Ubuntu 14 Open Ldap Add Root

在ubuntu openldap中新建root dit

Ubuntu使用ldif文件代替conf文件配置sldap，所以没有sldap.conf，要想新建一个域，需要新建一个database然后添加DN

数据库配置模板：

dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/foo.bar
olcSuffix: dc=devit,dc=cn
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
 s auth by dn="cn=admin,dc=foo,dc=bar" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=foo,dc=bar" write by
  * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=foo,dc=bar
olcRootPW:: e1NTSEF9UXpjR2V3M2dnUVkwd21zV2xoaVQ0WkprSUNCWFgyUjM=
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq

执行，以创建数据库

ldapadd -Q -Y EXTERNAL -H ldapi:// -f 1.ldif
mkdir：sudo -u openldap mkdir /var/lib/ldap/foo.bar
cp config： sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/foo.bar/
vim /etc/apparmor.d/local/usr.sbin.slapd
/var/lib/ldap/foo.bar/ r,
/var/lib/ldap/foo.bar/** rwk,

service apparmor reload
service sldap restart

vim 2.ldif

# Create top-level object in domain
dn: dc=devit,dc=cn
objectClass: top
objectClass: dcObject
objectclass: organization
o: Example Organization
dc: devit
description: LDAP Example

# Admin user.
dn: cn=admin,dc=devit,dc=cn
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: 1234

#ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif


ldapadd -x -D cn=admin,dc=foo,dc=bar -W -f 2.ldif