此脚本中只是负责实现了TLS加密配置部分,openLDAP的编译安装以及设置是前期已经配置好的!
具体的配置看上上篇文章openLDAP的编译安装以及配置。
注意slapd.conf中的配置,脚本中为【suffix "dc=mirage,dc=com" rootdn "
cn=AuthUsers,dc=mirage,dc=com"】
ldapTls.sh
代码在此不做太多的解释,配置文档看Openldap配置TLS加密传输(完整版——手动配置)
#!/bin/sh# description: SREVER LDAP TLS CONFIGURATIONRUN_PATH="/root/workspace/serldapTls"SERVERCERT_PATH="/usr/local/etc/openldap/certs/"SERVEROLDLDAP_PATH="/etc/openldap"SERVERLDAP_PATH="/usr/local/etc/openldap"cp $RUN_PATH/ldapsrv02.crt $RUN_PATH/ldapsrv02.key $SERVERCERT_PATHcp $RUN_PATH/CA.crt $SERVERCERT_PATH#配置ldap.conf 文件chown -R ldap:ldap $SERVERCERT_PATH;cp $SERVEROLDLDAP_PATH/ldap.conf $SERVERLDAP_PATHsed -i '/^TLS_CACERTDIR/{s/etc.*$/usr\/local\/etc\/openldap\/certs/g}' $SERVERLDAP_PATH/ldap.confcat $SERVERLDAP_PATH/ldap.conf|grep ^BASE && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a BASE dc=mirage,dc=com' $SERVERLDAP_PATH/ldap.conf;fiserverIp=`ifconfig eth0 | grep 'inet addr' | sed 's/^.*addr://g' | sed 's/Bcast.*$//g'`line=`sed -n '/^URI/=' $SERVERLDAP_PATH/ldap.conf`if [ $line ];thensed -i "$line d" $SERVERLDAP_PATH/ldap.confsed -i "$line iURI ldap://$serverIp" $SERVERLDAP_PATH/ldap.confelsesed -i "$a URI ldap://$serverIp" $SERVERLDAP_PATH/ldap.conffised -i 's/^SASL_NOCANON/#&/' $SERVERLDAP_PATH/ldap.conf#配置slapd.conf 文件cp $SERVERLDAP_PATH/slapd.conf.bak $SERVERLDAP_PATH/slapd.confcat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCACertificatePath && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCACertificatePath /usr/local/etc/openldap/certs' $SERVERLDAP_PATH/slapd.conf;ficat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCertificateFile && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCertificateFile /usr/local/etc/openldap/certs/ldapsrv02.crt' $SERVERLDAP_PATH/slapd.conf;ficat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCertificateKeyFile && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCertificateKeyFile /usr/local/etc/openldap/certs/ldapsrv02.key' $SERVERLDAP_PATH/slapd.conf;fi#修改库文件rm -rf $SERVERLDAP_PATH/slapd.d/*slaptest -f $SERVERLDAP_PATH/slapd.conf -F $SERVERLDAP_PATH/slapd.d/chown -R ldap:ldap $SERVERLDAP_PATH/slapd.d#配置监听的端口`killall slapd`/usr/local/libexec/slapd -h "ldap://$serverIp ldaps://$serverIp"`netstat -tunlp | grep slapd`
Openldap配置TLS加密传输(完整版——shell脚本实现[分别在客户端与服务器端执行脚本 实现TLS加密])