ldap连接mysql (openldap-2.4.40 rpm + 操作系统CentOS 6.5标准版)

 

 

1. 将附件解压到服务器/usr/local/ldap目录下

    

2. 进入/usr/local/ldap/libdbi目录,安装libdbi依赖库,如果存在老版本,请rpm -e卸载或rpm -Uvh升级老版本

    rpm -ivh libdbi-0.8.3-4.el6.x86_64.rpm

    rpm -ivh libdbi-devel-0.8.3-4.el6.x86_64.rpm

    rpm -ivh libdbi-drivers-0.8.3-5.1.el6.x86_64.rpm

    rpm -ivh libdbi-dbd-mysql-0.8.3-5.1.el6.x86_64.rpm

    

 

3. 进入/usr/local/ldap/cyrus目录,安装cyrus依赖库,如果存在老版本,rpm -e卸载或rpm -Uvh升级老版本

    rpm -ivh cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64.rpm

    rpm -ivh cyrus-sasl-2.1.23-15.el6_6.2.x86_64.rpm

    rpm -ivh cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64.rpm

    rpm -ivh cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64.rpm

    

 

4. 进入/usr/local/ldap/unixODBC目录,安装unixODBC和依赖库libtool-ltdl

    rpm -ivh libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm

    rpm -ivh unixODBC-2.2.14-14.el6.x86_64.rpm

    rpm -ivh unixODBC-devel-2.2.14-14.el6.x86_64.rpm

    

 

5. 进入/usr/local/ldap/mysql,安装mysql,如果存在老版本,rpm -e卸载或rpm -Uvh升级老版本

    rpm -ivh mysql-libs-5.1.73-8.el6_8.x86_64.rpm

    rpm -ivh perl-DBD-MySQL-4.013-3.el6.x86_64.rpm

    rpm -ivh mysql-5.1.73-8.el6_8.x86_64.rpm

    rpm -ivh mysql-server-5.1.73-8.el6_8.x86_64.rpm

    rpm -ivh mysql-connector-odbc-5.1.5r1144-7.el6.x86_64.rpm

    

 

6. 操作mysql,准备数据

    1. 启动mysql

        service mysql start

    2. 设置mysql密码

        mysql_secure_installation

    3. 登录mysql

        mysql -uroot -p密码

    4. 创建用户,创建数据库ldap,赋权

        CREATE USER linying@localhost IDENTIFIED BY '123456';

        CREATE DATABASE IF NOT EXISTS ldap;

        GRANT ALL PRIVILEGES ON ldap.* TO 'linying'@'localhost' identified by '123456';

        GRANT ALL PRIVILEGES ON ldap.* TO 'linying'@'127.0.0.1' identified by '123456';

        GRANT ALL PRIVILEGES ON *.* TO 'linying'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;

        FLUSH PRIVILEGES;

    5. 导入表和测试数据

        source /usr/local/ldap/ldap.sql

    6. 导入库

        cd /usr/share/doc/openldap-servers-sql-2.4.40/rdbms_depend/mysql

        mysql -ulinying -p123456 ldap< backsql_create.sql

        mysql -ulinying -p123456 ldap< testdb_create.sql

        mysql -ulinying -p123456 ldap< testdb_data.sql

        mysql -ulinying -p123456 ldap< testdb_metadata.sql

 

7. 配置/etc/odbc.ini和/etc/odbcinst.ini文件

        odbc.ini

        

        odbcinst.ini(没有修改,默认配置)

        

8.  测试连接:isql -v ldap

     

        

9. 进入/usr/local/ldap/openldap,安装openldap,如果存在openldap老版本先卸载

    rpm -ivh openldap-2.4.40-16.el6.x86_64.rpm

    rpm -ivh pam_ldap-185-11.el6.x86_64.rpm

    rpm -ivh openldap-devel-2.4.40-16.el6.x86_64.rpm

    rpm -ivh openldap-servers-2.4.40-16.el6.x86_64.rpm

    rpm -ivh openldap-servers-sql-2.4.40-16.el6.x86_64.rpm

    rpm -ivh openldap-clients-2.4.40-16.el6.x86_64.rpm

    

 

10.配置openldap

    1. 设置openldap密码

        slappasswd

        {SSHA}rJ3sVQ8nJ3Mp5an0UeSm2sTb4XWE3r6J

    2.将配置模版拷贝到执行目录

        cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

        cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    3.配置vi /etc/openldap/slapd.conf

        #

        # See slapd.conf(5) for details on configuration options.

        # This file should NOT be world readable.

        #

        

        include  /etc/openldap/schema/corba.schema

        include  /etc/openldap/schema/core.schema

        include  /etc/openldap/schema/cosine.schema

        include  /etc/openldap/schema/duaconf.schema

        include  /etc/openldap/schema/dyngroup.schema

        include  /etc/openldap/schema/inetorgperson.schema

        include  /etc/openldap/schema/java.schema

        include  /etc/openldap/schema/misc.schema

        include  /etc/openldap/schema/nis.schema

        include  /etc/openldap/schema/openldap.schema

        include  /etc/openldap/schema/ppolicy.schema

        include  /etc/openldap/schema/collective.schema

        

        # Allow LDAPv2 client connections.  This is NOT the default.

        allow bind_v2

        

        # Do not enable referrals until AFTER you have a working directory

        # service AND an understanding of referrals.

        #referral ldap://root.openldap.org

        

        pidfile  /var/run/openldap/slapd.pid

        argsfile /var/run/openldap/slapd.args

        

        # Load dynamic backend modules

        # - modulepath is architecture dependent value (32/64-bit system)

        # - back_sql.la overlay requires openldap-server-sql package

        # - dyngroup.la and dynlist.la cannot be used at the same time

        

        # modulepath /usr/lib/openldap

        # modulepath /usr/lib64/openldap

        

        modulepath /usr/lib64/openldap

        moduleload back_sql

        

        # moduleload accesslog.la

        # moduleload auditlog.la

        # moduleload back_sql.la

        # moduleload chain.la

        # moduleload collect.la

        # moduleload constraint.la

        # moduleload dds.la

        # moduleload deref.la

        # moduleload dyngroup.la

        # moduleload dynlist.la

        # moduleload memberof.la

        # moduleload pbind.la

        # moduleload pcache.la

        # moduleload ppolicy.la

        # moduleload refint.la

        # moduleload retcode.la

        # moduleload rwm.la

        # moduleload seqmod.la

        # moduleload smbk5pwd.la

        # moduleload sssvlv.la

        # moduleload syncprov.la

        # moduleload translucent.la

        # moduleload unique.la

        # moduleload valsort.la

        

        # The next three lines allow use of TLS for encrypting connections using a

        # dummy test certificate which you can generate by running

        # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk

        # at self-signed certificates, however.

        TLSCACertificatePath /etc/openldap/certs

        TLSCertificateFile "\"OpenLDAP Server\""

        TLSCertificateKeyFile /etc/openldap/certs/password

        

        # Sample security restrictions

        # Require integrity protection (prevent hijacking)

        # Require 112-bit (3DES or better) encryption for updates

        # Require 63-bit encryption for simple bind

        # security ssf=1 update_ssf=112 simple_bind=64

        

        # Sample access control policy:

        # Root DSE: allow anyone to read it

        # Subschema (sub)entry DSE: allow anyone to read it

        # Other DSEs:

        #  Allow self write access

        #  Allow authenticated users read access

        #  Allow anonymous users to authenticate

        # Directives needed to implement policy:

        # access to dn.base="" by * read

        # access to dn.base="cn=Subschema" by * read

        # access to *

        # by self write

        # by users read

        # by anonymous auth

        #

        # if no access controls are present, the default policy

        # allows anyone and everyone to read anything but restricts

        # updates to rootdn.  (e.g., "access to * by * read")

        #

        # rootdn can always read and write EVERYTHING!

        

        # enable on-the-fly configuration (cn=config)

        database config

        access to *

         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage

         by * none

        

        # enable server status monitoring (cn=monitor)

        database monitor

        access to *

         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read

                by dn.exact="cn=Directory Manager,o=h3gat" write

                by * none

        

        #######################################################################

        # database definitions

        #######################################################################

        

        database sql

        suffix  "o=h3gat"

        rootdn  "cn=Directory Manager,o=h3gat"

        rootpw  {SSHA}rJ3sVQ8nJ3Mp5an0UeSm2sTb4XWE3r6J

        dbname          ldap

        dbuser          linying

        dbpasswd        123456

        subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"

        insentry_stmt   "INSERT INTO ldap_entries(dn, oc_map_id, parent, keyval) VALUES(?, ?, ?, ?)"

        has_ldapinfo_dn_ru no

        

        

        # The database directory MUST exist prior to running slapd AND 

        # should only be accessible by the slapd and slap tools.

        # Mode 700 recommended.

        #directory /var/lib/ldap

        

        # Indices to maintain for this database

        #index objectClass                       eq,pres

        #index ou,cn,mail,surname,givenname      eq,pres,sub

        #index uidNumber,gidNumber,loginShell    eq,pres

        #index uid,memberUid                     eq,pres,sub

        #index nisMapName,nisMapEntry            eq,pres,sub

        

        # Replicas of this database

        #replogfile /var/lib/ldap/openldap-master-replog

        #replica host=ldap-1.example.com:389 starttls=critical

        #     bindmethod=sasl saslmech=GSSAPI

        #     authcId=host/ldap-master.example.com@EXAMPLE.COM

    4. 删除默认配置文件,赋权,重新生成新配置文件       

        rm -rf /etc/openldap/slapd.d/*

        chown -R ldap:ldap /var/lib/ldap/

        chown -R ldap:ldap /etc/openldap/

        slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

    5. 赋权,启动openldap

        chown -R ldap.ldap /etc/openldap/slapd.d/*

        service slapd start

        

    6. 停止openldap,查看mysql连接

        service slapd stop

        slapd -d 1

        

 

注:安装中请注意版本,尽量与我版本一致,rpm包在文件栏中。

posted @ 2017-08-08 17:36  呱哇  阅读(983)  评论(0编辑  收藏  举报