Toggle navigation
Home
安装部署
Archives
Tags
Nifi+OpenLDAP安装配置
2019-05-06 06:51:53
98
0
0
louyj
# Build openLDAP You can obtain a copy of the software by following the instructions on the OpenLDAP Software download page (http://www.openldap.org/software/download/). It is recommended that new users start with the latest release. gunzip -c openldap-VERSION.tgz | tar xvfB - ./configure --prefix=/home/mingjue/openldap2446 make depend make make install make test mkdir /home/mingjue/openldap2446/openldap-data #Edit the configuration file. Use your favorite editor to edit the provided slapd.ldif example (usually installed as /home/mingjue/openldap2446/etc/openldap/slapd.ldif) to contain a MDB database definition of the form: dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb OlcDbMaxSize: 1073741824 olcSuffix: dc=mingjue,dc=com olcRootDN: cn=Manager,dc=mingjue,dc=com olcRootPW: secret olcDbDirectory: /home/mingjue/openldap2446/openldap-data olcDbIndex: objectClass eq #Import the configuration database You are now ready to import your configration database for use by slapd(8), by running the command: ./sbin/slapadd -n 0 -F ./etc/slapd.d -l ./etc/openldap/slapd.ldif #Start SLAPD. You are now ready to start the Standalone LDAP Daemon, slapd(8), by running the command: sudo ./libexec/slapd -F etc/slapd.d start with debug mode sudo ./libexec/slapd -d 1 -F etc/slapd.d/ check to see if the server is running and configured correctly, you can run a search against it with ldapsearch(1). ./bin/ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts #Add initial entries to your directory. Use your favorite editor and create an LDIF file that contains: dn: dc=mingjue,dc=com objectclass: dcObject objectclass: organization o: mingjue company dc: mingjue dn: cn=Manager,dc=mingjue,dc=com objectclass: organizationalRole cn: Manager Now, you may run ldapadd(1) to insert these entries into your directory. ./bin/ldapadd -x -D "cn=Manager,dc=mingjue,dc=com" -W -f init.ldif See if it works. ./bin/ldapsearch -x -b 'dc=mingjue,dc=com' '(objectclass=*)' #Add extra schema vi /home/mingjue/openldap2446/etc/openldap/slapd.conf #add include /home/mingjue/openldap2446/etc/openldap/schema/cosine.schema include /home/mingjue/openldap2446/etc/openldap/schema/inetorgperson.schema restart openldap #Add nifi account vi user.ldif # LDAP default admin user dn: cn=admin,dc=mingjue,dc=com objectclass:top objectclass:person cn: admin sn: admin userPassword:Mingjueinfo2015 # entry for the user container dn: ou=people,dc=mingjue,dc=com objectclass:top objectclass:organizationalUnit ou: people # entry for Nifi user dn:uid=mjdev,ou=people,dc=mingjue,dc=com objectclass:top objectclass:person objectclass:organizationalPerson objectclass:inetOrgPerson cn:User sn:User uid:user userPassword:Mingjueinfo2015 ./bin/ldapadd -x -D "cn=Manager,dc=mingjue,dc=com" -W -f user.ldif #configure nifi 生成Keystore keytool -genkey -keyalg RSA -alias nifi -keystore keystore.jks -keypass [password] -storepass [password] -validity 365 -keysize 4096 -dname "CN=[hostname], OU=nifi" 生成PKCS12文件以及对应的Truststore https://www.jianshu.com/p/393724f02dd5 keytool -genkey -keyalg RSA -alias client -keystore client_keystore.jks -keypass password -storepass password -validity 365 -keysize 4096 -dname "CN=user, OU=nifi" keytool -importkeystore -srckeystore client_keystore.jks -destkeystore client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass [client_password] -destkeypass [client_password] -srcalias client -destalias client keytool -export -keystore client_keystore.jks -alias client -file client.der -storepass password keytool -import -file client.der -alias client -keystore truststore.jks -storepass [truststore_password] -noprompt wget https://archive.apache.org/dist/nifi/1.8.0/nifi-toolkit-1.8.0-bin.tar.gz bin/tls-toolkit.sh standalone -n "172.31.2.171" -C "CN=admin, OU=admin" -o target vi nifi.properties nifi.web.http.port:去除原来的8080,使该行变为nifi.web.http.port=,防止用户从非加密的http端口访问 nifi.web.https.host:设为运行Nifi的主机名字,例如host-01 nifi.web.https.port:我们用8443作为https端口 nifi.security.keystore:keystore的路径,例如/opt/nifi/secrets/keystore.jks nifi.security.keystoreType:设为JKS nifi.security.keystorePasswd:keystore的密码。 nifi.security.truststore:truststore的路径,例如/opt/nifi/secrets/truststore.jks nifi.security.truststoreType:设为JKS nifi.security.truststorePasswd:truststore的密码。 nifi.remote.input.secure:设为true,使得Nifi之间的Site-to-Site通信也用加密的方式。
Pre:
Flink kubernates部署
Next:
kubernetes部署
0
likes
98
Weibo
Wechat
Tencent Weibo
QQ Zone
RenRen
Submit
Sign in
to leave a comment.
No Leanote account?
Sign up now.
0
comments
More...
Table of content
No Leanote account? Sign up now.