LDAP 全名是 Lightweight Directory Access Protocol, 是一種目錄訪問協議, 在TCP/IP之上定義了一個相對簡單的升級和搜索目錄的協議。. 常見的用途有電話薄, 登入服務, 域名服務等. LDAP
今次所介紹的是 OpenLDAP 服務器的安裝方法
先安裝服務器所需軟件
sudo apt-get install slapd ldap-utils
重新設定 openldap 軟件
Dpkg-reconfigure slapd
omit openldap server configuration? no
dns domain name? example.com
organization name? yourCompany
database backend to use? bdb
do you want the database to be removed when slapd is purged? yes
may be the question: move old database? yes
administrator password?
confirm password?
allow LDAPv2 protocol? no
如果需要手動修改 slapd.conf, 可到 /etc/ldap/slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
#
# Features to permit
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
“/etc/ldap/slapd.conf” 139 lines, 4760 characters
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu’s that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# ‘backend’ directive occurs
backend bdb
#######################################################################
# Specific Backend Directives for ‘other’:
# Backend specific directives apply to this backend until another
# ‘backend’ directive occurs
#backend
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# ‘database’ directive occurs
database bdb
# The base of your directory in database #1
suffix “dc=example,dc=com”
修改 /etc/ldap/ldap.conf (示範如下)
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=example,dc=com
URI ldap://localhost:389
SIZELIMIT 12
TIMELIMIT 15
DEREF never
開始 slapd 服務器
/etc/init.d/slapd restart
測試
netstat -lvt | grep ldap
tcp 0 0 *:ldap *:* LISTEN
tcp6 0 0 [::]:ldap [::]:* LISTEN
其實 OpenLDAP 服務器的安裝方法並不複雜. 困難反而在於 client 客戶端的設定之上. 下篇文章, 將會介紹如何用 LDAP 設置 Linux 上的使用者登入系統.
沒有留言:
張貼留言