超详细centos7搭建配置openldap以及常见问题

2019-06-1410:44:01已关闭评论 194

本章主要介绍openldap支持TLS证书配置

1.配置TLS

vim tls.ldif
# create new
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/ldapcert.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.key
-
replace: olcTLSVerifyClient
olcTLSVerifyClient: never

TLSVerifyClient：设置是否验证 client 的身份，其值可以是 never / allow / try / demand

never：不需要验证 client 端的身份，Client 端只需要有 CA 证书就可以了
allow：Server 会要求 client 提供证书，如果 client 端没有提供证书，会话会正常进行
try：Client 端提供了证书，但是 Server 端有可能不能校验这个证书，这个证书会被忽略，会话正常进行
demand：Server 端需要认证 client 端的身份，Client 端需要有自己的证书和私钥


[root@base ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f tls.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

vim tls.ldif

# create new

dn: cn=config

changetype: modify

replace: olcTLSCACertificateFile

olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem

replace: olcTLSCertificateFile

olcTLSCertificateFile: /etc/openldap/certs/ldapcert.pem

replace: olcTLSCertificateKeyFile

olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.key

replace: olcTLSVerifyClient

olcTLSVerifyClient: never

TLSVerifyClient：设置是否验证 client 的身份，其值可以是 never / allow / try / demand

never：不需要验证 client 端的身份，Client 端只需要有 CA 证书就可以了

allow：Server 会要求 client 提供证书，如果 client 端没有提供证书，会话会正常进行

try：Client 端提供了证书，但是 Server 端有可能不能校验这个证书，这个证书会被忽略，会话正常进行

demand：Server 端需要认证 client 端的身份，Client 端需要有自己的证书和私钥

[root@base ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f tls.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "cn=config"

2.配置ldap开启ssl

[root@base ~]# vim /etc/sysconfig/slapd
SLAPD_URLS="ldapi:/// ldap:/// ldaps:///"
systemctl restart slapd
[root@base ~]# netstat -tulnp |grep 636
#出现slapd说明ldap启动成功
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      3064/slapd          
tcp6       0      0 :::636                  :::*                    LISTEN      3064/slapd

[root@base ~]# vim /etc/sysconfig/slapd

SLAPD_URLS="ldapi:/// ldap:/// ldaps:///"

systemctl restart slapd

[root@base ~]# netstat -tulnp |grep 636

#出现slapd说明ldap启动成功

tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 3064/slapd

tcp6 0 0 :::636 :::* LISTEN 3064/slapd

3.验证当前套接字能否通过CA验证

[root@base ~]# openssl s_client -connect 127.0.0.1:636 -showcerts -state -CAfile /etc/openldap/certs/cacert.pem

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = CN, ST = Zhejiang, L = Hangzhou, O = ldap, OU = IT, CN = ldap, emailAddress = admin@ldap.com
verify return:1
depth=0 C = CN, ST = Zhejiang, O = ldap, OU = IT, CN = www.myldap.com, emailAddress = admin@myldap.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=CN/ST=Zhejiang/O=ldap/OU=IT/CN=www.myldap.com/emailAddress=admin@myldap.com
   i:/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com
-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjER
MA8GA1UECAwIWmhlamlhbmcxETAPBgNVBAcMCEhhbmd6aG91MQ0wCwYDVQQKDARs
ZGFwMQswCQYDVQQLDAJJVDENMAsGA1UEAwwEbGRhcDEdMBsGCSqGSIb3DQEJARYO
YWRtaW5AbGRhcC5jb20wHhcNMTkwNTE1MDc1MzA0WhcNMjkwNTEyMDc1MzA0WjB2
MQswCQYDVQQGEwJDTjERMA8GA1UECAwIWmhlamlhbmcxDTALBgNVBAoMBGxkYXAx
CzAJBgNVBAsMAklUMRcwFQYDVQQDDA53d3cubXlsZGFwLmNvbTEfMB0GCSqGSIb3
DQEJARYQYWRtaW5AbXlsZGFwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBANpop+0xr2YAnDrd4aBf28GBrnSEqldIVtTo4VCgpcxmUc4XYJE6yrQG
MqfCWatuAUBMIJNMZRsFxCdnV5+z+YEIqF4eMBLLEJ2wRqHStiQgX7651Iy+hxIE
C8F1mTo3PVdWkpSPBU7vd4zJu0l7mmADCIDuFTHAlrX2oe/jpJdiG+XGDBol9qR+
AH1ib1IYo8XngeNHI1/wDe8+FXj6Niwl+r7ozbnCk9tPP74LnabhcbRWTzWo9X2B
hGzFobODcRk+5qhnHR1OUqubeeJfap+iOiFCDhg4bXxA2//fwq9Au3X/AOEaqSFy
qXGmz99AScy3aWZB8k7A9U1L71dj93kCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg
hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFC6zD84/eUJClnck56TdGU/TYOkfMB8GA1UdIwQYMBaAFEQyBbIZqgnOgKJF
/eg8FU0knzHTMA0GCSqGSIb3DQEBCwUAA4IBAQAVuqoGeDYze4EFu4sL+4Ohe35R
OnMI9eJ23eY6+VjrQlpE7nRIm3GpSOdn3re7UZ+gRXIB/Ny815KlhbgixwHT/1/e
6MpJ7QT9Co1TdhWvWJoxv2pPRksyz2gKu/NOUAJsZ8/U2lW3P538rZCOnBEyrDpC
b/BpBZJ2BtryOAKpNH8jE9n/HZlGGxHozj7LyV3EEMe128llhfUFKAP18/gBhvzj
jYsH94tLSzCyylLbxSR6VVWBQmnqcmYgK+euNMOqKfQUFKSlZ8JmTNRXcUCNI85h
t2nfQv9FL2hKEbl5bGVKjIznRKMbxD56B7RFW6qOQY7IDEklOpmuMX4v9NGc
-----END CERTIFICATE-----
1 s:/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com
   i:/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com
-----BEGIN CERTIFICATE-----
MIIDzTCCArWgAwIBAgIJAKdgI0BjB7rKMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8GA1UEBwwISGFuZ3pob3UxDTAL
BgNVBAoMBGxkYXAxCzAJBgNVBAsMAklUMQ0wCwYDVQQDDARsZGFwMR0wGwYJKoZI
hvcNAQkBFg5hZG1pbkBsZGFwLmNvbTAeFw0xOTA1MTUwNzQ4MTlaFw0yOTA1MTIw
NzQ4MTlaMH0xCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8GA1UE
BwwISGFuZ3pob3UxDTALBgNVBAoMBGxkYXAxCzAJBgNVBAsMAklUMQ0wCwYDVQQD
DARsZGFwMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBsZGFwLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJjC+kxqa93FqXkYMrkWejH4AIcONy2qWkK4
m56Ft8ixXzauNCUSlhBYxQlY3rxaKYXdqz3k12cZZEfmC5ghy5olEM8rLCWv0y9i
LifaWYeX3zjP40V8Q5SO6PeVSNdxAksBsyZzK5oWDFO42RfuqGrnNgLMZuibsCAJ
YJOi+KqD9y/+CpDXgWNfFfuX/V9ZQeeRA/ByVMjQhIIlhbBIl6bLEEvinmOmE8za
zcUgxlQBwCxscrdtsPAhoyZhZ8iPsvR9YdraApBQjpSBOAsd9+vLPtW9nsoUlo4p
R5tMX0kKdOCufcR1XHflDEd73DnbIx7vofuaTP4wC5dLQcBNfq8CAwEAAaNQME4w
HQYDVR0OBBYEFEQyBbIZqgnOgKJF/eg8FU0knzHTMB8GA1UdIwQYMBaAFEQyBbIZ
qgnOgKJF/eg8FU0knzHTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
ADFGqKnN/1bY3nGB6psjwI8j7QcrcacG/0l5pWDmqRqPdxGPhnpZ/fPPFH0xnRWU
QUL9pYH3ifnmklYr/D1HFKdEOjoCGqMjEdl3UQ5Txwfns6Ak529/UNrrH4xKRK1I
IiH7IIes7R+P9ZSjF4FEvTVKxJTqAy+nO133LF5GN5zq18kklcRA0An3yfR5lwS7
6PGxiaIR5rYoH3y8NhAtQLuC7O/f0Ky2OyycnFYhwXckIQ6Xbd6rLrfLzWBMKBxw
npkok2xMWK0/DPxP7YD9HOA+p9NxJ+LPCo6x4rFb2KyOBvEVTlNkSDHn17PiVshu
/BtvhgCnflDNEDpkl/j829E=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CN/ST=Zhejiang/O=ldap/OU=IT/CN=www.myldap.com/emailAddress=admin@myldap.com
issuer=/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com
---
No client certificate CA names sent
---
SSL handshake has read 2298 bytes and written 565 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: DF4890F67DEDB2E6C3C8D8C4E0F4943C68594AE9D3831CC90B7D84C920330A92
    Session-ID-ctx:
    Master-Key: A32FB5E7417A4A9CA800E815ADEB8FCB38AEF60578E9D42095A95C0F62EEBC959DB267780D27AEA974215070B2ED8434
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - db a9 31 63 cd 7b 16 78-6f fd ba 9e d9 a6 9c 0d   ..1c.{.xo.......
    0010 - 48 7f ba 67 77 40 76 11-d9 94 de 90 be b1 c2 06   H..gw@v.........
    0020 - 10 4c e1 35 9d 45 12 ce-10 08 cd e0 be b0 9d 4a   .L.5.E.........J
    0030 - 21 f1 14 db 32 50 15 f6-78 86 5c a2 1c 75 fb 78   !...2P..x.\..u.x
    0040 - ad 80 e4 c0 45 5f f9 06-07 be 0a 86 7d 2a 33 a8   ....E_......}*3.
    0050 - c7 a7 56 0b 5a 18 ce e6-9d 46 c5 1d 92 d6 0f 39   ..V.Z....F.....9
    0060 - e5 87 39 b2 a2 07 71 75-46 5f 13 22 48 85 45 a9   ..9...quF_."H.E.
    0070 - 2a 35 0f 9d cd bd 5a e3-04 ae 8c 80 38 62 a1 fc   *5....Z.....8b..
    0080 - 8a 8f b4 eb 9b 62 aa 75-aa c6 f7 2d da ef 25 3f   .....b.u...-..%?
    0090 - 35 1e 53 eb 44 f3 80 11-65 38 29 56 1b 4a 0d 5e   5.S.D...e8)V.J.^

    Start Time: 1557910357
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

100

101

102

103

104

105

106

107

108

109

110

111

[root@base ~]# openssl s_client -connect 127.0.0.1:636 -showcerts -state -CAfile /etc/openldap/certs/cacert.pem

CONNECTED(00000003)

SSL_connect:before/connect initialization

SSL_connect:SSLv2/v3 write client hello A

SSL_connect:SSLv3 read server hello A

depth=1 C = CN, ST = Zhejiang, L = Hangzhou, O = ldap, OU = IT, CN = ldap, emailAddress = admin@ldap.com

verify return:1

depth=0 C = CN, ST = Zhejiang, O = ldap, OU = IT, CN = www.myldap.com, emailAddress = admin@myldap.com

verify return:1

SSL_connect:SSLv3 read server certificate A

SSL_connect:SSLv3 read server done A

SSL_connect:SSLv3 write client key exchange A

SSL_connect:SSLv3 write change cipher spec A

SSL_connect:SSLv3 write finished A

SSL_connect:SSLv3 flush data

SSL_connect:SSLv3 read server session ticket A

SSL_connect:SSLv3 read finished A

---

Certificate chain

0 s:/C=CN/ST=Zhejiang/O=ldap/OU=IT/CN=www.myldap.com/emailAddress=admin@myldap.com

i:/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com

-----BEGIN CERTIFICATE-----

MIID6TCCAtGgAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjER

MA8GA1UECAwIWmhlamlhbmcxETAPBgNVBAcMCEhhbmd6aG91MQ0wCwYDVQQKDARs

ZGFwMQswCQYDVQQLDAJJVDENMAsGA1UEAwwEbGRhcDEdMBsGCSqGSIb3DQEJARYO

YWRtaW5AbGRhcC5jb20wHhcNMTkwNTE1MDc1MzA0WhcNMjkwNTEyMDc1MzA0WjB2

MQswCQYDVQQGEwJDTjERMA8GA1UECAwIWmhlamlhbmcxDTALBgNVBAoMBGxkYXAx

CzAJBgNVBAsMAklUMRcwFQYDVQQDDA53d3cubXlsZGFwLmNvbTEfMB0GCSqGSIb3

DQEJARYQYWRtaW5AbXlsZGFwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC

AQoCggEBANpop+0xr2YAnDrd4aBf28GBrnSEqldIVtTo4VCgpcxmUc4XYJE6yrQG

MqfCWatuAUBMIJNMZRsFxCdnV5+z+YEIqF4eMBLLEJ2wRqHStiQgX7651Iy+hxIE

C8F1mTo3PVdWkpSPBU7vd4zJu0l7mmADCIDuFTHAlrX2oe/jpJdiG+XGDBol9qR+

AH1ib1IYo8XngeNHI1/wDe8+FXj6Niwl+r7ozbnCk9tPP74LnabhcbRWTzWo9X2B

hGzFobODcRk+5qhnHR1OUqubeeJfap+iOiFCDhg4bXxA2//fwq9Au3X/AOEaqSFy

qXGmz99AScy3aWZB8k7A9U1L71dj93kCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg

hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O

BBYEFC6zD84/eUJClnck56TdGU/TYOkfMB8GA1UdIwQYMBaAFEQyBbIZqgnOgKJF

/eg8FU0knzHTMA0GCSqGSIb3DQEBCwUAA4IBAQAVuqoGeDYze4EFu4sL+4Ohe35R

OnMI9eJ23eY6+VjrQlpE7nRIm3GpSOdn3re7UZ+gRXIB/Ny815KlhbgixwHT/1/e

6MpJ7QT9Co1TdhWvWJoxv2pPRksyz2gKu/NOUAJsZ8/U2lW3P538rZCOnBEyrDpC

b/BpBZJ2BtryOAKpNH8jE9n/HZlGGxHozj7LyV3EEMe128llhfUFKAP18/gBhvzj

jYsH94tLSzCyylLbxSR6VVWBQmnqcmYgK+euNMOqKfQUFKSlZ8JmTNRXcUCNI85h

t2nfQv9FL2hKEbl5bGVKjIznRKMbxD56B7RFW6qOQY7IDEklOpmuMX4v9NGc

-----END CERTIFICATE-----

1 s:/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com

i:/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com

-----BEGIN CERTIFICATE-----

MIIDzTCCArWgAwIBAgIJAKdgI0BjB7rKMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV

BAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8GA1UEBwwISGFuZ3pob3UxDTAL

BgNVBAoMBGxkYXAxCzAJBgNVBAsMAklUMQ0wCwYDVQQDDARsZGFwMR0wGwYJKoZI

hvcNAQkBFg5hZG1pbkBsZGFwLmNvbTAeFw0xOTA1MTUwNzQ4MTlaFw0yOTA1MTIw

NzQ4MTlaMH0xCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8GA1UE

BwwISGFuZ3pob3UxDTALBgNVBAoMBGxkYXAxCzAJBgNVBAsMAklUMQ0wCwYDVQQD

DARsZGFwMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBsZGFwLmNvbTCCASIwDQYJKoZI

hvcNAQEBBQADggEPADCCAQoCggEBAJjC+kxqa93FqXkYMrkWejH4AIcONy2qWkK4

m56Ft8ixXzauNCUSlhBYxQlY3rxaKYXdqz3k12cZZEfmC5ghy5olEM8rLCWv0y9i

LifaWYeX3zjP40V8Q5SO6PeVSNdxAksBsyZzK5oWDFO42RfuqGrnNgLMZuibsCAJ

YJOi+KqD9y/+CpDXgWNfFfuX/V9ZQeeRA/ByVMjQhIIlhbBIl6bLEEvinmOmE8za

zcUgxlQBwCxscrdtsPAhoyZhZ8iPsvR9YdraApBQjpSBOAsd9+vLPtW9nsoUlo4p

R5tMX0kKdOCufcR1XHflDEd73DnbIx7vofuaTP4wC5dLQcBNfq8CAwEAAaNQME4w

HQYDVR0OBBYEFEQyBbIZqgnOgKJF/eg8FU0knzHTMB8GA1UdIwQYMBaAFEQyBbIZ

qgnOgKJF/eg8FU0knzHTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB

ADFGqKnN/1bY3nGB6psjwI8j7QcrcacG/0l5pWDmqRqPdxGPhnpZ/fPPFH0xnRWU

QUL9pYH3ifnmklYr/D1HFKdEOjoCGqMjEdl3UQ5Txwfns6Ak529/UNrrH4xKRK1I

IiH7IIes7R+P9ZSjF4FEvTVKxJTqAy+nO133LF5GN5zq18kklcRA0An3yfR5lwS7

6PGxiaIR5rYoH3y8NhAtQLuC7O/f0Ky2OyycnFYhwXckIQ6Xbd6rLrfLzWBMKBxw

npkok2xMWK0/DPxP7YD9HOA+p9NxJ+LPCo6x4rFb2KyOBvEVTlNkSDHn17PiVshu

/BtvhgCnflDNEDpkl/j829E=

-----END CERTIFICATE-----

---

Server certificate

subject=/C=CN/ST=Zhejiang/O=ldap/OU=IT/CN=www.myldap.com/emailAddress=admin@myldap.com

issuer=/C=CN/ST=Zhejiang/L=Hangzhou/O=ldap/OU=IT/CN=ldap/emailAddress=admin@ldap.com

---

No client certificate CA names sent

---

SSL handshake has read 2298 bytes and written 565 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : AES256-GCM-SHA384

Session-ID: DF4890F67DEDB2E6C3C8D8C4E0F4943C68594AE9D3831CC90B7D84C920330A92

Session-ID-ctx:

Master-Key: A32FB5E7417A4A9CA800E815ADEB8FCB38AEF60578E9D42095A95C0F62EEBC959DB267780D27AEA974215070B2ED8434

Key-Arg : None

Krb5 Principal: None

PSK identity: None

PSK identity hint: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - db a9 31 63 cd 7b 16 78-6f fd ba 9e d9 a6 9c 0d ..1c.{.xo.......

0010 - 48 7f ba 67 77 40 76 11-d9 94 de 90 be b1 c2 06 H..gw@v.........

0020 - 10 4c e1 35 9d 45 12 ce-10 08 cd e0 be b0 9d 4a .L.5.E.........J

0030 - 21 f1 14 db 32 50 15 f6-78 86 5c a2 1c 75 fb 78 !...2P..x.\..u.x

0040 - ad 80 e4 c0 45 5f f9 06-07 be 0a 86 7d 2a 33 a8 ....E_......}*3.

0050 - c7 a7 56 0b 5a 18 ce e6-9d 46 c5 1d 92 d6 0f 39 ..V.Z....F.....9

0060 - e5 87 39 b2 a2 07 71 75-46 5f 13 22 48 85 45 a9 ..9...quF_."H.E.

0070 - 2a 35 0f 9d cd bd 5a e3-04 ae 8c 80 38 62 a1 fc *5....Z.....8b..

0080 - 8a 8f b4 eb 9b 62 aa 75-aa c6 f7 2d da ef 25 3f .....b.u...-..%?

0090 - 35 1e 53 eb 44 f3 80 11-65 38 29 56 1b 4a 0d 5e 5.S.D...e8)V.J.^

Start Time: 1557910357

Timeout : 300 (sec)

Verify return code: 0 (ok)

---

至此，Openldap服务配置完成，如配置过程中出现问题可在文章下方提问。后续将会介绍openldap集成WEB管理以及linux集成openldap认证等相关内容

登录 找回密码

登录找回密码