LDAP entry and OpenLDAP usage Configuration

LDAP entry and OpenLDAP usage Configuration

1. Introduction to LDAP

LDAP (Lightweight Directory Access Protocol, Lightweight Directory Access Protocol) is an information service that provides a directory service. Directory Service is a special database system that is specially optimized for reading, browsing, and searching operations. A directory generally contains descriptive, attribute-based information and supports fine and complex filtering capabilities. Directories generally do not support complex transaction management or roll-back policies required by General databases for a large number of update operations. Directory Service updates are generally very simple. This directory can store various information such as personal information, web links, and JPEG images. To access the information stored in the directory, you need to use the access protocol-LDAP running on TCP/IP.

The information in the LDAP directory is organized according to the tree structure, and the specific information is stored in the entry data structure. An entry is equivalent to a record of a table in a relational database. An entry is a set of attributes with the distinguished name DN (distinguished name), and a dn is used to reference an entry. An Attribute consists of a type and one or more values. A type specifies the constraints for values that can be stored in an attribute, it also specifies the rules for comparing data of this type. LDAP uses the syntax (syntax) to indicate the value constraints and comparison rules of attributes. The common syntax is the delimiter type.

The organization of entries in LDAP is generally organized according to the geographical location and organizational relationship, which is very intuitive. LDAP stores data in files. To improve efficiency, you can use an index-based file database. For example, mail, the value is an email address. LDAP information is stored in a tree structure. Generally, the root of a tree is defined as a country (C = cn) or a domain name (Dc = com). Under it, one or more organizations are often defined) (O = ACME) or organization unit (organizational units) (ou = people ). An organizational unit may contain information such as all employees and all printers in the building.

LDAP uses schema to further restrict directory entries Based on attributes. Schema is a type definition mechanism. Each type definition is also called objectclass. It specifies the required and optional attributes of the Directory Entry instance of this type. Similar to object-oriented programming languages, objectclass supports inheritance, and all objectclasses are top subtypes. Common objectclasses include inetorgperson and organizationalunit.

2. OpenLDAP installation and deployment

2.1,

Windows platform: http://www.userbooster.de/download/openldap-for-windows.aspx

Linux platform: http://www.openldap.org/

2.2 Installation

The installation prompt is "install by default.

2.3 Configuration

(1) Open the openldap_home/sldap. conf file and find the following lines:

Include ????????. /Schema/CORE. Schema

Add a new schema later. The schema is defined in the openldap_home/Schema folder.

Find the following two lines in the sldap. conf file:

Suffix ???????? "DC = maxcrc, Dc = com"

Rootdn ???????? "Cn = manager, Dc = maxcrc, Dc = com"

To:

Suffix ???????? "DC = esrigz, Dc = com"

Rootdn ???????? "Cn = manager, Dc = esrigz, Dc = com"

Suffix must be consistent with the definition in the ldif file.

There is also a parameter rootpw in the configuration file, which is the password of CN = manager and has been defined during installation.

(2) Start OpenLDAP

Open the console, go to the OpenLDAP installation directory, and run the following command to start OpenLDAP:

Slapd-D 1

You can see that a piece of information is printed in the console. the Berkeley DB database storage directory data selected during OpenLDAP installation.

2.4 create an entry and import the ldif File

Create an ldif file (in plain text format) with the following content:

DN: DC = esrigz, Dc = com

Objectclass: domain

Objectclass: Top

O: ESRI Guangzhou

DC: esrigz

??

DN: ou = developer, Dc = esrigz, Dc = com

Objectclass: organizationalunit

Ou: developer

Description: container for developer entries

??

DN: ou = manager, Dc = esrigz, Dc = com

Objectclass: organizationalunit

Ou: Manager

Description: container for manager entries

??

DN: uid = Yun, ou = developer, Dc = esrigz, Dc = com

UID: Yun

Objectclass: inetorgperson

Mail: [email protected]

Userpassword: 123456

Labeleduri: http://www.esri.com

SN: Xin

CN: Yun Xin

??

DN: uid = Xinli, ou = manager, Dc = esrigz, Dc = com

UID: Xinli

Objectclass: inetorgperson

Userpassword: 123456

Labeleduri: http://www.esri.com

SN: Wu

CN: Xinli Wu

Note: The format is strictly required. There cannot be spaces at the beginning and end of each line.

Run the following command to import the ldif file:

Ldapadd-d "cn = manager, Dc = esrigz, Dc = com"-W secret-F test. ldif

Parameter description:

• -D specifies the Administrator DN (consistent with the configuration in slapd. conf)
• -W upper case W indicates entering the password as prompted after the carriage return. You can use the lower case-W password to enter the password directly.
• -F File Name of the ldif data to be imported

For detailed parameter descriptions, use ldapadd --? View.

Run the following command to view the import information:

Ldapsearch-X-B "DC = esrigz, Dc = com"

2.5 ldapbrowser client deployment

Double-click LBE. BAT to run the task.

Click fetch DNS to automatically obtain the DN information.

Use the Manager account for access.

LDAP entry and OpenLDAP usage Configuration