官方网址:http://www.openldap.org/
RPM 包下载地址:https://rpmfind.net/linux/centos/7.5.1804/os/x86_64/Packages/openldap-servers-2.4.44-13.el7.x86_64.rpm
源码包下载地址:http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.46.tgz
系统环境
[root@openldap ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@openldap ~]# uname -r 3.10.0-514.el7.x86_64 [root@openldap ~]# ip add 1: lo:mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:a5:6b:07 brd ff:ff:ff:ff:ff:ff inet 172.16.216.164/24 brd 172.16.216.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fea5:6b07/64 scope link valid_lft forever preferred_lft forever
一、yum 方式安装
[root@openldap ~]# yum install openldap-servers openldap-clients [root@openldap ~]# rpm -ql openldap-servers /usr/share/openldap-servers/DB_CONFIG.example /usr/share/openldap-servers/slapd.ldif [root@openldap ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@openldap ~]# chown -R ldap.ldap /var/lib/ldap [root@openldap ~]# systemctl restart slapd [root@openldap ~]# ps -ef |grep slapd |grep -v grep ldap 2077 1 0 15:37 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:/// ldap:/// [root@openldap ~]# netstat -tulnp |grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2077/slapd tcp6 0 0 :::389 :::* LISTEN 2077/slapd [root@openldap ~]# cd /etc/openldap/ [root@openldap openldap]# ls certs check_password.conf ldap.conf schema slapd.d [root@openldap openldap]# cd slapd.d/ [root@openldap slapd.d]# ls cn=config cn=config.ldif [root@openldap slapd.d]# cd cn\=config/ [root@openldap cn=config]# ls cn=schema olcDatabase={0}config.ldif olcDatabase={1}monitor.ldif cn=schema.ldif olcDatabase={-1}frontend.ldif olcDatabase={2}hdb.ldif
二、源码的方式安装
编译安装 Berkeley DB
下载地址:http://download.oracle.com/otn/berkeley-db/db-5.3.28.tar.gz
[root@openldap software]# yum install libtool-ltdl libtool-ltdl-devel gcc openssl openssl-devel -y [root@openldap software]# tar xf db-5.3.28.tar.gz [root@openldap software]# cd db-5.3.28/ [root@openldap db-5.3.28]# ls build_android build_vxworks build_windows docs lang README test build_unix build_wince dist examples LICENSE src util [root@openldap db-5.3.28]# cd build_unix [root@openldap build_unix]# ../dist/configure --prefix=/usr/local/db_5.3.28 ...... checking for growing a file under an mmap region... yes configure: creating ./config.status config.status: creating Makefile config.status: creating db_cxx.h config.status: creating db_int.h config.status: creating clib_port.h config.status: creating include.tcl config.status: creating db.h config.status: creating db_config.h config.status: executing libtool commands [root@openldap build_unix]# make [root@openldap build_unix]# make install [root@openldap build_unix]# cd /usr/local/db_5.3.28/ [root@openldap db_5.3.28]# ls bin docs include lib [root@openldap db_5.3.28]# ls include/ db_cxx.h db.h [root@openldap db_5.3.28]# ls bin/ db_archive db_deadlock db_hotbackup db_log_verify db_recover db_stat db_upgrade db_checkpoint db_dump db_load db_printlog db_replicate db_tuner db_verify
编译安装 OpenLDAP
[root@openldap software]# tar xf openldap-2.4.46.tgz [root@openldap software]# cd openldap-2.4.46/ [root@openldap openldap-2.4.46]# ./configure CPPFLAGS="-I/usr/local/db_5.3.28/include" LDFLAGS="-L/usr/local/db_5.3.28/lib -Wl,-rpath,/usr/local/db_5.3.28/lib" --prefix=/usr/local/openldap.2.4.46 或 [root@openldap openldap-2.4.46]# vim /etc/profile export CPPFLAGS="-I/usr/local/db_5.3.28/include" export LDFLAGS="-L/usr/local/db_5.3.28/lib -Wl,-rpath,/usr/local/db_5.3.28/lib" [root@openldap openldap-2.4.46]# source /etc/profile [root@openldap openldap-2.4.46]# ./configure --prefix=/usr/local/openldap.2.4.46 ...... Making servers/slapd/backends.c Add config ... Add ldif ... Add monitor ... Add bdb ... Add hdb ... Add mdb ... Add relay ... Making servers/slapd/overlays/statover.c Add syncprov ... Please run "make depend" to build dependencies [root@openldap openldap-2.4.46]# make ...... done make[3]: 离开目录“/opt/software/openldap-2.4.46/doc/man/man8” make[2]: 离开目录“/opt/software/openldap-2.4.46/doc/man” make[1]: 离开目录“/opt/software/openldap-2.4.46/doc” [root@openldap openldap-2.4.46]# make install ...... done installing slapacl.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapadd.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapauth.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapcat.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapd.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapdn.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapindex.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slappasswd.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slapschema.8 in /usr/local/openldap.2.4.46/share/man/man8 installing slaptest.8 in /usr/local/openldap.2.4.46/share/man/man8 make[3]: 离开目录“/opt/software/openldap-2.4.46/doc/man/man8” make[2]: 离开目录“/opt/software/openldap-2.4.46/doc/man” make[1]: 离开目录“/opt/software/openldap-2.4.46/doc” [root@openldap openldap-2.4.46]# cd /usr/local/openldap.2.4.46/ [root@openldap openldap.2.4.46]# ls bin etc include lib libexec sbin share var [root@openldap openldap.2.4.46]# ls bin/ ldapadd ldapcompare ldapdelete ldapexop ldapmodify ldapmodrdn ldappasswd ldapsearch ldapurl ldapwhoami [root@openldap openldap.2.4.46]# ls sbin/ slapacl slapadd slapauth slapcat slapdn slapindex slappasswd slapschema slaptest [root@openldap openldap.2.4.46]# ls etc/ openldap [root@openldap openldap.2.4.46]# ls etc/openldap/ DB_CONFIG.example ldap.conf ldap.conf.default schema slapd.conf slapd.conf.default slapd.ldif slapd.ldif.default [root@openldap openldap.2.4.46]# ls etc/openldap/schema/ collective.ldif core.ldif duaconf.ldif inetorgperson.ldif misc.ldif openldap.ldif ppolicy.ldif collective.schema core.schema duaconf.schema inetorgperson.schema misc.schema openldap.schema ppolicy.schema corba.ldif cosine.ldif dyngroup.ldif java.ldif nis.ldif pmi.ldif README corba.schema cosine.schema dyngroup.schema java.schema nis.schema pmi.schema [root@openldap openldap.2.4.46]# ls lib/ liblber-2.4.so.2 liblber.la libldap-2.4.so.2.10.9 libldap_r-2.4.so.2 libldap_r.la liblber-2.4.so.2.10.9 liblber.so libldap.a libldap_r-2.4.so.2.10.9 libldap_r.so liblber.a libldap-2.4.so.2 libldap.la libldap_r.a libldap.so [root@openldap openldap.2.4.46]# ls libexec/ slapd [root@openldap openldap.2.4.46]# ls var/ openldap-data run [root@openldap openldap.2.4.46]# ls var/openldap-data/ DB_CONFIG.example [root@openldap openldap.2.4.46]# mv var/openldap-data/DB_CONFIG.example var/openldap-data/DB_CONFIG [root@openldap openldap.2.4.46]# mv etc/openldap/DB_CONFIG.example etc/openldap/DB_CONFIG [root@openldap ~]# vim /etc/profile export PATH="/usr/local/openldap.2.4.46/sbin:/usr/local/openldap.2.4.46/bin:$PATH" [root@openldap sbin]# . /etc/profile [root@openldap openldap.2.4.46]# cd libexec/ [root@openldap libexec]# ./slapd [root@openldap ~]# ps -ef |grep slapd |grep -v grep root 123115 1 0 16:58 ? 00:00:00 ./slapd [root@openldap ~]# netstat -tulnp |grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 123115/./slapd tcp6 0 0 :::389 :::* LISTEN 123115/./slapd
三、OpenLDAP+OpenSSL 的安装
[root@openldap ~]# cd /opt/software/openldap-2.4.46 [root@openldap ldapBrowser]# yum install libicu-devel* cyrus-sasl* [root@openldap openldap-2.4.46]# ./configure --with-tls=openssl CPPFLAGS="-I/usr/local/db_5.3.28/include" LDFLAGS="-L/usr/local/db_5.3.28/lib -Wl,-rpath,/usr/local/db_5.3.28/lib" --prefix=/usr/local/openldap.2.4.46 |grep openssl checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes [root@openldap openldap-2.4.46]# make && make install [root@openldap libexec]# ./slapd -h "ldap:/// ldaps:///" -d 1 ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /usr/local/openldap.2.4.46/etc/openldap/ldap.conf ldap_init: using /usr/local/openldap.2.4.46/etc/openldap/ldap.conf ldap_init: HOME env is /root ldap_init: trying /root/ldaprc ldap_init: trying /root/.ldaprc ldap_init: trying ldaprc ldap_init: LDAPCONF env is NULL ldap_init: LDAPRC env is NULL 5b4d6e18 @(#) $OpenLDAP: slapd 2.4.46 (Jul 17 2018 12:09:50) $ [email protected]:/opt/software/openldap-2.4.46/servers/slapd ldap_pvt_gethostbyname_a: host=openldap.jrgc.cn, r=0 5b4d6e18 daemon_init: listen on ldap:/// 5b4d6e18 daemon_init: listen on ldaps:/// 5b4d6e18 daemon_init: 2 listeners to open... ldap_url_parse_ext(ldap:///) 5b4d6e18 daemon: listener initialized ldap:/// ldap_url_parse_ext(ldaps:///) 5b4d6e18 daemon: listener initialized ldaps:/// 5b4d6e18 daemon_init: 4 listeners opened ldap_create 5b4d6e18 slapd init: initiated server. 5b4d6e18 bdb_back_initialize: initialize BDB backend 5b4d6e18 bdb_back_initialize: Berkeley DB 5.3.28: (September 9, 2013) 5b4d6e18 hdb_back_initialize: initialize HDB backend 5b4d6e18 hdb_back_initialize: Berkeley DB 5.3.28: (September 9, 2013) 5b4d6e18 mdb_back_initialize: initialize MDB backend 5b4d6e18 mdb_back_initialize: LMDB 0.9.22: (March 21, 2018) 5b4d6e18 mdb_db_init: Initializing mdb database 5b4d6e18 >>> dnPrettyNormal:5b4d6e18 <<< dnPrettyNormal: , 5b4d6e18 >>> dnPrettyNormal: 5b4d6e18 <<< dnPrettyNormal: , 5b4d6e18 >>> dnNormalize: 5b4d6e18 <<< dnNormalize: 5b4d6e18 matching_rule_use_init ......