openldap 2.6 快速开始一个服务

发表于 2023-08-18 更新于 2024-09-20 分类于技术文章

官方文档在这里，我按官方文档先走一遍

OpenLDAP Software 2.6 Administrator’s Guide: A Quick-Start Guide

下载和解压

# 请先安装好gcc make cmake编译环境
wget https://mirror-hk.koddos.net/OpenLDAP/openldap-release/openldap-2.6.6.tgz
gunzip -c openldap-2.6.6.tgz  tar xvfB -
cd openldap-2.6.6

开始编译安装，通常情况下会安装在 /usr/local

1
2
3

./configure
make depend
make && make install

新建好ldap文件夹并配好权限

mkdir -p /usr/local/etc/slapd.d
mkdir -p /usr/local/var/openldap-data
mkdir -p /usr/local/var/run
chmod 700 /usr/local/etc/slapd.d
chmod 700 /usr/local/var/openldap-data

编辑配置slapd.ldif

cp /usr/local/etc/openldap/slapd.ldif /usr/local/etc/openldap/slapd.ldif.bk
nano /usr/local/etc/openldap/slapd.ldif


# 找到文件的这些内容，修改如下olcRootDN和olcRootPW，olcRootPW用slappasswd命令生成
#######################################################################
# LMDB database definitions
#######################################################################
#
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd-config(5) for details.
# Use of strong authentication encouraged.
olcRootPW: {SSHA}leJZ6xJMhmn5*****O2gXiMsa8jU94y
# olcRootPW: secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
olcDbDirectory: /usr/local/var/openldap-data
# Indices to maintain
olcDbIndex: objectClass eq

导入配置文件和启动服务

# 导入配置文件
/usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l /usr/local/etc/openldap/slapd.ldif
# 启动服务
/usr/local/libexec/slapd -F /usr/local/etc/slapd.d
# 检查启动
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts


# 如果出现下面文本代表成功,注意这个namingContexts: dc=example,dc=com
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=example,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

增加初始条目example.ldif到目录，下面是示例文件

dn: dc=<MY-DOMAIN>,dc=<COM>
objectclass: dcObject
objectclass: organization
o: <MY ORGANIZATION>
dc: <MY-DOMAIN>

dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
objectclass: organizationalRole
cn: Manager

真正的配置文件example.ldif如下

dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager

导入初始条目

1
2
3

ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
# 检查它是否工作
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

再通过windows来管理它，推荐工具LDAP Admin V1.8.3.0