linux下ldap的安装

solaris版本下载地址：ftp://ftp.accessaxis.com/pub/Solaris/Network/Servers/DSEE.6.2.Solaris-Sparc-full.tar.gz

solaris版本安装参考：http://docs.oracle.com/cd/E19575-01/820-5986/ghgcy/index.html

http://www.derlediklerim.com/?p=6

 

linux版本下载地址：ftp://173.8.244.1/pub/DSEE.6.3.Linux-X86-full.tar.gz

 

可访问这个网址查看其他版本：http://proisk.ru/?q=DSEE

 

一、 解压缩

cd /ldap

gunzip DSEE.6.3.Linux-X86-full.tar.gz

tar -xvf DSEE.6.3.Linux-X86-full.tar

 

二、  安装
解压缩后，会得到三个文件夹分别是：DSEE_Directory_Editor， 

DSEE_Identity_Synchronization_for_Windows，DSEE_ZIP_Distribution,安装操作都在

DSEE_ZIP_Distribution中。

 

cd /ldap/DSEE_ZIP_Distribution

./dsee_deploy install -i /ldap/install

 

三、创建实例
mkdir /ldap/instance

cd /ldap/install/ds6/bin

./dsadm create -p 389 -P 636 /ldap/instance/instance1
 

四、启动实例
./dsadm start /ldap/instance/instance1

 

五、创建后缀

./dsconf create-suffix -h localhost -p 389 dc=zjtvu,dc=edu,dc=cn

 

六、这步可省略

启用后缀(同时允许主从复制)

(dsconf的参数详见http://docs.sun.com/app/docs/doc/820-2767/dsconf-1m?l=zh_TW&a=view)

./dsconf enable-repl -h localhost -p 389 consumer dc=zjtvu,dc=edu,dc=cn

启用后缀(同时允许主主复制)

./dsconf enable-repl -h localhost -p 389 -d 11 master dc=zjtvu,dc=edu,dc=cn

下面这句可以删除389端口上后缀dc=zjtvu,dc=edu,dc=cn上的复制设置:

./dsconf disable-repl -h localhost -p 389 dc=zjtvu,dc=edu,dc=cn

下面这句可以列出端口389上的详细情况:

./dsconf list-suffixes -p 389 -v

 

七、使用ldif文件导入数据

/ldap/install/ds6/bin/dsconf import -h  localhost -p 389 /backup.ldif dc=zjtvu,dc=edu,dc=cn

 

导出数据代码：

/ldap/install/ds6/bin/dsconf export -h localhost -p 389 -w /databak/pwd.txt dc=zju,dc=edu,dc=cn /databak/20110803.ldif

 

八、安装dscc（LDAP的管理界面）

拷贝/ldap/install/var/dscc6/dscc.war到tomcat服务器的webapp目录下

运行如下命令进行初始化

cd /ldap/install/dscc6/bin

./dsccsetup initialize

初始化会要求设置Directory Service Manager密码：比如输入两次admin123

可使用命令（./dsccsetup status）查看配置后的情况，如果配置不成功这里会有提示

启动tomcat

http://127.0.0.1:8080/dscc进入管理界面

 

如果设置时(dsccsetup initialize )报错了,可使用如下命令删除后重新设置

[root@ssoldap bin]# ./dsccsetup ads-delete
Deleting DSCC Registry...
All server registrations will be definitively erased.
Existing server instances will not be modified.
Do you really want to delete the DSCC Registry ? [y/n]y
Directory Server instance '/ldap/install/var/dscc6/dcc/ads' stopped
DSCC Registry has been deleted successfully
[root@ssoldap bin]# ./dsccsetup console-unreg
DSCC Application is not installed (thus not registered)
[root@ssoldap bin]# ./dsccsetup cacao-unreg
Unregistering DSCC Agent from Cacao...
[root@ssoldap bin]# ./dsccsetup status
***
Sun Java (TM) Web Console is not installed
***
DSCC Agent is not registered in Cacao
***
DSCC Registry has not been created yet
***
[root@ssoldap bin]# ./dsccsetup initialize
***
DSCC Application cannot be registered because it is not installed
***
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
***
Choose password for Directory Service Manager: 
Confirm password for Directory Service Manager: 
Creating DSCC registry...
DSCC Registry has been created successfully
***

 

 

 

下面是dsccsetup命令详解：

（原文：http://docs.oracle.com/cd/E19575-01/820-2767/dsccsetup-1m/index.html）

 

Sun Java System Directory Server Enterprise Edition 6.3 Man Page Reference

dsccsetup(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also

NAME

dsccsetup – Set up Directory Service Control Center

Synopsis

install-path

/dscc6/bin/dsccsetup

 
 [subcommand] [options]

Description

The dsccsetup command is used to register Directory Service Control Center with Sun Java Web Console (DSCC), and to register local agents of the administration framework. Use the dsccsetup command with the subcommands described in this man page.

SUBCOMMANDS

The following subcommands are supported:

dsccsetup ads-create [-w file ]

Initialize the DSCC registry, a local Directory Server instance for private use by DSCC to store configuration information. DSCC requires that this instance reside locally on the host where you run DSCC. Therefore, if you replicate the data in the instance for high availablity, set up one DSCC per replica host.

If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.

The default port numbers used by the instance are 3998 for LDAP, and 3999 for LDAPS.

The default instance path is /var/opt/SUNWdsee/dscc6/dcc/ads on Solaris systems, /var/opt/sun/dscc6/dcc/ads on HP-UX and Red Hat systems, and C:\Program Files\Sun\DSEE\var\dscc6\dcc\ads on Windows systems.

The base DN for the suffix containing configuration information is cn=dscc . Use the dsccsetup status subcommand to read actual values for the DSCC registry instance.

dsccsetup ads-delete

Delete the Directory Server instance used by DSCC to store configuration information.

Use the -i when not using the command interactively.

dsccsetup cacao-reg [-t]

Register the local DSCC agent with the Common Agent Container, cacao .

Use the -t option if you want to restart the Common Agent Container manually at a later time.

dsccsetup cacao-unreg

Remove the local DSCC agent registration information from cacao .

dsccsetup console-reg [-t]

Register DSCC with the web application container, Sun Java Web Console.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console manually at a later time.

dsccsetup console-unreg [-t]

Remove DSCC from Sun Java Web Console.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console manually at a later time.

dsccsetup dismantle [-t]

Dismantle the DSCC administration framework, running the cacao-unreg , console-unreg , and ads-delete subcommands.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console, and the Common Agent Container manually at a later time.

dsccsetup initialize [-t] [-w file ]

Initialize the DSCC administration framework, running the ads-create , console-reg , and cacao-reg subcommands.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console, or the Common Agent Container manually at a later time.

If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.

dsccsetup status

Display whether DSCC has been registered with Sun Java Web Console, and with the Common Agent Container. Also, display whether the DSCC registry has been initialized.

dsccsetup mfwk-reg [-t]

Register the local Directory Server monitoring agent for Java Enterprise System Monitoring Framework with the Common Agent Container, cacao .

Use the -t option if you want to restart the Common Agent Container manually at a later time.

dsccsetup mfwk-unreg

Remove the local Directory Server monitoring agent registration information from cacao .

GLOBAL OPTIONS

The following options apply to all commands and subcommands:

-?
--help

Display usage for the command or for the specified subcommand.

-i
--no-inter

Do not prompt for confirmation before performing the operation.

-V
--version

Displays the current version of dsccsetup . The version is provided in the format year.monthday.time . So version number 2007.1204.0035 was built on December 4th, 2007 at 00h35. If the components used by dsccsetup are not aligned, the version of each individual component is displayed.

-v
--verbose

Display extra information for debugging purposes.

SUBCOMMAND OPTIONS

The following options apply to the subcommands where they are specified:

-t
--norestart

Do not restart the Common Agent Container or Sun Java Web Console after performing the operation.

You can restart the Common Agent Container using the cacaoadm command. You can restart the Sun Java Web Console using the smcwebserver command.

-w file
--pwd-file file

Use the Directory Service Manager password specified in file .

By default, dsccsetup prompts for a password.

Exit Status

The following exit status values are returned:

0

Successful completion

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE 

ATTRIBUTE VALUE 

Availability	SUNWldap-console-agent
Stability Level	Unstable

 

 

See Also

cacaoadm(1M), smcwebserver(1M)

DS 6.3  Last Revised 7 Dec 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also

• © 2010, Oracle Corporation and/or its affiliates

 

 

 

九、配置LDAP

 

客户端控制设置

idle-timeout        :  none  空闲超时: 服务器使空闲连接保持打开状态的最长时间。 单位是秒。

look-through-limit  :  unlimited  浏览限制:服务器处理搜索请求时访问的最大条目数。
search-size-limit   :  4000    大小限制:服务器响应搜索请求而返回的最大条目数。
search-time-limit   :  120  时间限制:服务器执行搜索请求时花费的最长时间。单位是秒。

 

http://docs.oracle.com/cd/E19261-01/820-2763/bcapq/index.html

 

# cd /ldap/install/ds6/bin

Use the dsconf get-server-prop command to read the resource limit server properties.

# dsconf get-server-prop -h host -p port look-through-limit search-size-limit \
 search-time-limit idle-timeout
look-through-limit  :  5000  
search-size-limit   :  2000  
search-time-limit   :  3600
idle-timeout        :  none

The output shows that searches look through a maximum of 5000 entries, return a maximum of 2000 entries, and use a maximum of one hour (3600 seconds) of server time to process the search.

Change the look-through limit.

# dsconf set-server-prop -h host -p port look-through-limit:integer

where integer is the maximum number of entries examined for a search operation.

Change the search size limit.

# dsconf set-server-prop -h host -p port search-size-limit:integer

where integer is the maximum number of entries returned by a search operation.

Change the search time limit.

# dsconf set-server-prop -h host -p port serach-time-limit:integer

where integer is the maximum time spent processing a search operation.

Change the idle timeout.

# dsconf set-server-prop -h host -p port idle-timeout:integer

where integer is the maximum time a client connection can remain idle before the connection is dropped.