LDAP安装及配置
本文以openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup为例。
Step1 、下载安装包
openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
Step2 、添加schema
在LDAP的安装目录下找到文件slapd.conf
include ./schema/core.schema
include ./schema/corba.schema
include ./schema/cosine.schema
include ./schema/dyngroup.schema
include ./schema/inetorgperson.schema
include ./schema/java.schema
include ./schema/misc.schema
include ./schema/nis.schema
include ./schema/openldap.schema
用户可以根据需要添加自定义的schema,如:
include ./schema/localperson.schema
localperson.schema文件代码如下:
attributetype ( 2.16.840.1.113730.3.1.930
NAME 'userType'
DESC 'normalperson,doctor,citizen'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.931
NAME 'idType'
DESC 'person id cardtype'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.932
NAME 'idNumber'
DESC 'person id cardnumber'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (2.16.840.1.113730.3.1.933
NAME 'age'
DESC 'person age'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.934
NAME 'sex'
DESC 'person id cardnumber'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.935
NAME 'userRole'
DESC 'user role '
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.936
NAME 'firstLogin'
DESC 'whether firstlogin flag '
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.937
NAME'securityQuestion'
DESC 'SecurityQuestion'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.938
NAME'securityAnswer'
DESC 'SecurityAnswer'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
# inetOrgPerson
# The inetOrgPerson represents people who are associatedwith an
# organization in some way. It is a structural class and is derived
objectclass (111111.3.2.8
NAME 'localPerson'
DESC'Local py Person attributes'
SUP person
STRUCTURAL
MAY (
uid$ userType $ idType $ idNumber $ age $ sex $
title$ postalAddress $ postalCode $ displayName $
mail $ mobile $ userRole$firstLogin $ securityQuestion $ securityAnswer)
)
Step3、添加根目录
在LDAP根目录找到文件slapd.conf 找到database bdb,添加
suffix "ou=citizen,dc=tcs,dc=com"
rootdn "cn=Manager,ou=citizen,dc=tcs,dc=com"注释掉以前的类似定义。
管理员默认密码为secret。
Step4、启动LDAP数据库
进入LDAP根目录,执行命令,如图:
出现则表示启动成功。
Step5、自定义一条目录数据
新建文件如test.ldif,内容如下:
dn:ou=citizen,dc=tcs,dc=com
objectClass:top
objectClass:organizationalUnit
ou:citizen
dn:cn=440126195201052717,ou=citizen,dc=tcs,dc=com
age:60
cn:440126195201052717
displayName:5L2V5YmR5p2D
idNumber:440126195201052717
idType:6Lqr5Lu96K+B
mail:[email protected]
objectClass:person
objectClass:localPerson
postalAddress:汉中路
sex:Male
sn:440126195201052717
uid:440126195201052717
userPassword:052717
userType:1
step6、导入数据
进入LDAP根目录,执行如图命令:
出现addingnew entry ” cn =XXX ,ou=yyy,XXXXXXX” 等 即表示执行成功。
Step7、连接LDAP数据库
1、 打开LDAPAdmin客户端,如图:
2、 创建新的连接,如图:
3、 连接成功,如图:
附、修改自定义的schema
1、打开自定义文件
如localperson.schema。
2、添加字段
如:attributetype( 2.16.840.1.113730.3.1.937
NAME'securityQuestion'
DESC 'SecurityQuestion'
EQUALITYcaseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 2.16.840.1.113730.3.1.938
NAME'securityAnswer'
DESC 'SecurityAnswer'
EQUALITYcaseIgnoreMatch
SYNTAX1.3.6.1.4.1.1466.115.121.1.15 )
3、配置字段
在objectclass中配置如$securityQuestion $ securityAnswer
4、重启LDAP
5、修改Bean,添加对应字段
如:
private String securityQuestion;
/**
* 新增安全问题答案字段
*/
privateString securityAnswer;
并添加对应的getter和setter方法。
6、修改对应接口
如:
context.setAttributeValue("securityQuestion",person.getSecurityQuestion());
context.setAttributeValue("securityAnswer",person.getSecurityAnswer());