初试OpenLDAP

fox.tan

浏览: 63777 次
性别:
来自: 深圳

最近访客更多访客>>

ymitxiavj

Peak_

hxs15050576

thinking

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

LDAP

C C++C#脚本 Windows

由于工作需要，有机会尝试使用LDAP。下面就介绍一下OpenLDAP的安装配置过程。

第一步，查阅文档，下载安装文件

强烈推荐：http://www.zytrax.com/books/ldap。基本的安装配置看第4章http://www.zytrax.com/books/ldap/ch4/win2k.html#win2k足够了。

第二步，安装

http://www.zytrax.com/books/ldap/ch4/win2k.html#win2k上有详细的介绍，这里就不说了。

第三步，配置slapd.conf

首先备份原来的LDAP_HOME/slapd.conf文件, 简单的slapd.conf配置如下：

slapd.conf

##########################################
# 加载哪些 schemas 文件
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema

#########################################
# 下面这些都是默认的配置
# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile ./run/slapd.pid
argsfile ./run/slapd.args

# enable a lot of logging - we might need it
# but generates huge logs
loglevel -1

#######################################################################
# bdb database definitions
#
# replace example and com below with a suitable domain
#
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
# 这个是我们需要配置的。
suffix "dc=example, dc=com"

# 设置LDAP的超级用户密码,用户名admin，密码user@XX2
rootdn "cn=admin, dc=example, dc=com"
rootpw user@XX2
# The database directory MUST exist prior to running slapd AND
# change path as necessary
# LDAP数据保存的路径，自定义的example-com需自己创建。
directory ./data/example-com

#########################################
# 下面这些都是默认的配置
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber

# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15

第四步，配置ldif

首先解释一下LDAP中cn、ou、dc等词。 DC (Domain Component), OU (Organizational Unit) , CN (Common Name). 下面的脚本CN OU DC 各创建了一个。

example.ldif

## DEFINE DIT ROOT/BASE/SUFFIX ####
## uses RFC 2377 format
## replace example and com as necessary below
## or for experimentation leave as is

## dcObject is an AUXILLIARY objectclass and MUST
## have a STRUCTURAL objectclass (organization in this case)
# this is an ENTRY sequence and is preceded by a BLANK line
# 创建一个dc
dn: dc=example,dc=com
dc: example
description: My wonderful company as much text as you want to place
in this line up to 32K continuation data for the line above must
have <CR> or <CR><LF> i.e. ENTER works
on both Windows and *nix system - new line MUST begin with ONE SPACE
objectClass: dcObject
objectClass: organization
o: example, Inc.

## FIRST Level hierarchy - people
## uses mixed upper and lower case for objectclass
# this is an ENTRY sequence and is preceded by a BLANK line
# 创建一个ou
dn: ou=users, dc=example,dc=com
ou: users
description: All people in organisation
objectclass: organizationalunit

## 创建一个用户
dn: cn=QA5,ou=users,dc=example,dc=com
changetype: add
userPassword: a
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: qa5
cn: QA5

## 删除一个用户
dn: cn=QA3,ou=users,dc=example,dc=com
changetype: delete

如果只添加新用户，ldif文件如下：

example-2.ldif 写道

## 创建用户
dn: cn=QA1,ou=users,dc=example,dc=com
changetype: add
userPassword: a
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: qa1
cn: QA1

dn: cn=QA2,ou=users,dc=example,dc=com
changetype: add
userPassword: a
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: qa2
cn: QA2

dn: cn=QA3,ou=users,dc=example,dc=com
changetype: add
userPassword: a
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: qa3
cn: QA3

第五步，导入ldif脚本

首先需要启动OpenLDAP Service. 成功启动后再命令行中执行以下命令：

cd C:\Program Files\OpenLDAP
C:\Program Files\OpenLDAP>ldapadd -x -D "cn=admin, dc=example, dc=com" -f c:\temp\example.ldif -w user@XX2

创建用户

C:\Program Files\OpenLDAP>ldapadd -x -D "cn=admin, dc=example, dc=com" -f c:\temp\example-2.ldif -w user@XX2
adding new entry "cn=QA1,ou=users,dc=example,dc=com"
adding new entry "cn=QA2,ou=users,dc=example,dc=com"
adding new entry "cn=QA3,ou=users,dc=example,dc=com"

最后，LDAP的数据如下：