内容简介:关闭2台机器的 selinux 和防火墙配置文件拷贝配置文件到 home 目录
关闭2台机器的 selinux 和防火墙
systemctl stop firewalld.service setenforce 0 [root@server ~]# sed -i s/^SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
安装
yum install openldap openldap-clients openldap-servers migrationtools
配置文件
cd /etc/openldap/slapd.d
拷贝配置文件到 home 目录
cp /usr/share/openldap-servers/slapd.ldif /home/
修改 dc=my-doamin 为你的域名
dn: olcDatabase=monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: monitor olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none
设置一个密码
[root@server home]# slappasswd
New password:
Re-enter new password:
{SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
把密码加入到配置文件
olcRootDN: cn=Manager,dc=abc,dc=com
olcRootPW: {SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
#增加一行PW:后注意是 tab 键盘 不要留空格
增加内容
include: file:///etc/openldap/schema/corba.ldif include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/duaconf.ldif include: file:///etc/openldap/schema/dyngroup.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/java.ldif include: file:///etc/openldap/schema/misc.ldif include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/openldap.ldif include: file:///etc/openldap/schema/ppolicy.ldif include: file:///etc/openldap/schema/collective.ldif
我这边得到的结果是,注意删除重复的,否则后面会报49错误
[root@server /]# cat /home/slapd.ldif
#
# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
#
# TLS settings
#
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: "OpenLDAP Server"
olcTLSCertificateKeyFile: /etc/openldap/certs/password
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#
#olcReferral: ldap://root.openldap.org
#
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 64-bit encryption for simple bind
#
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
#
# Load dynamic backend modules:
# - modulepath is architecture dependent value (32/64-bit system)
# - back_sql.la backend requires openldap-servers-sql package
# - dyngroup.la and dynlist.la cannot be used at the same time
#
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
#olcModulepath: /usr/lib/openldap
#olcModulepath: /usr/lib64/openldap
#olcModuleload: accesslog.la
#olcModuleload: auditlog.la
#olcModuleload: back_dnssrv.la
#olcModuleload: back_ldap.la
#olcModuleload: back_mdb.la
#olcModuleload: back_meta.la
#olcModuleload: back_null.la
#olcModuleload: back_passwd.la
#olcModuleload: back_relay.la
#olcModuleload: back_shell.la
#olcModuleload: back_sock.la
#olcModuleload: collect.la
#olcModuleload: constraint.la
#olcModuleload: dds.la
#olcModuleload: deref.la
#olcModuleload: dyngroup.la
#olcModuleload: dynlist.la
#olcModuleload: memberof.la
#olcModuleload: pcache.la
#olcModuleload: ppolicy.la
#olcModuleload: refint.la
#olcModuleload: retcode.la
#olcModuleload: rwm.la
#olcModuleload: seqmod.la
#olcModuleload: smbk5pwd.la
#olcModuleload: sssvlv.la
#olcModuleload: syncprov.la
#olcModuleload: translucent.la
#olcModuleload: unique.la
#olcModuleload: valsort.la
#
# Schema settings
#
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/ppolicy.ldif
include: file:///etc/openldap/schema/collective.ldif
#
# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
#
# Sample global access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#
#
# Configuration database
#
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" manage by * none
#
# Server status monitoring
#
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none
#
# Backend database definitions
#
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcSuffix: dc=abc,dc=com
olcRootDN: cn=Manager,dc=abc,dc=com
olcRootPW: {SSHA}eO9asOoLigAQEaoCkAT+yG2A6B7+c5l5
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
olcDbIndex: uidNumber,gidNumber,loginShell eq,pres
olcDbIndex: uid,memberUid eq,pres,sub
olcDbIndex: nisMapName,nisMapEntry eq,pres,sub
删除原有的配置
[root@server ~]# rm -rf /etc/openldap/slapd.d/*
将 home 目录的slapd.ldif 加载进配置文件目录中
[root@server home]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif 591fd54d str2entry: entry -1 has no dn slapadd: could not parse entry (line=724) _################### 99.70% eta none elapsed none spd 3.3 M/s Closing DB...
上面这个是提示有错误的,正确的应该是下面这样
[root@server ~]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif _#################### 100.00% eta none elapsed none fast! Closing DB...
- -l:说明了包含要增加的条目的文本格式的LDIF输入文件
- -f:说明了slapd配置文件的格式。该配置文件说明了在何处创建索引,以及创建什么索引等等
- -n:说明修改那一个数据库的可选参数
测试文件是否正确
[root@server home]# slaptest -u -F /etc/openldap/slapd.d/ config file testing succeeded
若正确则提示:
config file testing succeeded
修改配置文件的所有者,否则无法读取这些配置:
chown -Rv ldap.ldap /etc/openldap/slapd.d
如下
[root@server slapd.d]# chown -Rv ldap.ldap /etc/openldap/slapd.d/
changed ownership of ‘/etc/openldap/slapd.d/cn=config.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}collective.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config’ from root:root to ldap:ldap
ownership of ‘/etc/openldap/slapd.d/’ retained as ldap:ldap
确认下所有者和所属组
[root@server slapd.d]# ll total 4 drwxr-x--- 3 ldap ldap 45 May 20 13:34 cn=config -rw------- 1 ldap ldap 589 May 20 13:34 cn=config.ldif
创建数据库配置文件
[root@server slapd.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@server slapd.d]# chown -Rv ldap.ldap /var/lib/ldap/DB_CONFIG changed ownership of ‘/var/lib/ldap/DB_CONFIG’ from root:root to ldap:ldap
启动服务
[root@server ~]# systemctl start slapd.service [root@server ~]# systemctl status slapd.service [root@server ~]# systemctl enable slapd.service
创建多个用户
[root@server ~]# ./create_user.sh mkdir: created directory ‘/home/ldapuser’ Changing password for user lduser1. passwd: all authentication tokens updated successfully. Changing password for user lduser2. passwd: all authentication tokens updated successfully. Changing password for user lduser3. passwd: all authentication tokens updated successfully. Changing password for user lduser4. passwd: all authentication tokens updated successfully. Changing password for user lduser5. passwd: all authentication tokens updated successfully. Changing password for user lduser6. passwd: all authentication tokens updated successfully.
附脚本内容
[root@server ~]# cat create_user.sh
#!/bin/bash
USER_LIST=ldapuser.txt
HOME_ldap=/home/ldapuser
mkdir -pv $HOME_ldap
for USERID in `awk '{print $1}' $USER_LIST`; do
USERNAME="`grep "$USERID" $USER_LIST | awk '{print $2}'`"
HOMEDIR=${HOME_ldap}/${USERNAME}
useradd $USERNAME -u $USERID -d $HOMEDIR
grep "$USERID" $USER_LIST | awk '{print $3}' | passwd --stdin $USERNAME
done
[root@server ~]# cat ldapuser.txt
5000 lduser1 123456
5001 lduser2 123456
5002 lduser3 123456
5003 lduser4 123456
5004 lduser5 123456
5005 lduser6 123456
[root@server ~]#
修改 /usr/share/migrationtools/migrate_common.ph 文件
vim /usr/share/migrationtools/migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "abc.com"; # Default base $DEFAULT_BASE = "dc=abc,dc=com";
创建基本的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_base.pl > /root/base.ldif
创建用户的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_passwd.pl /etc/passwd /root/user.ldif
编辑vim /root/user.ldif,只留下LDAP用户的相关信息,删掉其他用户信息(不删也没事)。
user.ldif中所有的DN都是属于People这个OU,而People这个OU是在base.ldif中定义的。
user.ldif中所有的DN都是继承自以下4个类:
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
其中posixAccount和shadowAccount提供了uidNumber、gidNumber、homeDirectory、loginShell、userPassword这些属性
创建组数据库信息
[root@server ~]# /usr/share/migrationtools/migrate_group.pl /etc/group /root/group.ldif
编辑group.ldif,只留LDAP用户相关的组的信息,删掉其他用户信息(不删也没事)。
user.ldif中所有的DN都是属于Group这个OU,而Group这个OU是在base.ldif中定义的。
使用 ldapadd 导入数据库
在ldappadd命令中常用的选项如下:
-x:进行简单认证。
-D:用来绑定服务器的dn。
-h:目录服务的地址。
-w:绑定dn的密码。
-f:使用LDIF文件进行条目添加的文件。
[root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f user.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
49 是语法错误,检查配置文件
正常的是如下
[root@adsl-172-10-100-129 ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif Enter LDAP Password: adding new entry "dc=abc,dc=com" adding new entry "ou=Hosts,dc=abc,dc=com" adding new entry "ou=Rpc,dc=abc,dc=com" adding new entry "ou=Services,dc=abc,dc=com" adding new entry "nisMapName=netgroup.byuser,dc=abc,dc=com" adding new entry "ou=Mounts,dc=abc,dc=com" adding new entry "ou=Networks,dc=abc,dc=com" adding new entry "ou=People,dc=abc,dc=com" adding new entry "ou=Group,dc=abc,dc=com" adding new entry "ou=Netgroup,dc=abc,dc=com" adding new entry "ou=Protocols,dc=abc,dc=com" adding new entry "ou=Aliases,dc=abc,dc=com" adding new entry "nisMapName=netgroup.byhost,dc=abc,dc=com" [root@adsl-172-10-100-129 ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif Enter LDAP Password: adding new entry "cn=root,ou=Group,dc=abc,dc=com" adding new entry "cn=bin,ou=Group,dc=abc,dc=com" adding new entry "cn=daemon,ou=Group,dc=abc,dc=com" adding new entry "cn=sys,ou=Group,dc=abc,dc=com" adding new entry "cn=adm,ou=Group,dc=abc,dc=com" adding new entry "cn=tty,ou=Group,dc=abc,dc=com" adding new entry "cn=disk,ou=Group,dc=abc,dc=com" adding new entry "cn=lp,ou=Group,dc=abc,dc=com" adding new entry "cn=mem,ou=Group,dc=abc,dc=com" adding new entry "cn=kmem,ou=Group,dc=abc,dc=com" adding new entry "cn=wheel,ou=Group,dc=abc,dc=com" adding new entry "cn=cdrom,ou=Group,dc=abc,dc=com" adding new entry "cn=mail,ou=Group,dc=abc,dc=com" adding new entry "cn=man,ou=Group,dc=abc,dc=com" adding new entry "cn=dialout,ou=Group,dc=abc,dc=com" adding new entry "cn=floppy,ou=Group,dc=abc,dc=com" adding new entry "cn=games,ou=Group,dc=abc,dc=com" adding new entry "cn=tape,ou=Group,dc=abc,dc=com" adding new entry "cn=video,ou=Group,dc=abc,dc=com" adding new entry "cn=ftp,ou=Group,dc=abc,dc=com" adding new entry "cn=lock,ou=Group,dc=abc,dc=com" adding new entry "cn=audio,ou=Group,dc=abc,dc=com" adding new entry "cn=nobody,ou=Group,dc=abc,dc=com" adding new entry "cn=users,ou=Group,dc=abc,dc=com" adding new entry "cn=utmp,ou=Group,dc=abc,dc=com" adding new entry "cn=utempter,ou=Group,dc=abc,dc=com" adding new entry "cn=input,ou=Group,dc=abc,dc=com" adding new entry "cn=systemd-journal,ou=Group,dc=abc,dc=com" adding new entry "cn=systemd-bus-proxy,ou=Group,dc=abc,dc=com" adding new entry "cn=systemd-network,ou=Group,dc=abc,dc=com" adding new entry "cn=dbus,ou=Group,dc=abc,dc=com" adding new entry "cn=polkitd,ou=Group,dc=abc,dc=com" adding new entry "cn=abrt,ou=Group,dc=abc,dc=com" adding new entry "cn=unbound,ou=Group,dc=abc,dc=com" adding new entry "cn=tss,ou=Group,dc=abc,dc=com" adding new entry "cn=libstoragemgmt,ou=Group,dc=abc,dc=com" adding new entry "cn=rpc,ou=Group,dc=abc,dc=com" adding new entry "cn=colord,ou=Group,dc=abc,dc=com" adding new entry "cn=usbmuxd,ou=Group,dc=abc,dc=com" adding new entry "cn=cgred,ou=Group,dc=abc,dc=com" adding new entry "cn=dip,ou=Group,dc=abc,dc=com" adding new entry "cn=ssh_keys,ou=Group,dc=abc,dc=com" adding new entry "cn=saslauth,ou=Group,dc=abc,dc=com" adding new entry "cn=geoclue,ou=Group,dc=abc,dc=com" adding new entry "cn=libvirt,ou=Group,dc=abc,dc=com" adding new entry "cn=rtkit,ou=Group,dc=abc,dc=com" adding new entry "cn=radvd,ou=Group,dc=abc,dc=com" adding new entry "cn=rpcuser,ou=Group,dc=abc,dc=com" adding new entry "cn=nfsnobody,ou=Group,dc=abc,dc=com" adding new entry "cn=kvm,ou=Group,dc=abc,dc=com" adding new entry "cn=qemu,ou=Group,dc=abc,dc=com" adding new entry "cn=chrony,ou=Group,dc=abc,dc=com" adding new entry "cn=setroubleshoot,ou=Group,dc=abc,dc=com" adding new entry "cn=pulse-access,ou=Group,dc=abc,dc=com" adding new entry "cn=pulse-rt,ou=Group,dc=abc,dc=com" adding new entry "cn=pulse,ou=Group,dc=abc,dc=com" adding new entry "cn=gdm,ou=Group,dc=abc,dc=com" adding new entry "cn=gnome-initial-setup,ou=Group,dc=abc,dc=com" adding new entry "cn=sshd,ou=Group,dc=abc,dc=com" adding new entry "cn=avahi,ou=Group,dc=abc,dc=com" adding new entry "cn=slocate,ou=Group,dc=abc,dc=com" adding new entry "cn=postdrop,ou=Group,dc=abc,dc=com" adding new entry "cn=postfix,ou=Group,dc=abc,dc=com" adding new entry "cn=ntp,ou=Group,dc=abc,dc=com" adding new entry "cn=stapusr,ou=Group,dc=abc,dc=com" adding new entry "cn=stapsys,ou=Group,dc=abc,dc=com" adding new entry "cn=stapdev,ou=Group,dc=abc,dc=com" adding new entry "cn=tcpdump,ou=Group,dc=abc,dc=com" adding new entry "cn=fwj,ou=Group,dc=abc,dc=com" adding new entry "cn=apache,ou=Group,dc=abc,dc=com" adding new entry "cn=ldap,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser1,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser2,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser3,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser4,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser5,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser6,ou=Group,dc=abc,dc=com"
配置 nfs
1.安装nfs
yum -y install nfs-utils
2.配置nfs
[root@server ~]# cat /etc/exports /home/ldapuser 172.10.100.0/24(rw,sync)
启动服务
[root@server ~]# systemctl start nfs-server.service
打开挂载nfs
[root@adsl-172-10-100-129 home]# exportfs -rv exporting *:/home/ldapuser
查看端口
[root@server ~]# ss -ant| grep 389 LISTEN 0 128 *:389 *:* LISTEN 0 128 :::389 :::* [root@server ~]# ss -ant| grep 2049 LISTEN 0 64 *:2049 *:* LISTEN 0 64 :::2049 :::*
设置为开机启动
[root@server ~]# systemctl enable nfs-server.service
配置日志
配置日志
编辑rsyslog配置文件:
vi /etc/rsyslog.conf
加上一行:
local4.* /var/log/ldap.log
然后
touch /var/log/ldap.log
重启rsyslog:
systemctl restart rsyslog.service
如果slapd启动出问题,可查看/var/log/messages文件,比如:
systemctl status slapd.service -l tail -f /var/log/messages
服务器配置到此结束。
客户端配置
配置LDAP客户端
1.绑定 hosts
[root@client ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.10.100.129 abc.com
2.安装LDAP认证相关软件包
yum -y install sssd-ldap nss-pam-ldapd
3.开启LDAP,终端执行命令authconfig-tui,按TAB键选择 LDAP,然后切换到NEXT
然后配置服务端信息,填写dc信息和服务器信息
客户端测试登陆lduser1
[root@client /]# su - lduser1 su: warning: cannot change directory to /home/ldapuser/lduser1: No such file or directory -bash-4.2$ -bash-4.2$
ok的,然后解决下bash-4.2找不到环境变量的问题,直接将远程的目录通过nfs挂载过来
[root@client /]# mkdir -p /home/ldapuser [root@client /]# mount -t nfs 172.10.100.120:/home/ldapuser/ /home/ldapuser/ [root@client /]# cd /home/ldapuser/ [root@client ldapuser]# ls lduser1 lduser2 lduser3 lduser4 lduser5 lduser6 [root@client ldapuser]# su - lduser1 Last login: Sat May 20 23:11:00 EDT 2017 on pts/0 [lduser1@client ~]$ [lduser1@client ~]$ [lduser1@client ~]$
配置自动挂载
安装autofs
[root@client ~]# yum -y install autofs
编辑
[root@client ~]# vim /etc/auto.master /home/ /etc/auto.nfs
拷贝文件并修改文件
[root@client ~]# cp /etc/auto.misc /etc/auto.nfs [root@client ~]# vim /etc/auto.nfs
增加
ldapuser -fstype=nfs 172.10.100.120:/home/ldapuser/
设置为开机启动
systemctl start autofs systemctl enable autofs
测试
[root@client home]# ls [root@client home]# [root@client home]# cd ldapuser [root@client ldapuser]# ls lduser1 lduser2 lduser3 lduser4 lduser5 lduser6 [root@client ldapuser]#
这样当你每次切换目录都会自动挂载
[root@client home]# su - lduser1 Last login: Sat May 20 23:12:22 EDT 2017 on pts/0 [lduser1@client ~]$ [lduser1@client ~]$ [lduser1@client ~]$ ls [lduser1@client ~]$ cd /home/ [lduser1@client home]$ ls ldapuser [lduser1@client home]$ cd ldapuser/ [lduser1@client ldapuser]$ ls lduser1 lduser2 lduser3 lduser4 lduser5 lduser6 [lduser1@client ldapuser]$
故障处理
发现无法切换到服务器的用户,查看日志
[root@client ~]# tail -n 20 -f /var/log/messages May 20 22:39:36 client nslcd[2266]: [4a3fe6] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:39:36 client nslcd[2266]: [4ef005] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:39:36 client nslcd[2266]: [4ef005] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:40:02 client systemd: Started Session 2 of user root. May 20 22:40:02 client systemd: Starting Session 2 of user root. May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> failed to bind to LDAP server ldap://abc.com: Can't contact LDAP server: Transport endpoint is not connected May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:40:02 client nslcd[2266]: [9bb77c] <group/member="root"> no available LDAP server found: Server is unavailable May 20 22:40:02 client nslcd[2266]: [9bb77c] <group/member="root"> no available LDAP server found: Server is unavailable May 20 22:40:02 client nslcd[2266]: [5ac794] <group/member="gdm"> no available LDAP server found: Server is unavailable May 20 22:40:02 client nslcd[2266]: [5ac794] <group/member="gdm"> no available LDAP server found: Server is unavailable
发现客户端 Telnet 服务22端口是可以的,但是389端口不行
[root@client ~]# telnet 172.10.100.129 22 Trying 172.10.100.129... Connected to 172.10.100.129. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1 ^C Connection closed by foreign host. [root@client ~]# [root@client ~]# telnet 172.10.100.129 389 Trying 172.10.100.129... telnet: connect to address 172.10.100.129: No route to host
服务器上 telnet 389是可以的
[root@server slapd.d]# ss -ant State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:20048 *:* LISTEN 0 64 *:45649 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:45311 *:* LISTEN 0 64 *:2049 *:* LISTEN 0 128 *:389 *:* LISTEN 0 128 *:933 *:* ESTAB 0 0 172.10.100.129:22 192.168.50.86:54266 LISTEN 0 128 :::39343 :::* LISTEN 0 128 :::111 :::* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::20048 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 64 :::43488 :::* LISTEN 0 64 :::2049 :::* LISTEN 0 128 :::389 :::* [root@server slapd.d]# telnet 127.0.0.1 389 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
以上这个问题一直没弄好,我重新换了个全新的系统重新来做的。
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- 使用微服务构建云Web服务
- 微服务架构有毒,何时不使用微服务?
- Web服务 – 使用Lisp的Web服务
- 从0开始学微服务:如何使用服务路由?
- 使用Knative提供无服务器服务的简单案例
- Angular7创建项目、组件、服务以及服务的使用
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Java Web整合开发王者归来
刘京华 / 清华大学 / 2010-1 / 99.80元
《Java Web整合开发王者归来(JSP+Servlet+Struts+Hibernate+Spring)》全面介绍了Java Web开发中的各种相关技术及知识。全书分为9篇,内容层次清晰,难度循序渐进。第1篇为入门篇,内容包括Java Web开发概述等;第2篇为基础篇,内容包括Servlet技术、JSP技术、会话跟踪、过滤器Filter、监听器Listener等;第3篇为高级篇,内容包括JST......一起来看看 《Java Web整合开发王者归来》 这本书的介绍吧!
