如何建立 OpenLDAP server
如何建立 OpenLDAP server
LDAP 全名是 Lightweight Directory Access Protocol, 是一種目錄訪問協議, 在TCP/IP之上定義了一個相對簡單的升級和搜索目錄的協議。. 常見的用途有電話薄, 登入服務, 域名服務等. LDAP
今次所介紹的是 OpenLDAP 服務器的安裝方法
先安裝服務器所需軟件
sudo apt-get install slapd ldap-utils
重新設定 openldap 軟件
Dpkg-reconfigure slapd
- omit openldap server configuration? no
- dns domain name? example.com
- organization name? yourCompany
- database backend to use? bdb
- do you want the database to be removed when slapd is purged? yes
- may be the question: move old database? yes
- administrator password? <your password>
- confirm password? <your password>
- allow LDAPv2 protocol? no
如果需要手動修改 slapd.conf, 可到 /etc/ldap/slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
#
# Features to permit
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
“/etc/ldap/slapd.conf” 139 lines, 4760 characters
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu’s that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# ‘backend’ directive occurs
backend bdb
#######################################################################
# Specific Backend Directives for ‘other’:
# Backend specific directives apply to this backend until another
# ‘backend’ directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# ‘database’ directive occurs
database bdb
# The base of your directory in database #1
suffix “dc=example,dc=com”
修改 /etc/ldap/ldap.conf (示範如下)
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=example,dc=com
URI ldap://localhost:389
SIZELIMIT 12
TIMELIMIT 15
DEREF never
開始 slapd 服務器
/etc/init.d/slapd restart
測試
netstat -lvt | grep ldap
tcp 0 0 *:ldap *:* LISTEN
tcp6 0 0 [::]:ldap [::]:* LISTEN
其實 OpenLDAP 服務器的安裝方法並不複雜. 困難反而在於 client 客戶端的設定之上. 下篇文章, 將會介紹如何用 LDAP 設置 Linux 上的使用者登入系統.
About this entry
You’re currently reading “如何建立 OpenLDAP server,” an entry on keithyau
- Published:
- March 6, 2009 / 4:58 pm
- Category:
- Uncategorized
- Tags:
- Availability, cost reduction, 監察系統, ldap, login, openldap, server, system management, tutorial, 可靠性, 中小企
No comments yet
Jump to comment form | comments rss [?] | trackback uri [?]