1.安装
检查ldap是否安装完整
[root@casrbac ~]# rpm -qa |grep ldap
openldap-devel-2.3.43-12.el5_6.7
openldap-servers-2.3.43-12.el5_6.7
openldap-servers-sql-2.3.43-12.el5_6.7
python-ldap-2.2.0-2.1
nss_ldap-253-5.el5
openldap-2.3.43-12.el5_6.7
ldapjdk-4.18-2jpp.3.el5
openldap-clients-2.3.43-12.el5_6.7
| compat-openldap-2.3.43_2.2.29-12.el5_6.7 |
| [root@casrbac ~]#yum install ldapjdk-4.18-2jpp.3.el5 |
[root@casrbac ~]#
| rpm -ivh openldap-servers-2.3.27-8.i386.rpm |
安装完毕后,在/etc/openldap下有一个slapd.conf的配置文件,修改如下例所示
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/eduperson.schema
include /etc/openldap/schema/xjtuldapres.schema
---此处添加完后需要将添加的schema文件复制到/etc/openldap/schema文件夹下
# Allow LDAPv2 client connections. This is NOT the default.
…….
….
….
….
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by * read
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=e-u,dc=cn" -----------此处按配置需要修改
rootdn "cn=e-uadmin,dc=e-u,dc=cn" -----------此处按配置需要修改
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw test ------------设置密码
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
cachesize 5000
checkpoint 1024 5
#index objectClass,uid,uidNumber,gidNumber,memberUid eq
index objectClass eq
index uidNumber,gidNumber,memberUid eq
#index uniqueMember eq
index uid eq,sub
index cn,mail,surname,givenname eq,subinitial,subany
index ou eq
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:3 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
| # authcId=host/ldap-master.example.com@EXAMPLE.COM |
修改完毕后保存,启动服务
[root@thor root] service ldap start
3.连接
在windows操作系统中可使用JXplorer工具进行ldap的连接,安装jxplorer后登陆设置如下
1.点击连接
2.输入登录信息
登陆信息参考slapd.conf文件配置:
登陆成功后显示
4.导入文档
1.创建编辑test.ldif如下
dn: ou=groups,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: groups
dn: ou=people,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: people
dn: uid=admin,ou=people,dc=e-u,dc=cn
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: eduPerson
objectClass: xjtueduPerson
objectClass: uidObject
cn: admin
displayName:: 5pWZ5Yqh566h55CG5ZGY
mail: admin@e-u.cn
sn: admin
uid: admin
userPassword:: MTExMTEx
xjtuAccountcreatdate: 20100414031502Z
xjtuAccountdisabled: FALSE
xjtuAccountexpiringdate: 29981231160000Z
xjtuAccountisadmin: FALSE
xjtuAccountlastlogindate: 29981231160000Z
xjtuAccountlocked: FALSE
| xjtuCreator: uid=testroot1,ou=people,dc=e-u,dc=cn |
选择test.ldif打开,左边显示输入树
5.文档的导出
点击LDIF—输出子树
点击确定
填写文件名,保存
点击打开test.ldif文件查看
DN: dc=e-u,dc=cn
objectClass: dcObject
objectClass: organization
dc: e-u
o: e-u
DN: ou=groups,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: groups
DN: ou=people,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: people
DN: uid=admin,ou=people,dc=e-u,dc=cn
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: eduPerson
objectClass: xjtueduPerson
objectClass: uidObject
cn: admin
displayName:: 5pWZ5Yqh566h55CG5ZGY
mail: admin@e-u.cn
sn: admin
uid: admin
userPassword:: YWRtaW4=
xjtuAccountcreatdate: 20100414031502Z
xjtuAccountdisabled: FALSE
xjtuAccountexpiringdate: 29981231160000Z
xjtuAccountisadmin: FALSE
xjtuAccountlastlogindate: 29981231160000Z
xjtuAccountlocked: FALSE
| xjtuCreator: uid=testroot1,ou=people,dc=e-u,dc=cn |
检查树中是否已经存在重复信息,如已经存在,则删除红色部分内容。
Windows下安装LDAP
6.安装
下载安装程序openldap-for-windows.msi 双击打开
NEXT---设置安装文件目录-----一路NEXT后安装成功
7.配置
打开安装目录openldap下slapd.conf文件
# BDB Backend configuration file
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/nis.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/dyngroup.schema
……
….
..
.
database bdb
suffix "dc=e-u,dc=cn" -----------此处按配置需要修改
rootdn "cn=e-uadmin,dc=e-u,dc=cn" -----------此处按配置需要修改
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}5a+wimiffOV2dx+o7GBl2ncsLfc1ySFF ------------设置密码
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
| index cn |
8.连接
使用JXplorer工具进行ldap的连接,安装jxplorer后登陆设置如下
1.点击连接
2.输入登录信息
登陆信息参考slapd.conf文件配置:
登陆成功后显示
9.导入文档
1.创建编辑test.ldif如下
DN: dc=e-u,dc=cn
objectClass: dcObject
objectClass: organization
dc: e-u
o: e-u
DN: ou=groups,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: groups
DN: ou=people,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: people
DN: uid=admin,ou=people,dc=e-u,dc=cn
objectClass: inetOrgPerson
cn: admin
labeledURI: http://asd.e-u.cn
mail: admin@e-u.cn
sn: admin
uid: admin
| userPassword:: MTIzNDY1 |
2.点击LDIF—输入文档
选择test.ldif打开,左边显示输入树
10.文档的导出
点击LDIF—输出子树
点击确定
填写文件名,保存
点击打开test.ldif文件查看
DN: dc=e-u,dc=cn
objectClass: dcObject
objectClass: organization
dc: e-u
o: e-u
DN: ou=groups,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: groups
DN: ou=people,dc=e-u,dc=cn
objectClass: organizationalUnit
objectClass: top
ou: people
DN: uid=admin,ou=people,dc=e-u,dc=cn
objectClass: inetOrgPerson
cn: admin
labeledURI: http://asd.e-u.cn
mail: admin@e-u.cn
sn: admin
uid: admin
| userPassword:: MTIzNDY1 |
常见问题
11.问题一:
[root@station3 /]# service ldap start
/var/lib/ldap/id2entry.bdb is not owned by "ldap" [警告]
/var/lib/ldap/__db.002 is not owned by "ldap" [警告]
/var/lib/ldap/__db.001 is not owned by "ldap" [警告]
/var/lib/ldap/dn2id.bdb is not owned by "ldap" [警告]
/var/lib/ldap/__db.005 is not owned by "ldap" [警告]
/var/lib/ldap/__db.006 is not owned by "ldap" [警告]
/var/lib/ldap/__db.003 is not owned by "ldap" [警告]
/var/lib/ldap/__db.004 is not owned by "ldap" [警告] |
[root@station3 /]# cd /var/lib/ldap #########进入目录下
[root@station3 ldap]# chown ldap:ldap *
[root@station3 /]#service ldap start
正在检查 slapd 的配置文件: config file testing succeeded [确定]
启动 slapd: [确定] |
12.问题二:
[root@station3 ldap]# service ldap start
正在检查 slapd 的配置文件: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=my-domain,dc=com.
config file testing succeeded
[确定]
启动 slapd: [确定] |
[root@station3 ldap]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@station3 ldap]# service ldap start
正在检查 slapd 的配置文件: config file testing succeeded [确定]
启动 slapd: [确定]
项目域名类似下例子时 用jxplorer无法直接导入文档
database bdb
suffix "dc=xjtu,dc=edu,dc=cn"
rootdn "cn=xjtuadmin,dc=xjtu,dc=edu,dc=cn"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
| rootpw test |
将*.ldif文件放在/etc/openldap/schema下,执行命令导入文档之前先关闭ldap
[root@168xjtu2 schema]# service ldap stop
停止 slapd£º [确定]
[root@168xjtu2 schema]#slapadd
| –v –l *.ldif ########导入文档 |
