http://www.unixmen.com/openldap-installation-configuration-ubuntu-12-1013-0413-10-debian-67-2/
OpenLDAP Installation and Configuration in Ubuntu 12.10 Server / Debian 6
OpenLDAP is a free open source Light Weight Directory Access protocol developed by the OpenLDAP project. It is a platform independent protocol, so that it runs on all Linux/Unix like systems, Windows, AIX, Solaris and Android.
In this tutorial i am gonna to show you how to install and configure OpenLDAP server in Ubuntu 12.10 server. Though it is tested on Ubuntu 12.10, it may work on Debian too. In this how-to my testbox details are given below.
Operating System : Ubuntu 12.10 Server Hostname : server.unixmen.com IP Address : 192.168.1.200
Replace the above values with your own scenario.
Install OpenLDAP in Ubuntu 12.10 server
unixmen@server:~$ sudo apt-get install slapd ldap-utils
During the installtion it will ask the password for LDAP admin account. Enter your admin password here.
Re-enter the password.
Configure OpenLDAP
Open the “/etc/ldap/ldap.conf” file and find and edit the lines as shown below with your domain name and IP Address.
unixmen@server:~$ sudo vi /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=unixmen,dc=com URI ldap://192.168.1.200 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never # TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Run the Configuration assistant.
unixmen@server:~$ sudo dpkg-reconfigure slapd
The following screen should appear. Select “No” and press Enter.
Enter the DNS domain name.
Enter the Organization name(i.e your company name).
Enter the LDAP admin password which you created in the earlier step.
Re-enter the password.
Select the backend database.
Select Yes to delete the database automatically when we are planning to remove LDAP server.
.
Select Yes to move old database.
Select No and Press Enter.
LDAP server is up and running now.
Test LDAP server
Enter the following command “ldapsearch -x”, then you will have the following result.
unixmen@server:~$ ldapsearch -x # extended LDIF # # LDAPv3 # base <dc=unixmen,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # unixmen.com dn: dc=unixmen,dc=com objectClass: top objectClass: dcObject objectClass: organization o: unixmen dc: unixmen # admin, unixmen.com dn: cn=admin,dc=unixmen,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
LDAP Server Administration
Administration of LDAP server in command mode is quite difficult, so that here i have used a easier GUI administration tool called “phpldapadmin”.
Install phpldapadmin
unixmen@server:~$ sudo apt-get install phpldapadmin
Create a symbolic link for phpldapadmin directory.
unixmen@server:~$ sudo ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin
Now open the “/etc/phpldapadmin/config.php” file and replace the domain names with your own values. Goto “Define LDAP Servers” section in the config file and edit the following lines as shown below.
unixmen@server:~$ sudo vi /etc/phpldapadmin/config.php
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','Unixmen LDAP Server');
$servers->setValue('server','host','192.168.1.200');
$servers->setValue('server','base',array('dc=unixmen,dc=com'));
$servers->setValue('login','bind_id','cn=admin,dc=unixmen,dc=com');
Restart the apache service.
unixmen@server:~$ sudo /etc/init.d/apache2 restart
Make sure that you have opened apache server port “80” and LDAP default port “389” in your firewall/router configuration.
unixmen@server:~$ sudo ufw allow 80 Rules updated Rules updated (v6) unixmen@server:~$ sudo ufw allow 389 Rules updated Rules updated (v6)
Now point your web browser with “http://192.168.1.200/phpldapadmin”. The following screen should appear.
Click “login” on the left pane and make sure the domain details are correct and enter ldap admin password which you have created in the previous steps and press “Authenticate”.
Now the main console screen of phpldapadmin will open. You can see the LDAP domain “unixmen.com” will be found there. Here you can add objects such as Organizational Unit, Users and groups etc.
Sample Configuration
Lets create some sample objects using phpldapadmin interface and check them whether they are presented in the LDAP server configuration.
Click on the “+” sign near the line “dc=unixmen” and click “Create new entry here” link.
Select “Generic-Organizational Unit” and enter the name of the Organizational unit(Ex.sales) and Click “Create Object”.
Click “Commit”.
Now the newly created OU will be found under the main ldap domain.
Click on the sales ou tree on the left pane and click on “Create a child entry”.
Select “Generic:Address book entry”. Enter firstname as “senthil”, last name as “kumar” and Common name(cn) as “senthil kumar” and click “Create Object”.
Click “Commit”.
Now the newly created user “senthil kumar” will be found under “sales” ou.
Also you can verify using the command “ldapsearch -x”.
unixmen@server:~$ ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=unixmen,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# unixmen.com
dn: dc=unixmen,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen
# admin, unixmen.com
dn: cn=admin,dc=unixmen,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# sales, unixmen.com
dn: ou=sales,dc=unixmen,dc=com
objectClass: organizationalUnit
objectClass: top
ou: sales
# senthil kumar, sales, unixmen.com
dn: cn=senthil kumar,ou=sales,dc=unixmen,dc=com
cn: senthil kumar
givenName: senthil
sn: kumar
objectClass: inetOrgPerson
objectClass: top
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4
相关推荐
1. **编辑配置文件**:编辑`/usr/local/openldap/etc/openldap/slapd.conf`文件。 - 包含schema文件:在配置文件中添加其他schema文件,例如: ```bash include /usr/local/openldap/etc/openldap/schema/core....
首先,需要编辑 /usr/local/openldap/etc/openldap/slapd.conf 文件,指定数据库类型为 BerkeleyDB,并设置根目录和管理员账户。 ``` database bdb suffix "dc=my-domain,dc=com" rootdn "cn=admin,dc=my-domain,dc...
### OpenLDAP在Ubuntu中的安装与部署详尽指南 OpenLDAP是一种开源的轻量级目录访问协议(Lightweight Directory Access Protocol, LDAP)服务器实现,广泛应用于企业级应用中进行用户管理和认证服务。本文将深入...
下面我们将详细探讨如何在Windows系统上安装和配置OpenLDAP,以及如何利用JNDI(Java Naming and Directory Interface)进行访问。 首先,我们需要了解OpenLDAP的基本架构。OpenLDAP基于客户端-服务器模式,它提供...
在Debian或Ubuntu系统中,可以执行以下命令: ```bash sudo apt-get install slapd ldap-utils libldap2-dev libssl-dev libdb5.3-dev libpam0g-dev libxslt1-dev ``` 在CentOS或Fedora系统中,使用: ```bash ...
配置文件通常位于 `/etc/ldap/slapd.conf` 或 `/etc/openldap/slapd.d/`(取决于你的发行版)。 4. **初始化数据库**:运行`sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d`来转换配置文件,并用`...
sudo slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d sudo systemctl start slapd sudo systemctl enable slapd ``` 4. 创建管理员用户(cn=admin,dc=example,dc=com)和默认域(dc=example,dc=...
对于Red Hat系列的系统,可以使用`yum install`或`dnf install`命令,对于Debian/Ubuntu系列,可以使用`apt-get install`命令来安装这些依赖。 2. **下载源码**: 访问OpenLDAP官方网站或者通过Git获取源码,下载...
6. **认证与授权**:讲解如何设置用户认证机制,如简单绑定、SASL(Simple Authentication and Security Layer)绑定,以及基于角色的访问控制(RBAC)。 7. **OpenLDAP复制与同步**:介绍多服务器部署时的复制策略...
OpenLDAP安装配置文档 配置OpenLDAP服务器 关闭防火墙或清空防火墙规则 一、 安装 二、 配置 三、 迁移密码和shadow信息 配置OpenLDAP客户端 OpenLDAP客户端sudo提权设定
1. 打开 D:/openldap/slapd.conf,找到 ucdata-path ./ucdatainclude ./schema/core.schema,在它后面添加: include ./schema/cosine.schema include ./schema/inetorgperson.schema 这三个 schema 是我们后续...
在IT行业中,OpenLDAP是一个广泛使用的开源轻量级目录访问协议(LDAP)服务器,用于存储和管理用户身份信息。Java作为一个强大的编程语言,提供了多种方式与OpenLDAP进行交互,实现对用户数据的操作,如增加、删除、...
- `/etc/openldap/slapd.d/*`: 此目录下的文件是根据 `/etc/openldap/slapd.conf` 配置信息生成的, 每次修改配置后都需要重新生成。 - `/etc/openldap/schema/*`: OpenLDAP 的 schema 存放位置。 - `/var/lib/...
- 初始化数据库并设置权限:`sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/local/openldap/etc/schema/core.ldif` 和 `sudo chown -R openldap:openldap /var/lib/ldap/`。 **4. 配置OpenLDAP服务器** - 创建...
6. **启动与配置服务**:配置`slapd`服务,编辑`/etc/ldap/slapd.conf`(或`/etc/openldap/slapd.conf`,取决于你的系统)。设置管理员密码,定义数据目录,以及其他的配置选项。 7. **启动与测试**:启动`slapd`...
在Linux系统中,OpenLDAP(Open Source Lightweight Directory Access Protocol)是一种强大的目录服务,常用于管理用户、组和其他系统资源。本教程将深入探讨如何利用OpenLDAP来管理Linux用户和组,以及实施密码...
The development of OpenLDAP's MDB library represents a significant advancement in database technology, particularly for applications requiring high performance and efficiency. By addressing the ...
6. 初始化目录:`sudo slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d` 7. 启动服务:`sudo systemctl start slapd` 8. 设置开机启动:`sudo systemctl enable slapd` 在安装过程中,可能还需要...
6. **配置认证和授权**:为了使其他应用能够利用OpenLDAP进行身份验证,需要配置相应的认证机制,如SSO(单点登录)和PAM(Pluggable Authentication Modules)。 7. **使用Web界面**:描述中提到的“带浏览器”,...