ldapa安装包含windows与linux.docx
- 文档编号:8966691
- 上传时间:2023-05-16
- 格式:DOCX
- 页数:19
- 大小:218.24KB
ldapa安装包含windows与linux.docx
《ldapa安装包含windows与linux.docx》由会员分享,可在线阅读,更多相关《ldapa安装包含windows与linux.docx(19页珍藏版)》请在冰点文库上搜索。
ldapa安装包含windows与linux
Centos下安装LDAP
1.安装
检查ldap是否安装完整
[root@casrbac~]#rpm-qa|grepldap
openldap-devel-2.3.43-12.el5_6.7
openldap-servers-2.3.43-12.el5_6.7
openldap-servers-sql-2.3.43-12.el5_6.7
python-ldap-2.2.0-2.1
nss_ldap-253-5.el5
openldap-2.3.43-12.el5_6.7
ldapjdk-4.18-2jpp.3.el5
openldap-clients-2.3.43-12.el5_6.7
compat-openldap-2.3.43_2.2.29-12.el5_6.7
如缺少组件使用下面命令安装
[root@casrbac~]#yuminstallldapjdk-4.18-2jpp.3.el5
也可直接下载好RPM进行安装:
[root@casrbac~]#rpm-ivhopenldap-servers-2.3.27-8.i386.rpm
2.配置
安装完毕后,在/etc/openldap下有一个slapd.conf的配置文件,修改如下例所示
#
#Seeslapd.conf(5)fordetailsonconfigurationoptions.
#ThisfileshouldNOTbeworldreadable.
#
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/nis.schema
include/etc/openldap/schema/openldap.schema
include/etc/openldap/schema/eduperson.schema
include/etc/openldap/schema/xjtuldapres.schema
---此处添加完后需要将添加的schema文件复制到/etc/openldap/schema文件夹下
#AllowLDAPv2clientconnections.ThisisNOTthedefault.
…….
….
….
….
#accesstodn.base=""by*read
#accesstodn.base="cn=Subschema"by*read
accesstoattrs=userPassword
byselfwrite
byanonymousauth
by*none
accessto*
by*read
#
#ifnoaccesscontrolsarepresent,thedefaultpolicy
#allowsanyoneandeveryonetoreadanythingbutrestricts
#updatestorootdn.(e.g.,"accessto*by*read")
#
#rootdncanalwaysreadandwriteEVERYTHING!
#######################################################################
#ldbmand/orbdbdatabasedefinitions
#######################################################################
databasebdb
suffix"dc=e-u,dc=cn"-----------此处按配置需要修改
rootdn"cn=e-uadmin,dc=e-u,dc=cn"-----------此处按配置需要修改
#Cleartextpasswords,especiallyfortherootdn,should
#beavoided.Seeslappasswd(8)andslapd.conf(5)fordetails.
#Useofstrongauthenticationencouraged.
rootpwtest------------设置密码
#rootpw{crypt}ijFYNcSNctBYg
#ThedatabasedirectoryMUSTexistpriortorunningslapdAND
#shouldonlybeaccessiblebytheslapdandslaptools.
#Mode700recommended.
directory/var/lib/ldap
#Indicestomaintainforthisdatabase
cachesize5000
checkpoint10245
#indexobjectClass,uid,uidNumber,gidNumber,memberUideq
indexobjectClasseq
indexuidNumber,gidNumber,memberUideq
#indexuniqueMembereq
indexuideq,sub
indexcn,mail,surname,givennameeq,subinitial,subany
indexoueq
#Replicasofthisdatabase
#replogfile/var/lib/ldap/openldap-master-replog
#replicahost=ldap-:
389starttls=critical
#bindmethod=saslsaslmech=GSSAPI
#authcId=host/ldap-@EXAMPLE.COM
注:
红色字体处需要修改或注意
修改完毕后保存,启动服务
[root@thorroot]serviceldapstart
3.连接
在windows操作系统中可使用JXplorer工具进行ldap的连接,安装jxplorer后登陆设置如下
1.点击连接
2.输入登录信息
登陆信息参考slapd.conf文件配置:
登陆成功后显示
4.导入文档
1.创建编辑test.ldif如下
dn:
ou=groups,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
groups
dn:
ou=people,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
people
dn:
uid=admin,ou=people,dc=e-u,dc=cn
objectClass:
top
objectClass:
person
objectClass:
organizationalPerson
objectClass:
inetOrgPerson
objectClass:
eduPerson
objectClass:
xjtueduPerson
objectClass:
uidObject
cn:
admin
displayName:
:
5pWZ5Yqh566h55CG5ZGY
mail:
admin@e-
sn:
admin
uid:
admin
userPassword:
:
MTExMTEx
xjtuAccountcreatdate:
20100414031502Z
xjtuAccountdisabled:
FALSE
xjtuAccountexpiringdate:
29981231160000Z
xjtuAccountisadmin:
FALSE
xjtuAccountlastlogindate:
29981231160000Z
xjtuAccountlocked:
FALSE
xjtuCreator:
uid=testroot1,ou=people,dc=e-u,dc=cn
2.点击LDIF—输入文档
选择test.ldif打开,左边显示输入树
5.文档的导出
点击LDIF—输出子树
点击确定
填写文件名,保存
点击打开test.ldif文件查看
DN:
dc=e-u,dc=cn
objectClass:
dcObject
objectClass:
organization
dc:
e-u
o:
e-u
DN:
ou=groups,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
groups
DN:
ou=people,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
people
DN:
uid=admin,ou=people,dc=e-u,dc=cn
objectClass:
top
objectClass:
person
objectClass:
organizationalPerson
objectClass:
inetOrgPerson
objectClass:
eduPerson
objectClass:
xjtueduPerson
objectClass:
uidObject
cn:
admin
displayName:
:
5pWZ5Yqh566h55CG5ZGY
mail:
admin@e-
sn:
admin
uid:
admin
userPassword:
:
YWRtaW4=
xjtuAccountcreatdate:
20100414031502Z
xjtuAccountdisabled:
FALSE
xjtuAccountexpiringdate:
29981231160000Z
xjtuAccountisadmin:
FALSE
xjtuAccountlastlogindate:
29981231160000Z
xjtuAccountlocked:
FALSE
xjtuCreator:
uid=testroot1,ou=people,dc=e-u,dc=cn
此处需要注意,保存出来的文档,再导入分类时候必须注意内容是否重复,如红色字体
检查树中是否已经存在重复信息,如已经存在,则删除红色部分内容。
Windows下安装LDAP
6.安装
下载安装程序openldap-for-windows.msi双击打开
NEXT---设置安装文件目录-----一路NEXT后安装成功
7.配置
打开安装目录openldap下slapd.conf文件
#BDBBackendconfigurationfile
#Seeslapd.conf(5)fordetailsonconfigurationoptions.
#ThisfileshouldNOTbeworldreadable.
ucdata-path./ucdata
include./schema/core.schema
include./schema/cosine.schema
include./schema/nis.schema
include./schema/inetorgperson.schema
include./schema/openldap.schema
include./schema/dyngroup.schema
……
….
..
.
databasebdb
suffix"dc=e-u,dc=cn"-----------此处按配置需要修改
rootdn"cn=e-uadmin,dc=e-u,dc=cn"-----------此处按配置需要修改
#Cleartextpasswords,especiallyfortherootdn,should
#beavoid.Seeslappasswd(8)andslapd.conf(5)fordetails.
#Useofstrongauthenticationencouraged.
rootpw{SSHA}5a+wimiffOV2dx+o7GBl2ncsLfc1ySFF------------设置密码
#ThedatabasedirectoryMUSTexistpriortorunningslapdAND
#shouldonlybeaccessiblebytheslapdandslaptools.
#Mode700recommended.
directory./data
dirtyread
searchstack20
#Indicestomaintain
indexmailpres,eq
indexobjectclasspres
indexdefaulteq,sub
indexsneq,sub,subinitial
indextelephonenumber
indexcn
配置完成后slapd.exe启动openldap
8.连接
使用JXplorer工具进行ldap的连接,安装jxplorer后登陆设置如下
1.点击连接
2.输入登录信息
登陆信息参考slapd.conf文件配置:
登陆成功后显示
9.导入文档
1.创建编辑test.ldif如下
DN:
dc=e-u,dc=cn
objectClass:
dcObject
objectClass:
organization
dc:
e-u
o:
e-u
DN:
ou=groups,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
groups
DN:
ou=people,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
people
DN:
uid=admin,ou=people,dc=e-u,dc=cn
objectClass:
inetOrgPerson
cn:
admin
labeledURI:
http:
//asd.e-
mail:
admin@e-
sn:
admin
uid:
admin
userPassword:
:
MTIzNDY1
此处文档格式与LINUX下的导入文档格式不同需要注意
2.点击LDIF—输入文档
选择test.ldif打开,左边显示输入树
10.文档的导出
点击LDIF—输出子树
点击确定
填写文件名,保存
点击打开test.ldif文件查看
DN:
dc=e-u,dc=cn
objectClass:
dcObject
objectClass:
organization
dc:
e-u
o:
e-u
DN:
ou=groups,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
groups
DN:
ou=people,dc=e-u,dc=cn
objectClass:
organizationalUnit
objectClass:
top
ou:
people
DN:
uid=admin,ou=people,dc=e-u,dc=cn
objectClass:
inetOrgPerson
cn:
admin
labeledURI:
http:
//asd.e-
mail:
admin@e-
sn:
admin
uid:
admin
userPassword:
:
MTIzNDY1
此处需要注意,保存出来的文档,再导入分类时候必须注意内容是否重复,如红色字体
常见问题
11.问题一:
[root@station3/]#serviceldapstart
/var/lib/ldap/id2entry.bdbisnotownedby"ldap" [警告]
/var/lib/ldap/__db.002isnotownedby"ldap" [警告]
/var/lib/ldap/__db.001isnotownedby"ldap" [警告]
/var/lib/ldap/dn2id.bdbisnotownedby"ldap" [警告]
/var/lib/ldap/__db.005isnotownedby"ldap" [警告]
/var/lib/ldap/__db.006isnotownedby"ldap" [警告]
/var/lib/ldap/__db.003isnotownedby"ldap" [警告]
/var/lib/ldap/__db.004isnotownedby"ldap" [警告]
解决方法:
[root@station3/]#cd/var/lib/ldap#########进入目录下
[root@station3ldap]#chownldap:
ldap*
[root@station3/]#serviceldapstart
正在检查slapd的配置文件:
configfiletestingsucceeded [确定]
启动slapd:
[确定]
问题解决。
12.问题二:
[root@station3ldap]#serviceldapstart
正在检查slapd的配置文件:
bdb_db_open:
Warning-NoDB_CONFIGfilefoundindirectory/var/lib/ldap:
(2)
Expectpoorperformanceforsuffixdc=my-domain,dc=com.
configfiletestingsucceeded
[确定]
启动slapd:
[确定]
解决方法:
[root@station3ldap]#cp/etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@station3ldap]#serviceldapstart
正在检查slapd的配置文件:
configfiletestingsucceeded [确定]
启动slapd:
[确定]
13.问题三:
项目域名类似下例子时用jxplorer无法直接导入文档
databasebdb
suffix"dc=xjtu,dc=edu,dc=cn"
rootdn"cn=xjtuadmin,dc=xjtu,dc=edu,dc=cn"
#Cleartextpasswords,especiallyfortherootdn,should
#beavoided.Seeslappasswd(8)andslapd.conf(5)fordetails.
#Useofstrongauthenticationencouraged.
#rootpwsecret
#rootpw{crypt}ijFYNcSNctBYg
rootpwtest
导入方法
将*.ldif文件放在/etc/openldap/schema下,执行命令导入文档之前先关闭ldap
[root@168xjtu2schema]#serviceldapstop
停止slapd£º[确定]
[root@168xjtu2schema]#slapadd–v–l*.ldif########导入文档
导入成功后可用jxplorer连接查看导入信息,之后便可直接用jxplorer导入其他文档
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ldapa 安装 包含 windows linux