`

linux下ldap的安装

阅读更多

solaris版本下载地址:ftp://ftp.accessaxis.com/pub/Solaris/Network/Servers/DSEE.6.2.Solaris-Sparc-full.tar.gz

solaris版本安装参考:http://docs.oracle.com/cd/E19575-01/820-5986/ghgcy/index.html

http://www.derlediklerim.com/?p=6

 

linux版本下载地址:ftp://173.8.244.1/pub/DSEE.6.3.Linux-X86-full.tar.gz

 

可访问这个网址查看其他版本:http://proisk.ru/?q=DSEE

 

一、 解压缩

cd /ldap

gunzip DSEE.6.3.Linux-X86-full.tar.gz

tar -xvf DSEE.6.3.Linux-X86-full.tar

 

二、  安装
解压缩后,会得到三个文件夹分别是:DSEE_Directory_Editor, 

DSEE_Identity_Synchronization_for_Windows,DSEE_ZIP_Distribution,安装操作都在

DSEE_ZIP_Distribution中。

 

cd /ldap/DSEE_ZIP_Distribution

./dsee_deploy install -i /ldap/install

 

三、创建实例
mkdir /ldap/instance

cd /ldap/install/ds6/bin

./dsadm create -p 389 -P 636 /ldap/instance/instance1
 

四、启动实例
./dsadm start /ldap/instance/instance1

 

五、创建后缀

./dsconf create-suffix -h localhost -p 389 dc=zjtvu,dc=edu,dc=cn

 

六、这步可省略

启用后缀(同时允许主从复制)

(dsconf的参数详见http://docs.sun.com/app/docs/doc/820-2767/dsconf-1m?l=zh_TW&a=view)

./dsconf enable-repl -h localhost -p 389 consumer dc=zjtvu,dc=edu,dc=cn


启用后缀(同时允许主主复制)

./dsconf enable-repl -h localhost -p 389 -d 11 master dc=zjtvu,dc=edu,dc=cn


下面这句可以删除389端口上后缀dc=zjtvu,dc=edu,dc=cn上的复制设置:

./dsconf disable-repl -h localhost -p 389 dc=zjtvu,dc=edu,dc=cn


下面这句可以列出端口389上的详细情况:

./dsconf list-suffixes -p 389 -v

 

七、使用ldif文件导入数据

/ldap/install/ds6/bin/dsconf import -h  localhost -p 389 /backup.ldif dc=zjtvu,dc=edu,dc=cn

 

导出数据代码:

/ldap/install/ds6/bin/dsconf export -h localhost -p 389 -w /databak/pwd.txt dc=zju,dc=edu,dc=cn /databak/20110803.ldif

 

八、安装dscc(LDAP的管理界面)

拷贝/ldap/install/var/dscc6/dscc.war到tomcat服务器的webapp目录下

运行如下命令进行初始化

cd /ldap/install/dscc6/bin

./dsccsetup initialize

初始化会要求设置Directory Service Manager密码:比如输入两次admin123

可使用命令(./dsccsetup status)查看配置后的情况,如果配置不成功这里会有提示

启动tomcat

http://127.0.0.1:8080/dscc进入管理界面

 

如果设置时(dsccsetup initialize )报错了,可使用如下命令删除后重新设置

[root@ssoldap bin]# ./dsccsetup ads-delete
Deleting DSCC Registry...
All server registrations will be definitively erased.
Existing server instances will not be modified.
Do you really want to delete the DSCC Registry ? [y/n]y
Directory Server instance '/ldap/install/var/dscc6/dcc/ads' stopped
DSCC Registry has been deleted successfully
[root@ssoldap bin]# ./dsccsetup console-unreg
DSCC Application is not installed (thus not registered)
[root@ssoldap bin]# ./dsccsetup cacao-unreg
Unregistering DSCC Agent from Cacao...
[root@ssoldap bin]# ./dsccsetup status
***
Sun Java (TM) Web Console is not installed
***
DSCC Agent is not registered in Cacao
***
DSCC Registry has not been created yet
***
[root@ssoldap bin]# ./dsccsetup initialize
***
DSCC Application cannot be registered because it is not installed
***
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
***
Choose password for Directory Service Manager: 
Confirm password for Directory Service Manager: 
Creating DSCC registry...
DSCC Registry has been created successfully
***

 

 

 

下面是dsccsetup命令详解:

(原文:http://docs.oracle.com/cd/E19575-01/820-2767/dsccsetup-1m/index.html)

 

Sun Java System Directory Server Enterprise Edition 6.3 Man Page Reference

dsccsetup(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also

NAME

    dsccsetup – Set up Directory Service Control Center

Synopsis

install-path

/dscc6/bin/dsccsetup

 
 [subcommand] [options]

Description

    The dsccsetup command is used to register Directory Service Control Center with Sun Java Web Console (DSCC), and to register local agents of the administration framework. Use the dsccsetup command with the subcommands described in this man page.

SUBCOMMANDS

    The following subcommands are supported:

    dsccsetup ads-create [-w file ]

    Initialize the DSCC registry, a local Directory Server instance for private use by DSCC to store configuration information. DSCC requires that this instance reside locally on the host where you run DSCC. Therefore, if you replicate the data in the instance for high availablity, set up one DSCC per replica host.

    If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.

    The default port numbers used by the instance are 3998 for LDAP, and 3999 for LDAPS.

    The default instance path is /var/opt/SUNWdsee/dscc6/dcc/ads on Solaris systems, /var/opt/sun/dscc6/dcc/ads on HP-UX and Red Hat systems, and C:\Program Files\Sun\DSEE\var\dscc6\dcc\ads on Windows systems.

    The base DN for the suffix containing configuration information is cn=dscc . Use the dsccsetup status subcommand to read actual values for the DSCC registry instance.

    dsccsetup ads-delete

    Delete the Directory Server instance used by DSCC to store configuration information.

    Use the -i when not using the command interactively.

    dsccsetup cacao-reg [-t]

    Register the local DSCC agent with the Common Agent Container, cacao .

    Use the -t option if you want to restart the Common Agent Container manually at a later time.

    dsccsetup cacao-unreg

    Remove the local DSCC agent registration information from cacao .

    dsccsetup console-reg [-t]

    Register DSCC with the web application container, Sun Java Web Console.

    Use the -i when not using the command interactively.

    Use the -t option if you want to restart Sun Java Web Console manually at a later time.

    dsccsetup console-unreg [-t]

    Remove DSCC from Sun Java Web Console.

    Use the -i when not using the command interactively.

    Use the -t option if you want to restart Sun Java Web Console manually at a later time.

    dsccsetup dismantle [-t]

    Dismantle the DSCC administration framework, running the cacao-unreg , console-unreg , and ads-delete subcommands.

    Use the -i when not using the command interactively.

    Use the -t option if you want to restart Sun Java Web Console, and the Common Agent Container manually at a later time.

    dsccsetup initialize [-t] [-w file ]

    Initialize the DSCC administration framework, running the ads-create , console-reg , and cacao-reg subcommands.

    Use the -i when not using the command interactively.

    Use the -t option if you want to restart Sun Java Web Console, or the Common Agent Container manually at a later time.

    If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.

    dsccsetup status

    Display whether DSCC has been registered with Sun Java Web Console, and with the Common Agent Container. Also, display whether the DSCC registry has been initialized.

    dsccsetup mfwk-reg [-t]

    Register the local Directory Server monitoring agent for Java Enterprise System Monitoring Framework with the Common Agent Container, cacao .

    Use the -t option if you want to restart the Common Agent Container manually at a later time.

    dsccsetup mfwk-unreg

    Remove the local Directory Server monitoring agent registration information from cacao .

GLOBAL OPTIONS

    The following options apply to all commands and subcommands:

    -?
    --help

    Display usage for the command or for the specified subcommand.

    -i
    --no-inter

    Do not prompt for confirmation before performing the operation.

    -V
    --version

    Displays the current version of dsccsetup . The version is provided in the format year.monthday.time . So version number 2007.1204.0035 was built on December 4th, 2007 at 00h35. If the components used by dsccsetup are not aligned, the version of each individual component is displayed.

    -v
    --verbose

    Display extra information for debugging purposes.

SUBCOMMAND OPTIONS

    The following options apply to the subcommands where they are specified:

    -t
    --norestart

    Do not restart the Common Agent Container or Sun Java Web Console after performing the operation.

    You can restart the Common Agent Container using the cacaoadm command. You can restart the Sun Java Web Console using the smcwebserver command.

    -w file
    --pwd-file file

    Use the Directory Service Manager password specified in file .

    By default, dsccsetup prompts for a password.

Exit Status

    The following exit status values are returned:

    0

    Successful completion

    non-zero

    An error occurred.

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWldap-console-agent 

    Stability Level 

    Unstable 

     

     

See Also

    cacaoadm(1M), smcwebserver(1M)

DS 6.3  Last Revised 7 Dec 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also

 

 

 

九、配置LDAP

 

客户端控制设置

idle-timeout        :  none  空闲超时: 服务器使空闲连接保持打开状态的最长时间。 单位是秒。

look-through-limit  :  unlimited  浏览限制:服务器处理搜索请求时访问的最大条目数。
search-size-limit   :  4000    大小限制:服务器响应搜索请求而返回的最大条目数。
search-time-limit   :  120  时间限制:服务器执行搜索请求时花费的最长时间。单位是秒。

 

http://docs.oracle.com/cd/E19261-01/820-2763/bcapq/index.html

 

# cd /ldap/install/ds6/bin


Use the dsconf get-server-prop command to read the resource limit server properties.

# dsconf get-server-prop -h host -p port look-through-limit search-size-limit \
 search-time-limit idle-timeout
look-through-limit  :  5000  
search-size-limit   :  2000  
search-time-limit   :  3600
idle-timeout        :  none

The output shows that searches look through a maximum of 5000 entries, return a maximum of 2000 entries, and use a maximum of one hour (3600 seconds) of server time to process the search.

Change the look-through limit.

# dsconf set-server-prop -h host -p port look-through-limit:integer

where integer is the maximum number of entries examined for a search operation.

Change the search size limit.

# dsconf set-server-prop -h host -p port search-size-limit:integer

where integer is the maximum number of entries returned by a search operation.

Change the search time limit.

# dsconf set-server-prop -h host -p port serach-time-limit:integer

where integer is the maximum time spent processing a search operation.

Change the idle timeout.

# dsconf set-server-prop -h host -p port idle-timeout:integer

where integer is the maximum time a client connection can remain idle before the connection is dropped.

 

分享到:
评论

相关推荐

    linux下的ldap配置详述

    总结,Linux下的LDAP配置是一项关键任务,涉及到属性理解、配置文件编辑、服务安装与初始化,以及客户端的使用。掌握这些知识点,可以有效地管理和维护企业的用户认证和授权系统,提高IT资源的安全性和效率。

    Linux系统下LDAP的实现

    2. 安装LDAP服务器软件:熟悉Linux系统下软件包管理器的使用,了解如何查找和安装软件包。了解软件安装后的默认配置文件位置和内容。 3. 配置LDAP服务器:学习LDAP的基本概念,包括条目(entries)、属性...

    ldap 详解(linux 下的ldap配置精华文档)

    LDAP 详解(Linux 下的 LDAP 配置精华文档) 目录服务(LDAP)是一种集中化的管理方式,旨在解决局域网内的大量帐号和密码管理问题。LDAP 是轻量级目录访问协议的缩写,顾名思义,它是指轻量级目录访问协议(这个...

    在Linux上搭建LDAP服务器

    "在Linux上搭建LDAP服务器" LDAP( Lightweight Directory Access Protocol,轻型目录访问协议)是一种集中管理访问、认证和授权的协议。它提供了用户和用户组管理集中化、信息存储集中化、设置安全和访问控制、...

    LINUX LDAP 服务器 简介

    总结来说,Linux LDAP服务器是信息存储和访问的重要工具,尤其在需要高效检索和跨平台共享的场景下,其灵活性、安全性以及标准化特性使其成为现代IT环境中不可或缺的一部分。了解并掌握LDAP的使用,将有助于构建更加...

    windows client 用 linux ldap 作用户认证工具

    在IT领域,Linux LDAP(轻量级目录访问协议)常被用作企业级的身份验证和授权服务,允许多个系统共享用户账户信息。Windows客户端如果需要接入这样的环境,就需要使用特定的工具来实现与Linux LDAP服务器的集成。本...

    ldap安装、认证、部署

    这几天在研究LDAP安装,上网找了一大圈还是没整明白,经过无数次的失败和N小时的尝试中终于研究的差不多了。 下面简要说一下流程吧,希望对大家有所帮助: 主要参考:...

    Linux_LDAP.rar_ldap

    在"Linux下ldap服务器安装配置手册"中,我们可能会涵盖以下几个关键知识点: 1. **LDAP服务器安装**:在Linux系统中,常用的LDAP服务器软件有OpenLDAP。首先,我们需要确保系统已更新到最新版本,然后通过包管理器...

    ldap的离线安装包及安装方法

    **LDAP(Lightweight Directory Access ...离线安装 LDAP 虽然步骤相对繁琐,但在特定环境下却是必要的。理解每个步骤的目的和作用,有助于你更好地管理和维护 LDAP 服务,为组织提供安全、高效的身份管理解决方案。

    LDAP安装介绍1111111111111

    LDAP安装介绍,主要介绍LDAP服务器以及客户端,在linux上的安装过程

    ldap安装配置新手必看

    OpenLDAP是一个开放源代码实现的LDAP系统,本文将详细介绍如何在Linux环境下安装配置OpenLDAP,并使用它来管理用户的账号信息。 #### 二、OpenLDAP软件概述 OpenLDAP按照客户机/服务器模型设计,由以下几个组件构成...

    在Linux上建立LDAP服务器

    在 Linux 上建立 LDAP 服务器的过程可以分为三个步骤:安装 OpenLDAP 软件包、配置 slapd.conf 文件和安装 Berkeley DB 数据库。 第一步:安装 OpenLDAP 软件包 OpenLDAP 是一个流行的 LDAP 服务器软件包。可以从...

    Linux——LDAP配置[借鉴].pdf

    Linux中的LDAP(Lightweight Directory Access Protocol)是一种轻量级的目录访问协议,常用于管理和存储用户账户、组信息以及各种系统配置数据。OpenLDAP是一个开源的实现,它提供了LDAP服务器的功能,可以集成到...

    Open_LDAP安装配置

    在本文中,我们将深入探讨Open LDAP的安装与配置过程,以及如何在Windows环境下进行操作。 **一、Open LDAP的基本概念** Open LDAP基于Berkeley DB作为其后端数据库,提供了一个标准的LDAP接口,用于查询和修改...

    论文:Linux系统下LDAP的实现

    1. **安装OpenLDAP**: 在Linux系统上安装OpenLDAP软件包,包括slapd(LDAP服务器)和客户端工具。 2. **配置slapd**: 配置LDAP服务器的参数,如监听端口、认证方式等。 3. **创建目录结构**: 根据组织结构设计...

    基于Linux的LDAP应用环境研究与目录服务实现.pdf

    OpenLDAP是Linux环境下常用的开源LDAP实现,它允许系统管理员创建和管理目录服务。在Linux上配置OpenLDAP,通常包括以下几个步骤:安装OpenLDAP软件包,配置服务器参数,创建目录结构,导入初始数据,以及设置安全...

    ldap+gerrit+gitweb集成化安装部署

    本文档详细介绍了如何在linux系统下安装ldap、gerrit、gitweb的安装流程。还包括gerrit的ldap认证配置,gerrit+gitweb集成化安装部署流程。

    LDAP应用概述与qmail+LDAP安装配置

    **LDAP**(Lightweight Directory Access Protocol)是一种基于X.500标准的目录访问协议,但进行了简化以便更适合互联网环境下的轻量级目录服务。LDAP提供了一种高效、可扩展的方式来进行数据的组织和管理。其主要...

    Linux——LDAP配置.pdf

    文档中提到了在不同Linux发行版下启动LDAP服务的方法,例如SuSE使用/etc/rc.d/ldapstart,而Red Hat使用/etc/rc.d/init.d/ldapstart。这些脚本位于系统的服务管理目录中,用于在系统启动或服务重启时自动启动LDAP...

Global site tag (gtag.js) - Google Analytics