- 浏览: 495444 次
- 性别:
- 来自: 杭州
文章分类
- 全部博客 (247)
- java框架-struts2 (11)
- java框架-spring (6)
- 开发工具-myeclipse (8)
- 技术标准-webservice (1)
- 技术标准-opensaml2 (1)
- 开发语言-java (13)
- 开发语言-asp (4)
- 数据库-oracle (25)
- 数据库-mysql (4)
- 前端开发-css (15)
- 前端开发-javascript (34)
- 图片处理 (7)
- 事务处理 (1)
- SVN (2)
- 系统-linux (41)
- 系统-solaris (13)
- 系统-windows (8)
- web容器-glassfish (5)
- 单点登录-Shibboleth (0)
- 其他技术 (18)
- 技术无关 (6)
- 开发语言-jsp (2)
- 前端开发-html (1)
- LDAP相关 (11)
- 单点登录-cas (0)
- php (0)
- 门户-uportal (0)
- 单点登录-opensso (1)
- json (1)
- Android (2)
最新评论
-
wzwahl36:
http://www.atool.org/ico.php这个生 ...
Photoshop制作Favicon.ico图标(转载) -
wgimperial:
帮我解决了问题,谢谢LZ
如何让 href 失效(转) -
Finishx:
[color=olive][/color][size=medi ...
iframe跨域(转) -
q79969786:
不能删,上了这个workspace就是空的了
java.lang.NoClassDefFoundError: org/eclipse/core/resources/IContainer -
hw1287789687:
showrev
在SOLARIS下如何查看版本号
solaris版本下载地址:ftp://ftp.accessaxis.com/pub/Solaris/Network/Servers/DSEE.6.2.Solaris-Sparc-full.tar.gz
solaris版本安装参考:http://docs.oracle.com/cd/E19575-01/820-5986/ghgcy/index.html
http://www.derlediklerim.com/?p=6
linux版本下载地址:ftp://173.8.244.1/pub/DSEE.6.3.Linux-X86-full.tar.gz
可访问这个网址查看其他版本:http://proisk.ru/?q=DSEE
一、 解压缩
cd /ldap
gunzip DSEE.6.3.Linux-X86-full.tar.gz
tar -xvf DSEE.6.3.Linux-X86-full.tar
二、 安装
解压缩后,会得到三个文件夹分别是:DSEE_Directory_Editor,
DSEE_Identity_Synchronization_for_Windows,DSEE_ZIP_Distribution,安装操作都在
DSEE_ZIP_Distribution中。
cd /ldap/DSEE_ZIP_Distribution
./dsee_deploy install -i /ldap/install
三、创建实例
mkdir /ldap/instance
cd /ldap/install/ds6/bin
./dsadm create -p 389 -P 636 /ldap/instance/instance1
四、启动实例
./dsadm start /ldap/instance/instance1
五、创建后缀
./dsconf create-suffix -h localhost -p 389 dc=zjtvu,dc=edu,dc=cn
六、这步可省略
启用后缀(同时允许主从复制)
(dsconf的参数详见http://docs.sun.com/app/docs/doc/820-2767/dsconf-1m?l=zh_TW&a=view)
./dsconf enable-repl -h localhost -p 389 consumer dc=zjtvu,dc=edu,dc=cn
启用后缀(同时允许主主复制)
./dsconf enable-repl -h localhost -p 389 -d 11 master dc=zjtvu,dc=edu,dc=cn
下面这句可以删除389端口上后缀dc=zjtvu,dc=edu,dc=cn上的复制设置:
./dsconf disable-repl -h localhost -p 389 dc=zjtvu,dc=edu,dc=cn
下面这句可以列出端口389上的详细情况:
./dsconf list-suffixes -p 389 -v
七、使用ldif文件导入数据
/ldap/install/ds6/bin/dsconf import -h localhost -p 389 /backup.ldif dc=zjtvu,dc=edu,dc=cn
导出数据代码:
/ldap/install/ds6/bin/dsconf export -h localhost -p 389 -w /databak/pwd.txt dc=zju,dc=edu,dc=cn /databak/20110803.ldif
八、安装dscc(LDAP的管理界面)
拷贝/ldap/install/var/dscc6/dscc.war到tomcat服务器的webapp目录下
运行如下命令进行初始化
cd /ldap/install/dscc6/bin
./dsccsetup initialize
初始化会要求设置Directory Service Manager密码:比如输入两次admin123
可使用命令(./dsccsetup status)查看配置后的情况,如果配置不成功这里会有提示
启动tomcat
http://127.0.0.1:8080/dscc进入管理界面
如果设置时(dsccsetup initialize )报错了,可使用如下命令删除后重新设置
[root@ssoldap bin]# ./dsccsetup ads-delete
Deleting DSCC Registry...
All server registrations will be definitively erased.
Existing server instances will not be modified.
Do you really want to delete the DSCC Registry ? [y/n]y
Directory Server instance '/ldap/install/var/dscc6/dcc/ads' stopped
DSCC Registry has been deleted successfully
[root@ssoldap bin]# ./dsccsetup console-unreg
DSCC Application is not installed (thus not registered)
[root@ssoldap bin]# ./dsccsetup cacao-unreg
Unregistering DSCC Agent from Cacao...
[root@ssoldap bin]# ./dsccsetup status
***
Sun Java (TM) Web Console is not installed
***
DSCC Agent is not registered in Cacao
***
DSCC Registry has not been created yet
***
[root@ssoldap bin]# ./dsccsetup initialize
***
DSCC Application cannot be registered because it is not installed
***
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
***
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
***
下面是dsccsetup命令详解:
(原文:http://docs.oracle.com/cd/E19575-01/820-2767/dsccsetup-1m/index.html)
dsccsetup(1M)
NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also
NAME
-
dsccsetup – Set up Directory Service Control Center
Synopsis
install-path /dscc6/bin/dsccsetup [subcommand] [options]
Description
The dsccsetup command is used to register Directory Service Control Center with Sun Java Web Console (DSCC), and to register local agents of the administration framework. Use the dsccsetup command with the subcommands described in this man page.
SUBCOMMANDS
- dsccsetup ads-create [-w file ]
-
Initialize the DSCC registry, a local Directory Server instance for private use by DSCC to store configuration information. DSCC requires that this instance reside locally on the host where you run DSCC. Therefore, if you replicate the data in the instance for high availablity, set up one DSCC per replica host.
If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.
The default port numbers used by the instance are 3998 for LDAP, and 3999 for LDAPS.
The default instance path is /var/opt/SUNWdsee/dscc6/dcc/ads on Solaris systems, /var/opt/sun/dscc6/dcc/ads on HP-UX and Red Hat systems, and C:\Program Files\Sun\DSEE\var\dscc6\dcc\ads on Windows systems.
The base DN for the suffix containing configuration information is cn=dscc . Use the dsccsetup status subcommand to read actual values for the DSCC registry instance.
- dsccsetup ads-delete
-
Delete the Directory Server instance used by DSCC to store configuration information.
Use the -i when not using the command interactively.
- dsccsetup cacao-reg [-t]
-
Register the local DSCC agent with the Common Agent Container, cacao .
Use the -t option if you want to restart the Common Agent Container manually at a later time.
- dsccsetup cacao-unreg
-
Remove the local DSCC agent registration information from cacao .
- dsccsetup console-reg [-t]
-
Register DSCC with the web application container, Sun Java Web Console.
Use the -i when not using the command interactively.
Use the -t option if you want to restart Sun Java Web Console manually at a later time.
- dsccsetup console-unreg [-t]
-
Remove DSCC from Sun Java Web Console.
Use the -i when not using the command interactively.
Use the -t option if you want to restart Sun Java Web Console manually at a later time.
- dsccsetup dismantle [-t]
-
Dismantle the DSCC administration framework, running the cacao-unreg , console-unreg , and ads-delete subcommands.
Use the -i when not using the command interactively.
Use the -t option if you want to restart Sun Java Web Console, and the Common Agent Container manually at a later time.
- dsccsetup initialize [-t] [-w file ]
-
Initialize the DSCC administration framework, running the ads-create , console-reg , and cacao-reg subcommands.
Use the -i when not using the command interactively.
Use the -t option if you want to restart Sun Java Web Console, or the Common Agent Container manually at a later time.
If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.
- dsccsetup status
-
Display whether DSCC has been registered with Sun Java Web Console, and with the Common Agent Container. Also, display whether the DSCC registry has been initialized.
- dsccsetup mfwk-reg [-t]
-
Register the local Directory Server monitoring agent for Java Enterprise System Monitoring Framework with the Common Agent Container, cacao .
Use the -t option if you want to restart the Common Agent Container manually at a later time.
- dsccsetup mfwk-unreg
-
Remove the local Directory Server monitoring agent registration information from cacao .
The following subcommands are supported:
GLOBAL OPTIONS
-
-?
--help -
Display usage for the command or for the specified subcommand.
-
-i
--no-inter -
Do not prompt for confirmation before performing the operation.
-
-V
--version -
Displays the current version of dsccsetup . The version is provided in the format year.monthday.time . So version number 2007.1204.0035 was built on December 4th, 2007 at 00h35. If the components used by dsccsetup are not aligned, the version of each individual component is displayed.
-
-v
--verbose -
Display extra information for debugging purposes.
The following options apply to all commands and subcommands:
SUBCOMMAND OPTIONS
-
-t
--norestart -
Do not restart the Common Agent Container or Sun Java Web Console after performing the operation.
You can restart the Common Agent Container using the cacaoadm command. You can restart the Sun Java Web Console using the smcwebserver command.
-
-w
file
--pwd-file file -
Use the Directory Service Manager password specified in file .
By default, dsccsetup prompts for a password.
The following options apply to the subcommands where they are specified:
Exit Status
- 0
-
Successful completion
- non-zero
-
An error occurred.
The following exit status values are returned:
Attributes
See attributes(5) for descriptions of the following attributes:
Availability |
SUNWldap-console-agent |
Stability Level |
Unstable |
See Also
cacaoadm(1M), smcwebserver(1M)
NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also
- © 2010, Oracle Corporation and/or its affiliates
九、配置LDAP
客户端控制设置
idle-timeout : none 空闲超时: 服务器使空闲连接保持打开状态的最长时间。 单位是秒。
look-through-limit : unlimited 浏览限制:服务器处理搜索请求时访问的最大条目数。
search-size-limit : 4000 大小限制:服务器响应搜索请求而返回的最大条目数。
search-time-limit : 120 时间限制:服务器执行搜索请求时花费的最长时间。单位是秒。
http://docs.oracle.com/cd/E19261-01/820-2763/bcapq/index.html
# cd /ldap/install/ds6/bin
Use the dsconf get-server-prop command to read the resource limit server properties.
# dsconf get-server-prop -h host -p port look-through-limit search-size-limit \
search-time-limit idle-timeout
look-through-limit : 5000
search-size-limit : 2000
search-time-limit : 3600
idle-timeout : none
The output shows that searches look through a maximum of 5000 entries, return a maximum of 2000 entries, and use a maximum of one hour (3600 seconds) of server time to process the search.
Change the look-through limit.
# dsconf set-server-prop -h host -p port look-through-limit:integer
where integer is the maximum number of entries examined for a search operation.
Change the search size limit.
# dsconf set-server-prop -h host -p port search-size-limit:integer
where integer is the maximum number of entries returned by a search operation.
Change the search time limit.
# dsconf set-server-prop -h host -p port serach-time-limit:integer
where integer is the maximum time spent processing a search operation.
Change the idle timeout.
# dsconf set-server-prop -h host -p port idle-timeout:integer
where integer is the maximum time a client connection can remain idle before the connection is dropped.
发表评论
-
LDAP中如何自定义属性
2012-08-28 14:09 2270本文档适用于 DSEE6.3+linux。 ... -
Sun Directory Server Enterprise Edition 6.3三个实例实现主主复制
2012-07-06 13:52 906linux操作系统上已安装了三个 LDAP 实例,分别是 ... -
ldap如何自定义属性
2012-02-10 16:07 2269Sun Java System Directory Serve ... -
java代码遍历ldap
2011-05-04 16:26 2089package cn.com.icinfo.zuinfo.ut ... -
ldap创建索引
2011-02-28 16:26 1251我使用的ldap是Sun的ldap,DSEE.6.3.Linu ... -
java连接SunLDAP实例
2010-12-31 16:53 981import javax.naming.Context; i ... -
实现LDAP的主主复制
2010-12-21 17:13 2166现有两台机器,分别是ldap-1.example.com和l ... -
Sun Directory Server 6.3安装说明(转)
2010-08-11 14:01 1470原文:http://blog.csdn.net/cheayu/ ... -
如何将对ldap的操作与对oracle的操作封装在一个事务中?
2010-02-27 15:59 1681可通过spring-ldap的ContextSourceAnd ... -
ldap如何设置过期时间
2009-09-30 09:21 1946可以为ldap目录服务器每条记录设置名为“iplanet-am ...
相关推荐
总结,Linux下的LDAP配置是一项关键任务,涉及到属性理解、配置文件编辑、服务安装与初始化,以及客户端的使用。掌握这些知识点,可以有效地管理和维护企业的用户认证和授权系统,提高IT资源的安全性和效率。
2. 安装LDAP服务器软件:熟悉Linux系统下软件包管理器的使用,了解如何查找和安装软件包。了解软件安装后的默认配置文件位置和内容。 3. 配置LDAP服务器:学习LDAP的基本概念,包括条目(entries)、属性...
LDAP 详解(Linux 下的 LDAP 配置精华文档) 目录服务(LDAP)是一种集中化的管理方式,旨在解决局域网内的大量帐号和密码管理问题。LDAP 是轻量级目录访问协议的缩写,顾名思义,它是指轻量级目录访问协议(这个...
"在Linux上搭建LDAP服务器" LDAP( Lightweight Directory Access Protocol,轻型目录访问协议)是一种集中管理访问、认证和授权的协议。它提供了用户和用户组管理集中化、信息存储集中化、设置安全和访问控制、...
总结来说,Linux LDAP服务器是信息存储和访问的重要工具,尤其在需要高效检索和跨平台共享的场景下,其灵活性、安全性以及标准化特性使其成为现代IT环境中不可或缺的一部分。了解并掌握LDAP的使用,将有助于构建更加...
在IT领域,Linux LDAP(轻量级目录访问协议)常被用作企业级的身份验证和授权服务,允许多个系统共享用户账户信息。Windows客户端如果需要接入这样的环境,就需要使用特定的工具来实现与Linux LDAP服务器的集成。本...
这几天在研究LDAP安装,上网找了一大圈还是没整明白,经过无数次的失败和N小时的尝试中终于研究的差不多了。 下面简要说一下流程吧,希望对大家有所帮助: 主要参考:...
在"Linux下ldap服务器安装配置手册"中,我们可能会涵盖以下几个关键知识点: 1. **LDAP服务器安装**:在Linux系统中,常用的LDAP服务器软件有OpenLDAP。首先,我们需要确保系统已更新到最新版本,然后通过包管理器...
**LDAP(Lightweight Directory Access ...离线安装 LDAP 虽然步骤相对繁琐,但在特定环境下却是必要的。理解每个步骤的目的和作用,有助于你更好地管理和维护 LDAP 服务,为组织提供安全、高效的身份管理解决方案。
LDAP安装介绍,主要介绍LDAP服务器以及客户端,在linux上的安装过程
OpenLDAP是一个开放源代码实现的LDAP系统,本文将详细介绍如何在Linux环境下安装配置OpenLDAP,并使用它来管理用户的账号信息。 #### 二、OpenLDAP软件概述 OpenLDAP按照客户机/服务器模型设计,由以下几个组件构成...
在 Linux 上建立 LDAP 服务器的过程可以分为三个步骤:安装 OpenLDAP 软件包、配置 slapd.conf 文件和安装 Berkeley DB 数据库。 第一步:安装 OpenLDAP 软件包 OpenLDAP 是一个流行的 LDAP 服务器软件包。可以从...
Linux中的LDAP(Lightweight Directory Access Protocol)是一种轻量级的目录访问协议,常用于管理和存储用户账户、组信息以及各种系统配置数据。OpenLDAP是一个开源的实现,它提供了LDAP服务器的功能,可以集成到...
在本文中,我们将深入探讨Open LDAP的安装与配置过程,以及如何在Windows环境下进行操作。 **一、Open LDAP的基本概念** Open LDAP基于Berkeley DB作为其后端数据库,提供了一个标准的LDAP接口,用于查询和修改...
1. **安装OpenLDAP**: 在Linux系统上安装OpenLDAP软件包,包括slapd(LDAP服务器)和客户端工具。 2. **配置slapd**: 配置LDAP服务器的参数,如监听端口、认证方式等。 3. **创建目录结构**: 根据组织结构设计...
OpenLDAP是Linux环境下常用的开源LDAP实现,它允许系统管理员创建和管理目录服务。在Linux上配置OpenLDAP,通常包括以下几个步骤:安装OpenLDAP软件包,配置服务器参数,创建目录结构,导入初始数据,以及设置安全...
本文档详细介绍了如何在linux系统下安装ldap、gerrit、gitweb的安装流程。还包括gerrit的ldap认证配置,gerrit+gitweb集成化安装部署流程。
**LDAP**(Lightweight Directory Access Protocol)是一种基于X.500标准的目录访问协议,但进行了简化以便更适合互联网环境下的轻量级目录服务。LDAP提供了一种高效、可扩展的方式来进行数据的组织和管理。其主要...
文档中提到了在不同Linux发行版下启动LDAP服务的方法,例如SuSE使用/etc/rc.d/ldapstart,而Red Hat使用/etc/rc.d/init.d/ldapstart。这些脚本位于系统的服务管理目录中,用于在系统启动或服务重启时自动启动LDAP...