一。介绍
2.2 X.500是一个协议族
dc=foobar,dc=com
ou=customers
ou=northamerica
ou=southamerica
ou=asia
ou=europe
ou=employees
ou=group
ou=projects
ou=accounting
ou=resource
ou=service
个别项
对象类型
LDAP目录结构示意图
二安装 LDAP
openldap-clients-2.3.27-5.i386.rpm:客户端操作的相关程序。
openldap-devel-2.3.27-5.i386.rpm:开发包。
测试服务
启动的是slapd进程,并有一个提示信息,提示没有DB_CONFIG文件。可通过以下命令将DB_CONFIG文件复制到/var/lib/ldap/目录中
# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
三.搭建ldap服务
tony@tonybox:~#ls -l /etc/ldap/
total 16
-rw-r--r-- 1 root root 333 2006-06-19 17:56 ldap.conf
drwxr-xr-x 2 root root 4096 2006-12-29 11:33 schema
-rw------- 1 root root 4351 2006-12-29 11:33 slapd.conf
$ ls /etc/ldap/schema/ -l
3.2 启动与停止 服务启动
total 208
-rw-r--r-- 1 root root 8231 2006-11-11 05:39 corba.schema
-rw-r--r-- 1 root root 20591 2006-11-11 05:39 core.ldif
-rw-r--r-- 1 root root 19762 2006-11-11 05:39 core.schema
-rw-r--r-- 1 root root 74080 2006-11-11 05:39 cosine.schema
-rw-r--r-- 1 root root 1553 2006-11-11 05:39 dyngroup.schema
-rw-r--r-- 1 root root 6360 2006-11-11 05:39 inetorgperson.schema
-rw-r--r-- 1 root root 13984 2006-11-11 05:39 java.schema
-rw-r--r-- 1 root root 2471 2006-11-11 05:39 misc.schema
-rw-r--r-- 1 root root 7723 2006-11-11 05:39 nis.schema
-rw-r--r-- 1 root root 3391 2006-11-11 05:39 openldap.ldif
-rw-r--r-- 1 root root 1601 2006-11-11 05:39 openldap.schema
-rw-r--r-- 1 root root 19689 2006-11-11 05:39 ppolicy.schema
-rw-r--r-- 1 root root 2968 2006-11-11 05:39 README
# ps aux |grep slapd
openldap 6406 0.0 0.2 14608 2764 ? Ssl 13:27 0:00 /usr/sbin/slapd -g openldap -u openldap
tony 6417 0.0 0.0 4892 752 pts/1 R+ 13:28 0:00 grep slapd
3.3 配制
database bdb #设置使用的资料库
suffix "dc=debsir,dc=org" #设置目录后缀
rootdn "cn=admin,dc=debsir,dc=org" #设置目录管理员
directory "/var/lib/ldap" #设置数据库路径
rootpw secret #设置管理密码
$ slappasswd -h {MD5}
New password:
Re-enter new password:
{MD5}4QrcOUm6Wau+VuBX8g+IPg==
rootpw {MD5}4QrcOUm6Wau+VuBX8g+IPg==
# sudo /etc/init.d/slapd restsart
四。测试环境
# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
$ ldapsearch -x -b dc=debsir,dc=org
五导入数据
ldapadd 在线添加 (openldap服务开启)
BASE dc=example, dc=com #设置目录起点
交互方式:在命令提示符下:ldapadd –x –D “cn=root,dc=pip.com” –W
dn:dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o:example Inc
dc:example
dn:cn=root,dc=example,dc=com
objectClass: organizationalRole
cn:root
dn:ou=it,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou:it
dn:ou=hr,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou:it
objectClass: organizationalUnit
objectClass: top
ou:it
或:ldapsearch –x –D “cn=root,dc=example,dc=com” -W
修改LDAP数据库中的数据:
Ldapmodify –x –D “cn=root,dc=example,dc=com” –W
3.4 客户端配置文档
BASE dc=it, dc=com #设置目录起点
3.5 数据录入 定义一个组织单元
URI ldap://localhost ldap://localhost:666
创建用户
dn: ou=people,dc=debsir,dc=org
objectClass: organizationalUnit
ou: people
dn: cn=tony,ou=people,
dc=example,dc=com
objectClass: inetOrgPerson
objectClass: top
cn: tony
sn: an
givenName: an
displayName: Tony an
mail: etony@tom.com
postalCode: 330005
telephoneNumber: 12345678
mobile: 12345678912
homePhone: 9999999
title: System Administrator
postalAddress: Guiyang, China
3. 将信息添加到数据库
# ldapadd -x -D "cn=root,dc=example,dc=com" -W -f group.ldif
Enter LDAP Password:
adding new entry "ou=people,dc=example,dc=com
"
#ldapadd -x -D "cn=root,dc=example,dc=com" -W -f
person.ldif
Enter LDAP Password:
adding new entry "cn=tony,ou=people,dc=example,dc=com
"
4.查看
# ldapsearch -x -b cn=tony,ou=people,dc=example,dc=com
# extended LDIF
#
# LDAPv3
# base <cn=tony,ou=people,dc=example,dc=com
> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# tony, people, debsir.org
dn: cn=tony,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
3.6 权限定义
objectClass: top
cn: tony
sn: an
givenName: an
displayName: Tony an
mail: etony@tom.com
postalCode: 330005
telephoneNumber: 12345678
mobile: 12345678912
homePhone: 9999999
title: System Administrator
postalAddress: Guiyang, China
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=example,dc=com
" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=example,dc=com
" write
3.7 常用操作 修改密码
by * read
# ldappasswd -x -v -S -W -D cn=admin,dc=example,dc=com
cn=tony,ou=people,
dc=example,dc=com
New password:
Re-enter new password:
Enter LDAP Password:
ldap_initialize( <DEFAULT> )
Result: Success (0)
ldapdelete -x -v -W -D cn=admin,dc=example,dc=com
cn=tony,ou=people,
dc=example,dc=com
修改对象
# ldapmodify -x -D cn=admin,dc=example,dc=com
-W -f person.ldif
Enter LDAP Password:
modifying entry "cn=tony,ou=people,dc=example,dc=com
"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
添加帐号测试:
ldapsearch -x -b “dc=example,dc=com”
转载请注明:爱开源 » openldap系列1-安装