*******************************************转资料******************************************
由于openldap需要将数据存放到数据库中,在本次的部署中,我们采用Berkeley DB来存放配置数据。
1.安装准备
准备Berkeley DB安装包:db-5.3.28.tar.gz
准备Openldap安装包:openldap-2.4.40.tgz
准备LDAPadmin工具
2.安装Berkeley DB
1)把安装包db-5.3.28.tar.gz和openldap-2.4.40.tgz传到/usr/local下
2)解压db-5.3.28.tar.gz
命令使用:#tar xvf db-5.3.28.tar.gz解压出文件db-5.3.28
切换到该目录下:# cd /usr/local/db-5.3.28/build_unix/
在build_unix目录下运行下面命令:
#../dist/configure
# make
# make install
3)编辑文件命令#vi /etc/ld.so.conf
在该文件下加入:/usr/local/BerkeleyDB.5.3/lib/
加完后保存文件并退出文件;运行# ldconfig –v使文件生效
4)运行
#cp /usr/local/BerkeleyDB.5.3/include/* /usr/include/
#cp /usr/local/BerkeleyDB.5.3/lib/* /usr/lib/ --不运行的话,安装openldap可能会报错
3.安装openldap
1)解压包#tar -zxvf openldap-2.4.40.tgz
目录切换到#cd /usr/local/openldap-2.4.40
#./configure --prefix=/usr/local/openldap
#make depend
#make
#make install
安装完成
4.配置openldap
1)Openldap主配置文件slapd.conf,该配置文件一般保存在安装目录下
#vi /usr/local/openldap/etc/openldap/slapd.conf
下面红的代表是要在文件中加入的部分
(注意加入的数据行首和行尾都不能留空格;rootpw secret该行中间要使用Tab隔开)
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/collective.schema
include /usr/local/openldap/etc/openldap/schema/corba.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/duaconf.schema
include /usr/local/openldap/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/java.schema
include /usr/local/openldap/etc/openldap/schema/misc.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/openldap.schema
include /usr/local/openldap/etc/openldap/schema/pmi.schema
include /usr/local/openldap/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
.....
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=test"
rootdn "cn=Manager,dc=test"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory/usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
2)启动ldap服务
# cd/usr/local/openldap/libexec
# ./slapd
查看服务是否起来:#lsof -i :389
3)建立DN节点
执行命令:
#/usr/local/openldap/bin/ldapadd -x -D 'cn=Manager,dc=zte' -W
输入密码:secret
复制以下内容增加到系统里:
dn: dc=test
objectclass: top
objectclass: dcobject
objectclass: organization
dc: test
o: test
按Ctrl+d存盘
4)建立OU
#/usr/local/openldap/bin/ldapadd -x -D 'cn=Manager,dc=zte' -W
输入密码:secret
复制以下内容增加到系统里:
dn: u=test,dc=test
ou: test
objectclass: organizationalUnit
按Ctrl+d存盘
5.连接openldap
1)在windows下,双击打开工具LdapAdmin.exe
点击Start -->Connect
双击“New connection”,
Connection name:随便填写
Host:填写你安装opendlap的主机IP
Base:ou=test,dc=test --上面创建的DN和OU
去掉“Anonymous connection”前面的钩,
Username:cn=Manager,dc=test --上面配置文件slapd.conf中的rootdn
Password:secret --上面配置文件slapd.conf中的rootpw
点击Test Connection会提示连接成功;点击OK保存设置。
6.注意事项
当遇到连接不成功的时候,一定要去检查配置文件rootpw secret
是否行首和行尾有空格;或者关闭防火墙再试下。
如果是防火墙的问题#vi /etc/sysconfig/iptables
在文件里加入
-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
保存后重启防火墙
#service iptables restart
然后再连接一下
a.重启后永久性生效:
开启:chkconfig iptables on
关闭:chkconfig iptables off
b.即时生效,重启后失效:
开启:service iptables start
关闭:service iptables stop
7.设置开机启动
#chkconfig --add slapd
#chkconfig slapd on