Detailed tutorial on openldap source code deployment in Linux, linuxopenldap

Source: Internet
Author: User
Tags ldap ldapsearch openldap

Detailed tutorial on openldap source code deployment in Linux, linuxopenldap

Detailed tutorial on openldap source code deployment in Linux.

I. Environment

Server: CentOS-7-x86_64-1511

Server IP:

2. The software obtains

OpenLDAP official website: http: //

OpenLDAP 2.4.44: ftp: //


Berkeley-db-5.1.29 (OpenLDAP is currently not compatible with version 6.x, READEME explicitly write compatible 4.4? 4.8 or 5.0? 5.1 ):


LDAP Administrator

Ldapadmin 2015.2:

Official Website:

64-bit: http: //

3. Preparation

1. Disable selinux;

2. Open the tcp 389/636 port of the firewall.

# TCP 389 is the plaintext transmission port of OpenLDAP and TCP 636 is the port for SSL encrypted transmission.

# Centos7 comes with the firewalld service by default. You can disable it and install iptables.

4. Install the OpenLDAP1. dependency package
# Libtool-ltdl and libtool-ltdl-devel are involved. If the tool is not installed, an error is reported during compilation: configuration: Error: libtool ltdl. hyum install * ltdl *-y is not found.
2. Install BDB
# It must be compiled and installed in the build_unix directory of the decompressed package. Otherwise, the [root @ local?] error will be reported. # Candela/USR/local/SRC/[root @ local SRC] # tar-zxvf DB-5.1.29.tar.gz [root @ local SRC] # CD DB-5.1.29/build_unix/[root @ local build_unix] #.. /dist/configure prefix =/usr/local/BerkeleyDB-5.1.29 [root @ local build_unix] # make [root @ local build_unix] # make install
3. Update the LIB Library
# Ensure that the lib and the libraries including [root @ local build_unix] can be found in the OpenLDAP compiled later # kandra/USR/local/SRC/[root @ local SRC] # echo" /usr/local/berkeleydb-5.1.29/LIB/">/etc/ld. so. [root @ local SRC] # LDCONFIG-v in conf
4. OpenLDAP installed
# You can use. /configure -- help view; # make test takes a long time; # If CPPFLAGS is not set, the configuration process may prompt configure: error: BDB/HDB: BerkeleyDB not available or configure: error: The BerkeleyDB version is incompatible with the BDB/HDB backend [root @ local?] # Candela/USR/local/SRC/[root @ local SRC] # tar-zxvf OpenLDAP-2.4.44.tgz [root @ local SRC] # CD OpenLDAP-2.4. 44 [root @ localhost openldap-2.4.44] #. /configure -- prefix =/usr/local/openldap-2.4.44 -- enable-syslog -- enable-modules -- enable-debug -- with-tls CPPFLAGS =-I/usr/local/berkeleydb-5.1.29/include/ LDFLAGS =-L/usr/local/berkeleydb-5.1.29/lib/[root @ localhost openldap-2.4.44] # Make dependent [root @ local OpenLDAP-44 year February 4] # Make [root @ local OpenLDAP-44 year february 4] # make the test [root @ local OpenLDAP-44 February 4] # make the installation
5. Set executable commands
# Add soft links to the execution files related to the server (sbin directory) in the OpenLDAP client (bin, you can also set [root @ local OpenLDAP-44 year February 4] # CD/usr/local/openldap-2.4 0.44 [root @ local OpenLDAP-44 year February 4] # LN-s by adding Environment Variables /usr/local/openldap-2.4.44/bin/*/usr/local/bin/[root @ local OpenLDAP-44 year February 4] # LN-s/usr/local/openldap-2.4.44/sbin /*/usr/local/sbin/
5. simple configuration 1. The directory structure of OpenLDAP installed in April February 4

After OpenLDAP is installed, the functions of the Directory are as follows:

Bin/-client tools such as ldapadd and ldapsearch

Etc/-including the main configuration file slapd. conf, schema, DB_CONFIG, etc.



Libexec/-server startup tool slapd

Sbin/-server tools such as slappasswd


Var/-- bdb data, log storage directory

2. the configured rootdn password (optional)
# Set the rootdn password. Here it is set to 123456; # in this way, the rootdn password is ciphertext, and the output ciphertext is copied to the corresponding location of the main configuration file rootdn. If you do not want to bother, skip this step, use plain text in the main configuration file. [Root @ local?] # CD/usr/local/openldap-2.4.44/[root @ local OpenLDAP-44-February 4] # slappasswd new password: re-enter the new password: {SSHA} K9 + WK/t1e0V0K6pUMOyTsaTwkDBNED iP
3. slapd. conf of the main configuration file
[Root @ local OpenLDAP-44 year February 4] # CD/usr/local/openldap-2.4.44/etc/openldap/[root @ local OpenLDAP] # VIM slapd. conf # The following section does not modify the English font of the purple font. The red font is modified, and the blue font indicates the new part. # The default mode is only core. in schema, you need to add all levels. Here, add all the architecture files in the schema directory of the same configuration file to the configuration file; 5 include/usr/local/openldap-2.4.44/etc/openldap/schema/core. schema 6 include/usr/local/openldap-2.4.44/etc/openldap/schema/collective. schema7 includes/usr/local/openldap-2.4.44/etc/openldap/schema/corb A. schema8 includes/usr/local/openldap-2.4.44/etc/openldap/schema/cosine. schema9 include/usr/local/openldap-2.4.44/etc/openldap/schema/duaconf. schema10 includes/usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup. schema11 includes/usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson. schema12 includes/usr/local/openldap-2.4.44/etc/openldap/schema/java. schema13 includes/usr/local/openldap-2.4.44/etc/openldap/schema/misc. sch Ema14 includes/usr/local/openldap-2.4.44/etc/openldap/schema/nis. schema15 include/usr/local/openldap-2.4.44/etc/openldap/schema/openldap. schema16 include/usr/local/openldap-2.4.44/etc/openldap/schema/pmi. schema17 includes/usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy. schema25 pidfile/usr/local/openldap-2.4.44/var/run/slapd. pid26 argsfile/usr/local/openldap-2.4.44/var/run/slapd. args # adds the log file level and path, which must be compiled -Enable debugging, otherwise the log file output, does not affect the debugging mode; 28 Log Level 25629 logfile/usr/local/openldap-2.4.44/var/slapd. log # Here, mdb is used as the backend database. You can also change it to the "bdb" parameter in OpenLDAP Official Document "11.4. The LMDB section describes how mdb is a recommended backend database. 67. When using mdb as a backend database, set a space value according to the instructions in the official documentation, "Apart from the common parameters required for minimum configuration, the maximum size of the mdb backend needs to be set, which should be the expected growth of the largest database (in bytes ), the file system must also provide sufficient space to accommodate this size. "; If you use bdb as the backend database, You Need To comment out this parameter; 68 maximum size 1073741824 # modify the domain name and administrator account name; 69 suffix" dc = sys, dc = com "70 rootdn" cn = admin, dc = sys, dc = com "# Use the ciphertext password, that is, the ciphertext generated using slappasswd; 74 rootpw {SSHA} K9 + WK/t1e0V0K6pUMOyTsaTwkDBNED iP # OpenLDAP data directory. When MDB is used, "data" is generated in the corresponding directory. "and" lock. mdb "file; When BDB is used," dn2id "is generated in the corresponding directory. bdb "and" id2entry. bdb "and multiple" _ db.00 * "files. 78 directory/usr/local/openldap-2.4.44/var/openldap-data80 index objectClass eq
4. initialize OpenLADP (optional)
# If mdb is used as the backend database, this step can be ignored. DB_CONFIG is used by the bdb/hdb database; # It is related to the configuration in the main configuration file, the main configuration file determines the use of bdb and the data storage path [root @ localhost openldap] # CD/usr/local/openldap-2.4.44/var/openldap-data/[root @ local OpenLDAP data] # CP DB_CONFIG.example DB_CONFIG
5. Start OpenLADP
# Work directly in the background; # non-root users cannot listen to Port 1? 1024. If you are not a root user, you may need to redefine the service port [root @ localhost?] #/Usr/local/openldap-2.4.44/libexec/slapd # Work at the front end, output debug information [root @ localhost?] #/Usr/local/openldap-2.4.44/libexec/slapd-d 256
6. Verify
[Root @ local?] # Ldapsearch-x-B ''-s alkali '(object class = *)' # Or [root @ local?] # Ldapsearch-x-B ''-s alkali '(object class = *) 'namingcontexts # Or use netstat-tunlp | grep 389, ps-ef | grep slapd, ps aux | grep slapd and so on.
Indicates that OpenLDAP has been started successfully:

Sat. Simple use (example) 1. Create an administrator account to edit the LDIF File
# Note with slapd. the conf file is consistent. The following command is the same: # I wrote "admin" as "amdin" in the following ldapadd command, resulting in "ldap_bind: Invalid credentials (49) "the error is returned to the previous command for execution every time). It takes about three hours to check the problem. [Root @ local?] # VIM test. ldifdn: dc = sys, dc = comobjectclass: dcObjectobjectclass: Organization o: SYS. Incdc: sysdn: cn = admin, dc = sys, dc = comobjectclass: organizationalRolecn: admin
Insert Database
[Root @ local?] # Ldapadd-x-D "CN = administrator, DC = SYS, DC = COM"-W-f test. ldif

You can see that the account has been added to LDAP:

[Root @ local?] # Ldapsearch-x-B 'DC = SYS, DC = COM ''(objectClass = *)'

2. Create an employee with department attributes to edit the LDIF File
# Here we create a department first, "it", and then create an employee in the "it" department. In fact, there are two Commands: [root @ local?] # VIM test2.ldifdn: ou = it, dc = sys, dc = comou: it objectClass: organizationalUnitdn: cn = test1, ou = it, dc = sys, dc = comou: it cn: test1sn: t1objectClass: inetOrgPersonobjectClass: organizationalPerson
Insert Database
[Root @ local?] # Ldapadd-x-D "CN = administrator, DC = SYS, DC = COM"-W-f test2.ldif

You can see that the employee account has been added to LDAP:

[Root @ local?] # Ldapsearch-x-B 'DC = SYS, DC = COM ''(objectClass = *)'

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.