此腳本中只是負責實現了TLS加密配置部分，openLDAP的編譯安裝以及設置是前期已經配置好的！

具體的配置看上上篇文章openLDAP的編譯安裝以及配置。

注意slapd.conf中的配置,腳本中為【suffix "dc=mirage,dc=com"? ?rootdn? "

cn=AuthUsers,dc=mirage,dc=com"】

ldapTls.sh

代碼在此不做太多的解釋，配置文檔看Openldap配置TLS加密傳輸（完整版——手動配置）

代碼的下載：鏈接：https://pan.baidu.com/s/1Mr_g42QnAP0nO9ZOaifixA 密碼：kmlk

客戶端

注意事項： ?????腳本必須放在/root/workspace/clildapTls目錄下： ?????需要已經配置好的以下文件： ????????CA.crt ?CA.key ?clildapTls.sh ?index.txt openssl.cnf ?serial

代碼（clildapTls.sh）： #!/bin/sh# description: CLIENT LDAP TLS CONFIGURATION RUN_PATH="/root/workspace/clildapTls"CLICA_PATH="/etc/pki/CA"CLICAPRI_PATH="/etc/pki/CA/private"CLICATLS_PATH="/etc/pki/tls/"SERVERCERT_PATH="/usr/local/etc/openldap/certs/"SERVEROLDLDAP_PATH="/etc/openldap"SERVERLDAP_PATH="/usr/local/etc/openldap"cp $RUN_PATH/CA.key $CLICAPRI_PATHcp $RUN_PATH/CA.crt $CLICA_PATHcp $RUN_PATH/index.txt $CLICA_PATHcp $RUN_PATH/serial $CLICA_PATHcp $RUN_PATH/openssl.cnf $CLICA_PATHmkdir -p $SERVERCERT_PATHcp $RUN_PATH/CA.crt $SERVERCERT_PATHcp $RUN_PATH/CA.key $SERVERCERT_PATHcp $SERVEROLDLDAP_PATH/ldap.conf $SERVERLDAP_PATHsed -i '$a TLS_REQCERT allow' $SERVERLDAP_PATH/ldap.confsed -i '/^TLS_CACERTDIR/{s/etc.*$/usr\/local\/etc\/openldap\/certs/g}' $SERVERLDAP_PATH/ldap.confsed -i 's/^SASL_NOCANON/#&/' $SERVERLDAP_PATH/ldap.confcat $SERVERLDAP_PATH/ldap.conf|grep ^BASE && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a BASE dc=mirage,dc=com' $SERVERLDAP_PATH/ldap.conf;ficat $SERVERLDAP_PATH/ldap.conf|grep ^URI && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a URI ldaps://127.0.0.1/' $SERVERLDAP_PATH/ldap.conf;fi

服務器端

注意事項： ?????腳本必須放在/root/workspace/serldapTls目錄下： ?????需要已經配置好的以下文件： ?CA.crt ?ldapsrv02.crt ?ldapsrv02.key

代碼（serldapTls.sh）：

#!/bin/sh# description: SREVER LDAP TLS CONFIGURATIONRUN_PATH="/root/workspace/serldapTls"SERVERCERT_PATH="/usr/local/etc/openldap/certs/"SERVEROLDLDAP_PATH="/etc/openldap"SERVERLDAP_PATH="/usr/local/etc/openldap"cp $RUN_PATH/ldapsrv02.crt $RUN_PATH/ldapsrv02.key $SERVERCERT_PATHcp $RUN_PATH/CA.crt $SERVERCERT_PATH#配置ldap.conf 文件chown -R ldap:ldap $SERVERCERT_PATH;cp $SERVEROLDLDAP_PATH/ldap.conf $SERVERLDAP_PATHsed -i '/^TLS_CACERTDIR/{s/etc.*$/usr\/local\/etc\/openldap\/certs/g}' $SERVERLDAP_PATH/ldap.confcat $SERVERLDAP_PATH/ldap.conf|grep ^BASE && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a BASE dc=mirage,dc=com' $SERVERLDAP_PATH/ldap.conf;fiserverIp=`ifconfig eth0 | grep 'inet addr' | sed 's/^.*addr://g' | sed 's/Bcast.*$//g'`line=`sed -n '/^URI/=' $SERVERLDAP_PATH/ldap.conf`if [ $line ];thensed -i "$line d" $SERVERLDAP_PATH/ldap.confsed -i "$line iURI ldap://$serverIp" $SERVERLDAP_PATH/ldap.confelsesed -i "$a URI ldap://$serverIp" $SERVERLDAP_PATH/ldap.conffised -i 's/^SASL_NOCANON/#&/' $SERVERLDAP_PATH/ldap.conf#配置slapd.conf 文件cp $SERVERLDAP_PATH/slapd.conf.bak $SERVERLDAP_PATH/slapd.confcat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCACertificatePath && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCACertificatePath /usr/local/etc/openldap/certs' $SERVERLDAP_PATH/slapd.conf;ficat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCertificateFile && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCertificateFile /usr/local/etc/openldap/certs/ldapsrv02.crt' $SERVERLDAP_PATH/slapd.conf;ficat $SERVERLDAP_PATH/slapd.conf|grep ^TLSCertificateKeyFile && result=0||result=1;if [ "${result}" = 1 ];then sed -i '$a TLSCertificateKeyFile /usr/local/etc/openldap/certs/ldapsrv02.key' $SERVERLDAP_PATH/slapd.conf;fi#修改庫文件rm -rf $SERVERLDAP_PATH/slapd.d/*slaptest -f $SERVERLDAP_PATH/slapd.conf -F $SERVERLDAP_PATH/slapd.d/chown -R ldap:ldap $SERVERLDAP_PATH/slapd.d#配置監聽的端口`killall slapd`/usr/local/libexec/slapd -h "ldap://$serverIp ldaps://$serverIp"`netstat -tunlp | grep slapd`

總結

以上是生活随笔為你收集整理的Openldap配置TLS加密传输（完整版——shell脚本实现[分别在客户端与服务器端执行脚本，实现TLS加密]）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。