与使用 supervisor的安装与使用 mysql的安装与使用 redis的安装与使用 环境说明 本次部暑基于 Linu ...
- IM开源项目OpenIM部署文档-从准备工作到nginx配置
IM开源项目OpenIM部署文档-从准备工作到nginx配置 2022-11-14 22:27·OpenIM 一.准备工作 运行环境 linux系统即可, Ubuntu 7.5.0-3ubuntu1~ ...
- 如何在 Ubuntu 上安装 ONLYOFFICE 文档 v7.2
作者:Vincent Young 使用社区版,您可以在本地服务器上安装 ONLYOFFICE 文档,并将在线编辑器与 ONLYOFFICE 协作平台或其他热门系统集成在一起. ONLYOFFICE文档 ...
最新文章
- 癌症中克隆种群结构统计推断分析软件PyClone安装小记
- 与应用程序松耦合的报表开发组织
- PHP对Json字符串解码返回NULL的一般解决方案
- oracle服务器和客户端字符集的查看和修改
- linux下的安装命令行工具下载,linux系统程序安装(二)yum工具2-yum源及包下载
- 小型机oracle命令,Oracle小型机如何选型
- USACO-Section1.4 Barn Repair (贪心算法)
- C++之使用IO库输入输出
- BZOJ1345 [Baltic2007]序列问题Sequence
- oracle 参数脚本,oracle 查看隐含参数脚本
- Webbench学习笔记二:getopt_long函数和build_request函数
- j2me模拟器自动退出的原因
- HTML5从入门到精通电子书pdf下载
- 云计算及其支撑技术简介
- 备战软考,怎样复习才最有效?
- 2022做跨境为什么要首选Lazada和shopee,现在入驻会面临哪些挑战和机遇?
- Endnote导入下载好的引用文件
- 搭建Jumpserver服务器管理公司服务器
- 「 WEB测试工程师 」岗位一面总结
- [584]python给生僻字注拼音(pypinyin库)
热门文章
- java的位桶是什么_Java关于桶排序的知识点总结
- matlab神经网络(二)-bp神经网络,MATLAB神经网络(2) BP神经网络的非线性系统建模——非线性函数拟合...
- upload组件 获得焦点_HTML Input FileUpload autofocus用法及代码示例
- pytorch模型转onnx遇到的问题记录
- ObjC学习9-Foundation框架之数字、字符串和集合
- php 7 pdoexception,关于php:未捕获的异常’PDOException’
- 现代电子计算机诞生理论基础是什么,《计算机应用基础》习题集2
- nginx基本配置与参数说明-【转】
- c#+wpf项目性能优化之OutOfMemoryException解密
- 019-Spring Boot 日志