1. OpenLDAP installation and configuration
The LDAP directory stores data in a tree structure. The top layer is the "baseline DN", for example, "DC = mydomain, Dc = org" or "O = mydomain.org ", openldap supports both methods. We use the previous method. The specific installation and configuration process is not described in detail. The problems encountered during this process are generally related to the configuration file. If there is a problem, Please carefully check the slapd. conf file.
Ii. LDAP client tools
Ldapadmin and softerra LDAP administrator are recommended for non-Java users. ldapbrowser is recommended for Java users. Enter the user name in the format of CN = manager, Dc = sunwin, Dc = com.
3. Use C # To operate OpenLDAP
The following code is an example of adding a node. An objectclass: mynodeobject in the Custom schema is used.
Using system. directoryservices. Protocols;
Public class directorymng
{
Private ldapconnection m_ldapconnection;
Private string m_ldapserver;
Private networkcredential m_credential;
Private string m_targetou;
Private string ou1, ou2, ou3;
Public directorymng (string ldapserver, string username, string password, string domainname)
{
M_credential = new networkcredential (username, password, domainname );
M_ldapserver = ldapserver;
M_targetou = "DC = sunwin, Dc = com ";
}
Public directorymng (string ldapserver, string username, string password)
{
M_ldapserver = ldapserver;
M_targetou = "DC = sunwin, Dc = com ";
Username = "cn = manager, Dc = sunwin, Dc = com ";
M_credential = new networkcredential (username, password );
}
Public void connectldap ()
{
M_ldapconnection = new ldapconnection (m_ldapserver );
M_ldapconnection.sessionoptions.protocolversion = 3;
M_ldapconnection.authtype = authtype. Basic;
M_ldapconnection.credential = m_credential;
M_ldapconnection.bind ();
Console. writeline ("ldapconnection is created successfully .");
}
Public void add ()
{
Ou1 = "mynodeid = node1," + m_targetou;
Directoryattribute [] dirattrlist1 = new directoryattribute [3];
Dirattrlist1 [0] = new directoryattribute ("mynodeid", "node1 ");
Dirattrlist1 [1] = new directoryattribute ("mynodename", "sampleou1 ");
Dirattrlist1 [2] = new directoryattribute ("objectclass", "mynodeobject ");
Addrequest = new addrequest (ou1, dirattrlist1 );
M_ldapconnection.sendrequest (addrequest );
Console. writeline ("objects are created successfully .");
}
}
Call method:
Static void main (string [] ARGs)
{
Directorymng = new directorymng ("192.168.20.106: 389", "manager", "admin ");
Directorymng. connectldap ();
Directorymng. Add ();
}
Iv. Custom schema file
Which objectclass types are contained in a directory, which attributes should be included in an objectclass, And what restrictions each attribute has, which are defined in the schema file. The schema file is similar to the XML schema file. It is a data storage model. Relationship between objectclass and attribute: each node contains at least one objectclass. This objectclass includes multiple attributes, one of which is named "objectclass, this attribute is used to specify the objectclass instance of the node, such as "organizationalunit ".
The following is my custom Schema:
Attributetype (1.1.2.1.100 name 'mynodeid'
Desc 'node number'
Equality caseignorematch
Syntax 1.3.6.1.4.1.1466.115.121.1.15
Single-value)
Attributetype (1.1.2.1.101 name 'mynodename'
Desc 'node name'
Syntax 1.3.6.1.4.1.1466.115.121.1.15)
Objectclass (1.1.2.2.1 name 'mynodeobject'
Desc 'mynode'
Sup top structural
Must (mynodeid $ mynodename ))
A brief explanation:
- Attributetype (...) is the definition of attributes, and objectclass (...) is the definition of object classes.
- 1.1.2.1.100 is an object identifier oid. you can apply for a free oid from IANA or use only the oId 1.1, as long as it is not repeated with the existing oid. Oid is the identifier of attribute and objectclass.
- Name is the name of the attribute/object class, and the corresponding attribute/object class is used in the Code;
- Desc indicates the description of this attribute/object class;
- Priority ity is the matching rule.
- Syntax indicates the type. For example, 1.3.6.1.4.1.1466.115.121.1.15 indicates a string.
- Single-value defines this attribute as a single value. The default value is multi-value.
- Sup specifies the parent object class
- Must indicates required attributes
For more information, see the RFC documentation.