1.安装:
1 sudo apt-get install slapd ldap-utils
2.配置:
1)
1 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif 2 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif 3 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
测试可以省略这三条
2)
1 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif
输出:
1 SASL/EXTERNAL authentication started 2 SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 3 SASL SSF: 0 4 adding new entry "cn=module,cn=config" 5 6 adding new entry "olcDatabase=hdb,cn=config"
3)
1 sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif
输出:
1 Enter LDAP Password: 2 adding new entry "dc=example,dc=com" 3 4 adding new entry "cn=admin,dc=example,dc=com" 5 6 adding new entry "ou=people,dc=example,dc=com" 7 8 adding new entry "ou=groups,dc=example,dc=com" 9 10 adding new entry "uid=john,ou=people,dc=example,dc=com" 11 12 adding new entry "cn=example,ou=groups,dc=example,dc=com"
4)
1 ldapsearch -xLLL -b "dc=example,dc=com" uid=john sn givenName cn
输出:
1 dn: uid=john,ou=people,dc=example,dc=com 2 sn: Doe 3 givenName: John 4 cn: John Doe
3.附录:
backend.example.com.ldif
1 # Load dynamic backend modules 2 dn: cn=module,cn=config 3 objectClass: olcModuleList 4 cn: module 5 olcModulepath: /usr/lib/ldap 6 olcModuleload: back_hdb.la 7 8 # Database settings 9 dn: olcDatabase=hdb,cn=config 10 objectClass: olcDatabaseConfig 11 objectClass: olcHdbConfig 12 olcDatabase: {1}hdb 13 olcSuffix: dc=example,dc=com 14 olcDbDirectory: /var/lib/ldap 15 olcRootDN: cn=admin,dc=example,dc=com 16 olcRootPW: secret 17 olcDbConfig: set_cachesize 0 2097152 0 18 olcDbConfig: set_lk_max_objects 1500 19 olcDbConfig: set_lk_max_locks 1500 20 olcDbConfig: set_lk_max_lockers 1500 21 olcDbIndex: objectClass eq 22 olcLastMod: TRUE 23 olcDbCheckpoint: 512 30 24 olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none 25 olcAccess: to attrs=shadowLastChange by self write by * read 26 olcAccess: to dn.base="" by * read 27 olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
frontend.example.com.ldif
1 # Create top-level object in domain 2 dn: dc=example,dc=com 3 objectClass: top 4 objectClass: dcObject 5 objectclass: organization 6 o: Example Organization 7 dc: Example 8 description: LDAP Example 9 10 # Admin user. 11 dn: cn=admin,dc=example,dc=com 12 objectClass: simpleSecurityObject 13 objectClass: organizationalRole 14 cn: admin 15 description: LDAP administrator 16 userPassword: secret 17 18 dn: ou=people,dc=example,dc=com 19 objectClass: organizationalUnit 20 ou: people 21 22 dn: ou=groups,dc=example,dc=com 23 objectClass: organizationalUnit 24 ou: groups 25 26 dn: uid=john,ou=people,dc=example,dc=com 27 objectClass: inetOrgPerson 28 objectClass: posixAccount 29 objectClass: shadowAccount 30 uid: john 31 sn: Doe 32 givenName: John 33 cn: John Doe 34 displayName: John Doe 35 uidNumber: 1000 36 gidNumber: 10000 37 userPassword: password 38 gecos: John Doe 39 loginShell: /bin/bash 40 homeDirectory: /home/john 41 shadowExpire: -1 42 shadowFlag: 0 43 shadowWarning: 7 44 shadowMin: 8 45 shadowMax: 999999 46 shadowLastChange: 10877 47 mail: john.doe@example.com 48 postalCode: 31000 49 l: Toulouse 50 o: Example 51 mobile: +33 (0)6 xx xx xx xx 52 homePhone: +33 (0)5 xx xx xx xx 53 title: System Administrator 54 postalAddress: 55 initials: JD 56 57 dn: cn=example,ou=groups,dc=example,dc=com 58 objectClass: posixGroup 59 cn: example 60 gidNumber: 10000
4.参考文档:
OpenLDAP Server
https://help.ubuntu.com/10.04/serverguide/openldap-server.html
