前提
关闭2台机器的 selinux 和防火墙
systemctl stop firewalld.service
setenforce 0
[root@server ~]# sed -i s/^SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
安装
yum install openldap openldap-clients openldap-servers migrationtools
配置文件
cd /etc/openldap/slapd.d
拷贝配置文件到 home 目录
cp /usr/share/openldap-servers/slapd.ldif /home/
修改 dc=my-doamin 为你的域名
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none
设置一个密码
[root@server home]# slappasswd
New password:
Re-enter new password:
{SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
把密码加入到配置文件
olcRootDN: cn=Manager,dc=abc,dc=com
olcRootPW: {SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
#增加一行PW:后注意是 tab 键盘 不要留空格
增加内容
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/ppolicy.ldif
include: file:///etc/openldap/schema/collective.ldif
我这边得到的结果是,注意删除重复的,否则后面会报49错误
[root@server /]# cat /home/slapd.ldif
#
# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
#
# TLS settings
#
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: "OpenLDAP Server"
olcTLSCertificateKeyFile: /etc/openldap/certs/password
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#
#olcReferral: ldap://root.openldap.org
#
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 64-bit encryption for simple bind
#
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
#
# Load dynamic backend modules:
# - modulepath is architecture dependent value (32/64-bit system)
# - back_sql.la backend requires openldap-servers-sql package
# - dyngroup.la and dynlist.la cannot be used at the same time
#
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
#olcModulepath: /usr/lib/openldap
#olcModulepath: /usr/lib64/openldap
#olcModuleload: accesslog.la
#olcModuleload: auditlog.la
#olcModuleload: back_dnssrv.la
#olcModuleload: back_ldap.la
#olcModuleload: back_mdb.la
#olcModuleload: back_meta.la
#olcModuleload: back_null.la
#olcModuleload: back_passwd.la
#olcModuleload: back_relay.la
#olcModuleload: back_shell.la
#olcModuleload: back_sock.la
#olcModuleload: collect.la
#olcModuleload: constraint.la
#olcModuleload: dds.la
#olcModuleload: deref.la
#olcModuleload: dyngroup.la
#olcModuleload: dynlist.la
#olcModuleload: memberof.la
#olcModuleload: pcache.la
#olcModuleload: ppolicy.la
#olcModuleload: refint.la
#olcModuleload: retcode.la
#olcModuleload: rwm.la
#olcModuleload: seqmod.la
#olcModuleload: smbk5pwd.la
#olcModuleload: sssvlv.la
#olcModuleload: syncprov.la
#olcModuleload: translucent.la
#olcModuleload: unique.la
#olcModuleload: valsort.la
#
# Schema settings
#
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/ppolicy.ldif
include: file:///etc/openldap/schema/collective.ldif
#
# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
#
# Sample global access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#
#
# Configuration database
#
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" manage by * none
#
# Server status monitoring
#
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none
#
# Backend database definitions
#
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcSuffix: dc=abc,dc=com
olcRootDN: cn=Manager,dc=abc,dc=com
olcRootPW: {SSHA}eO9asOoLigAQEaoCkAT+yG2A6B7+c5l5
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
olcDbIndex: uidNumber,gidNumber,loginShell eq,pres
olcDbIndex: uid,memberUid eq,pres,sub
olcDbIndex: nisMapName,nisMapEntry eq,pres,sub
删除原有的配置
[root@server ~]# rm -rf /etc/openldap/slapd.d/*
将 home 目录的slapd.ldif 加载进配置文件目录中
[root@server home]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif
591fd54d str2entry: entry -1 has no dn
slapadd: could not parse entry (line=724)
_################### 99.70% eta none elapsed none spd 3.3 M/s
Closing DB...
上面这个是提示有错误的,正确的应该是下面这样
[root@server ~]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif
_#################### 100.00% eta none elapsed none fast!
Closing DB...
- -l:说明了包含要增加的条目的文本格式的LDIF输入文件
- -f:说明了slapd配置文件的格式。该配置文件说明了在何处创建索引,以及创建什么索引等等
- -n:说明修改那一个数据库的可选参数
测试文件是否正确
[root@server home]# slaptest -u -F /etc/openldap/slapd.d/
config file testing succeeded
若正确则提示:
config file testing succeeded
修改配置文件的所有者,否则无法读取这些配置:
chown -Rv ldap.ldap /etc/openldap/slapd.d
如下
[root@server slapd.d]# chown -Rv ldap.ldap /etc/openldap/slapd.d/
changed ownership of ‘/etc/openldap/slapd.d/cn=config.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}collective.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config’ from root:root to ldap:ldap
ownership of ‘/etc/openldap/slapd.d/’ retained as ldap:ldap
确认下所有者和所属组
[root@server slapd.d]# ll
total 4
drwxr-x--- 3 ldap ldap 45 May 20 13:34 cn=config
-rw------- 1 ldap ldap 589 May 20 13:34 cn=config.ldif
创建数据库配置文件
[root@server slapd.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@server slapd.d]# chown -Rv ldap.ldap /var/lib/ldap/DB_CONFIG
changed ownership of ‘/var/lib/ldap/DB_CONFIG’ from root:root to ldap:ldap
启动服务
[root@server ~]# systemctl start slapd.service
[root@server ~]# systemctl status slapd.service
[root@server ~]# systemctl enable slapd.service
创建多个用户
[root@server ~]# ./create_user.sh
mkdir: created directory ‘/home/ldapuser’
Changing password for user lduser1.
passwd: all authentication tokens updated successfully.
Changing password for user lduser2.
passwd: all authentication tokens updated successfully.
Changing password for user lduser3.
passwd: all authentication tokens updated successfully.
Changing password for user lduser4.
passwd: all authentication tokens updated successfully.
Changing password for user lduser5.
passwd: all authentication tokens updated successfully.
Changing password for user lduser6.
passwd: all authentication tokens updated successfully.
附脚本内容
[root@server ~]# cat create_user.sh
#!/bin/bash
USER_LIST=ldapuser.txt
HOME_ldap=/home/ldapuser
mkdir -pv $HOME_ldap
for USERID in `awk '{print $1}' $USER_LIST`; do
USERNAME="`grep "$USERID" $USER_LIST | awk '{print $2}'`"
HOMEDIR=${HOME_ldap}/${USERNAME}
useradd $USERNAME -u $USERID -d $HOMEDIR
grep "$USERID" $USER_LIST | awk '{print $3}' | passwd --stdin $USERNAME
done
[root@server ~]# cat ldapuser.txt
5000 lduser1 123456
5001 lduser2 123456
5002 lduser3 123456
5003 lduser4 123456
5004 lduser5 123456
5005 lduser6 123456
[root@server ~]#
修改/usr/share/migrationtools/migrate_common.ph
文件
vim /usr/share/migrationtools/migrate_common.ph
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "abc.com";
# Default base
$DEFAULT_BASE = "dc=abc,dc=com";
创建基本的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_base.pl > /root/base.ldif
创建用户的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_passwd.pl /etc/passwd /root/user.ldif
编辑vim /root/user.ldif,只留下LDAP用户的相关信息,删掉其他用户信息(不删也没事)。
user.ldif中所有的DN都是属于People这个OU,而People这个OU是在base.ldif中定义的。
user.ldif中所有的DN都是继承自以下4个类:
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
其中posixAccount和shadowAccount提供了uidNumber、gidNumber、homeDirectory、loginShell、userPassword这些属性
创建组数据库信息
[root@server ~]# /usr/share/migrationtools/migrate_group.pl /etc/group /root/group.ldif
编辑group.ldif,只留LDAP用户相关的组的信息,删掉其他用户信息(不删也没事)。
user.ldif中所有的DN都是属于Group这个OU,而Group这个OU是在base.ldif中定义的。
使用 ldapadd 导入数据库
在ldappadd命令中常用的选项如下:
-x:进行简单认证。
-D:用来绑定服务器的dn。
-h:目录服务的地址。
-w:绑定dn的密码。
-f:使用LDIF文件进行条目添加的文件。
[root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f user.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
49 是语法错误,检查配置文件
正常的是如下
[root@adsl-172-10-100-129 ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif
Enter LDAP Password:
adding new entry "dc=abc,dc=com"
adding new entry "ou=Hosts,dc=abc,dc=com"
adding new entry "ou=Rpc,dc=abc,dc=com"
adding new entry "ou=Services,dc=abc,dc=com"
adding new entry "nisMapName=netgroup.byuser,dc=abc,dc=com"
adding new entry "ou=Mounts,dc=abc,dc=com"
adding new entry "ou=Networks,dc=abc,dc=com"
adding new entry "ou=People,dc=abc,dc=com"
adding new entry "ou=Group,dc=abc,dc=com"
adding new entry "ou=Netgroup,dc=abc,dc=com"
adding new entry "ou=Protocols,dc=abc,dc=com"
adding new entry "ou=Aliases,dc=abc,dc=com"
adding new entry "nisMapName=netgroup.byhost,dc=abc,dc=com"
[root@adsl-172-10-100-129 ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif
Enter LDAP Password:
adding new entry "cn=root,ou=Group,dc=abc,dc=com"
adding new entry "cn=bin,ou=Group,dc=abc,dc=com"
adding new entry "cn=daemon,ou=Group,dc=abc,dc=com"
adding new entry "cn=sys,ou=Group,dc=abc,dc=com"
adding new entry "cn=adm,ou=Group,dc=abc,dc=com"
adding new entry "cn=tty,ou=Group,dc=abc,dc=com"
adding new entry "cn=disk,ou=Group,dc=abc,dc=com"
adding new entry "cn=lp,ou=Group,dc=abc,dc=com"
adding new entry "cn=mem,ou=Group,dc=abc,dc=com"
adding new entry "cn=kmem,ou=Group,dc=abc,dc=com"
adding new entry "cn=wheel,ou=Group,dc=abc,dc=com"
adding new entry "cn=cdrom,ou=Group,dc=abc,dc=com"
adding new entry "cn=mail,ou=Group,dc=abc,dc=com"
adding new entry "cn=man,ou=Group,dc=abc,dc=com"
adding new entry "cn=dialout,ou=Group,dc=abc,dc=com"
adding new entry "cn=floppy,ou=Group,dc=abc,dc=com"
adding new entry "cn=games,ou=Group,dc=abc,dc=com"
adding new entry "cn=tape,ou=Group,dc=abc,dc=com"
adding new entry "cn=video,ou=Group,dc=abc,dc=com"
adding new entry "cn=ftp,ou=Group,dc=abc,dc=com"
adding new entry "cn=lock,ou=Group,dc=abc,dc=com"
adding new entry "cn=audio,ou=Group,dc=abc,dc=com"
adding new entry "cn=nobody,ou=Group,dc=abc,dc=com"
adding new entry "cn=users,ou=Group,dc=abc,dc=com"
adding new entry "cn=utmp,ou=Group,dc=abc,dc=com"
adding new entry "cn=utempter,ou=Group,dc=abc,dc=com"
adding new entry "cn=input,ou=Group,dc=abc,dc=com"
adding new entry "cn=systemd-journal,ou=Group,dc=abc,dc=com"
adding new entry "cn=systemd-bus-proxy,ou=Group,dc=abc,dc=com"
adding new entry "cn=systemd-network,ou=Group,dc=abc,dc=com"
adding new entry "cn=dbus,ou=Group,dc=abc,dc=com"
adding new entry "cn=polkitd,ou=Group,dc=abc,dc=com"
adding new entry "cn=abrt,ou=Group,dc=abc,dc=com"
adding new entry "cn=unbound,ou=Group,dc=abc,dc=com"
adding new entry "cn=tss,ou=Group,dc=abc,dc=com"
adding new entry "cn=libstoragemgmt,ou=Group,dc=abc,dc=com"
adding new entry "cn=rpc,ou=Group,dc=abc,dc=com"
adding new entry "cn=colord,ou=Group,dc=abc,dc=com"
adding new entry "cn=usbmuxd,ou=Group,dc=abc,dc=com"
adding new entry "cn=cgred,ou=Group,dc=abc,dc=com"
adding new entry "cn=dip,ou=Group,dc=abc,dc=com"
adding new entry "cn=ssh_keys,ou=Group,dc=abc,dc=com"
adding new entry "cn=saslauth,ou=Group,dc=abc,dc=com"
adding new entry "cn=geoclue,ou=Group,dc=abc,dc=com"
adding new entry "cn=libvirt,ou=Group,dc=abc,dc=com"
adding new entry "cn=rtkit,ou=Group,dc=abc,dc=com"
adding new entry "cn=radvd,ou=Group,dc=abc,dc=com"
adding new entry "cn=rpcuser,ou=Group,dc=abc,dc=com"
adding new entry "cn=nfsnobody,ou=Group,dc=abc,dc=com"
adding new entry "cn=kvm,ou=Group,dc=abc,dc=com"
adding new entry "cn=qemu,ou=Group,dc=abc,dc=com"
adding new entry "cn=chrony,ou=Group,dc=abc,dc=com"
adding new entry "cn=setroubleshoot,ou=Group,dc=abc,dc=com"
adding new entry "cn=pulse-access,ou=Group,dc=abc,dc=com"
adding new entry "cn=pulse-rt,ou=Group,dc=abc,dc=com"
adding new entry "cn=pulse,ou=Group,dc=abc,dc=com"
adding new entry "cn=gdm,ou=Group,dc=abc,dc=com"
adding new entry "cn=gnome-initial-setup,ou=Group,dc=abc,dc=com"
adding new entry "cn=sshd,ou=Group,dc=abc,dc=com"
adding new entry "cn=avahi,ou=Group,dc=abc,dc=com"
adding new entry "cn=slocate,ou=Group,dc=abc,dc=com"
adding new entry "cn=postdrop,ou=Group,dc=abc,dc=com"
adding new entry "cn=postfix,ou=Group,dc=abc,dc=com"
adding new entry "cn=ntp,ou=Group,dc=abc,dc=com"
adding new entry "cn=stapusr,ou=Group,dc=abc,dc=com"
adding new entry "cn=stapsys,ou=Group,dc=abc,dc=com"
adding new entry "cn=stapdev,ou=Group,dc=abc,dc=com"
adding new entry "cn=tcpdump,ou=Group,dc=abc,dc=com"
adding new entry "cn=fwj,ou=Group,dc=abc,dc=com"
adding new entry "cn=apache,ou=Group,dc=abc,dc=com"
adding new entry "cn=ldap,ou=Group,dc=abc,dc=com"
adding new entry "cn=lduser1,ou=Group,dc=abc,dc=com"
adding new entry "cn=lduser2,ou=Group,dc=abc,dc=com"
adding new entry "cn=lduser3,ou=Group,dc=abc,dc=com"
adding new entry "cn=lduser4,ou=Group,dc=abc,dc=com"
adding new entry "cn=lduser5,ou=Group,dc=abc,dc=com"
adding new entry "cn=lduser6,ou=Group,dc=abc,dc=com"
配置 nfs
1.安装nfs
yum -y install nfs-utils
2.配置nfs
[root@server ~]# cat /etc/exports
/home/ldapuser 172.10.100.0/24(rw,sync)
启动服务
[root@server ~]# systemctl start nfs-server.service
打开挂载nfs
[root@adsl-172-10-100-129 home]# exportfs -rv
exporting *:/home/ldapuser
查看端口
[root@server ~]# ss -ant| grep 389
LISTEN 0 128 *:389 *:*
LISTEN 0 128 :::389 :::*
[root@server ~]# ss -ant| grep 2049
LISTEN 0 64 *:2049 *:*
LISTEN 0 64 :::2049 :::*
设置为开机启动
[root@server ~]# systemctl enable nfs-server.service
配置日志
配置日志
编辑rsyslog配置文件:
vi /etc/rsyslog.conf
加上一行:
local4.* /var/log/ldap.log
然后
touch /var/log/ldap.log
重启rsyslog:
systemctl restart rsyslog.service
如果slapd启动出问题,可查看/var/log/messages文件,比如:
systemctl status slapd.service -l
tail -f /var/log/messages
服务器配置到此结束。
客户端配置
配置LDAP客户端
1.绑定 hosts
[root@client ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.10.100.129 abc.com
2.安装LDAP认证相关软件包
yum -y install sssd-ldap nss-pam-ldapd
3.开启LDAP,终端执行命令authconfig-tui,按TAB键选择 LDAP,然后切换到NEXT
然后配置服务端信息,填写dc信息和服务器信息
客户端测试登陆lduser1
[root@client /]# su - lduser1
su: warning: cannot change directory to /home/ldapuser/lduser1: No such file or directory
-bash-4.2$
-bash-4.2$
ok的,然后解决下bash-4.2找不到环境变量的问题,直接将远程的目录通过nfs挂载过来
[root@client /]# mkdir -p /home/ldapuser
[root@client /]# mount -t nfs 172.10.100.120:/home/ldapuser/ /home/ldapuser/
[root@client /]# cd /home/ldapuser/
[root@client ldapuser]# ls
lduser1 lduser2 lduser3 lduser4 lduser5 lduser6
[root@client ldapuser]# su - lduser1
Last login: Sat May 20 23:11:00 EDT 2017 on pts/0
[lduser1@client ~]$
[lduser1@client ~]$
[lduser1@client ~]$
配置自动挂载
安装autofs
[root@client ~]# yum -y install autofs
编辑
[root@client ~]# vim /etc/auto.master
/home/ /etc/auto.nfs
拷贝文件并修改文件
[root@client ~]# cp /etc/auto.misc /etc/auto.nfs
[root@client ~]# vim /etc/auto.nfs
增加
ldapuser -fstype=nfs 172.10.100.120:/home/ldapuser/
设置为开机启动
systemctl start autofs
systemctl enable autofs
测试
[root@client home]# ls
[root@client home]#
[root@client home]# cd ldapuser
[root@client ldapuser]# ls
lduser1 lduser2 lduser3 lduser4 lduser5 lduser6
[root@client ldapuser]#
这样当你每次切换目录都会自动挂载
[root@client home]# su - lduser1
Last login: Sat May 20 23:12:22 EDT 2017 on pts/0
[lduser1@client ~]$
[lduser1@client ~]$
[lduser1@client ~]$ ls
[lduser1@client ~]$ cd /home/
[lduser1@client home]$ ls
ldapuser
[lduser1@client home]$ cd ldapuser/
[lduser1@client ldapuser]$ ls
lduser1 lduser2 lduser3 lduser4 lduser5 lduser6
[lduser1@client ldapuser]$
故障处理
发现无法切换到服务器的用户,查看日志
[root@client ~]# tail -n 20 -f /var/log/messages
May 20 22:39:36 client nslcd[2266]: [4a3fe6] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected
May 20 22:39:36 client nslcd[2266]: [4ef005] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected
May 20 22:39:36 client nslcd[2266]: [4ef005] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected
May 20 22:40:02 client systemd: Started Session 2 of user root.
May 20 22:40:02 client systemd: Starting Session 2 of user root.
May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> failed to bind to LDAP server ldap://abc.com: Can't contact LDAP server: Transport endpoint is not connected
May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected
May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected
May 20 22:40:02 client nslcd[2266]: [9bb77c] <group/member="root"> no available LDAP server found: Server is unavailable
May 20 22:40:02 client nslcd[2266]: [9bb77c] <group/member="root"> no available LDAP server found: Server is unavailable
May 20 22:40:02 client nslcd[2266]: [5ac794] <group/member="gdm"> no available LDAP server found: Server is unavailable
May 20 22:40:02 client nslcd[2266]: [5ac794] <group/member="gdm"> no available LDAP server found: Server is unavailable
发现客户端 Telnet 服务22端口是可以的,但是389端口不行
[root@client ~]# telnet 172.10.100.129 22
Trying 172.10.100.129...
Connected to 172.10.100.129.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1
^C
Connection closed by foreign host.
[root@client ~]#
[root@client ~]# telnet 172.10.100.129 389
Trying 172.10.100.129...
telnet: connect to address 172.10.100.129: No route to host
服务器上 telnet 389是可以的
[root@server slapd.d]# ss -ant
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:20048 *:*
LISTEN 0 64 *:45649 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:45311 *:*
LISTEN 0 64 *:2049 *:*
LISTEN 0 128 *:389 *:*
LISTEN 0 128 *:933 *:*
ESTAB 0 0 172.10.100.129:22 192.168.50.86:54266
LISTEN 0 128 :::39343 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::20048 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 64 :::43488 :::*
LISTEN 0 64 :::2049 :::*
LISTEN 0 128 :::389 :::*
[root@server slapd.d]# telnet 127.0.0.1 389
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
以上这个问题一直没弄好,我重新换了个全新的系统重新来做的。