LDAP Server

今天终于把LDAP Server安装起来了,以前做过很久都没有运行起来,今天不知怎么来了精神,没有几下就搞定了,:)

随后再贴出来安装步骤,其实很简单的,主要是增加记录那一块,还有slapd.conf的配置,其它问题都不大(装好了才这样说,也许这是一个坎,过去就是光明大道,过不去就是黑暗无边的世界),dc是最多支持五级域名,这是一个重点.

[root@mail openldap]# cat ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38
kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
HOST 172.*.*.1
BASE dc=cn-gd,dc=umec,dc=com
#BASE o=cn-gd.umec.com

[root@mail openldap]# cat slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile     /var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

#
# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
#
# Sample Access Control
#       Allow read access of root DSE
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default is:
#       Allow read by all
#
# rootdn can always write!

access to attr=userPassword
by self write
by anonymous auth
access to attr=mail
by dn="cn=Manager,dc=cn-gd,dc=umec,dc=com" write mail
by self write
by anonymous auth
access to dn=".*,dc=cn-gd,dc=umec,dc=com"
by self write
by * read
#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=cn-gd,dc=umec,dc=com"
#suffix         "o=My Organization Name,c=US"
#suffix         "o=cn-gd.umec.com"
rootdn          "cn=Manager,dc=cn-gd,dc=umec,dc=com,"
#rootdn         "cn=Manager,o=My Organization Name,c=US"
#rootdn         "cn=Manager,o=cn-gd.umec.com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
#rootpw         {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap
# Indices to maintain
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial

umec.ldif

dn: dc=cn-gd,dc=umec,dc=com
dc: umec
objectClass: dcObject
objectClass: organization
o: UMEC CO., LTD

dn: uid=wht, dc=cn-gd,dc=umec,dc=com
shadowMin: -1
givenName: w
sn: ht
userPassword:: e1NTSEF9Vm5JRnF1cTFES1g4a21QOW5RdG9zaXNHTEYxUWQ=
loginShell: /bin/bash
uidNumber: 642
gidNumber: 12
shadowFlag: 0
shadowExpire: -1
shadowMax: 999999
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
uid: wht
cn: wht
shadowInactive: -1
homeDirectory: /home/wht
shadowWarning: 7

dn: cn=Wang Haitao, dc=cn-gd,dc=umec,dc=com
givenName: Wang
street:: w6XCr8K2w6XCrsKJw6XCjcKAw6fCpsKPw6bCsMK4w6nCjsKuw6XCkMKMw6XCr8KMw6jC
sn: Haitao
telephoneNumber: 1114
l:: w6bCt8Kxw6XCnMKzw6XCuMKC
mail: [email protected]
facsimileTelephoneNumber: 27588888
objectClass: top
objectClass: inetOrgPerson
postalCode: 518200
cn: Wang Haitao

阅读(1089) | 评论(6) | 转发(0) |
0

上一篇:史上最黑的车站:驻马店车站

下一篇:深圳这天气

相关热门文章
  • linux 常见服务端口
  • 【ROOTFS搭建】busybox的httpd...
  • 什么是shell
  • linux socket的bug??
  • linux的线程是否受到了保护?...
  • IBM DS3400 盘阵怎么查看是单...
  • 启动auditd时,报错如下,怎么...
  • CGSL系统中root密码正确,但无...
  • 在CGSL系统中,如何为不同的用...
  • CGSL系统如何设置交换分区的大...
给主人留下些什么吧!~~

匿名网友2005-02-25 16:24:14

ldapdelete -x -D 'cn=Manager,dc=cn-gd,dc=umec,dc=com,dc=tw' -W 'cn=wht,dc=cn-gd,dc=umec,dc=com,dc=tw'

回复 | 举报

匿名网友2005-02-25 16:24:14

ldapdelete -x -D 'cn=Manager,dc=cn-gd,dc=umec,dc=com,dc=tw' -W 'cn=wht,dc=cn-gd,dc=umec,dc=com,dc=tw'

回复 | 举报

匿名网友2005-02-24 16:21:35

http://www.pogolinux.com.cn/forum/archive/index.php/t-27 http://www.ringkee.com/jims/technic_folder/linux/open?page=openldap.htm

回复 | 举报

匿名网友2005-02-24 16:21:35

http://www.pogolinux.com.cn/forum/archive/index.php/t-27 http://www.ringkee.com/jims/technic_folder/linux/open?page=openldap.htm

回复 | 举报

匿名网友2005-02-24 16:19:31

ldapadd -x -D "cn=Manager,dc=cn-gd,dc=umec,dc=com" -w secret -f umec.ldif ldappasswd -x -D "cn=Manager,dc=cn-gd,dc=umec,dc=com" -W 'uid=wht,dc=cn-gd,dc=umec,dc=com,dc=tw' -S ldapsearch -x -b 'dc=cn-gd,dc=umec,dc=com' '(objectclass=*)'

回复 | 举报
  • 1
  • 2
  • 末页
评论热议

你可能感兴趣的:(LINUX)