Openldap configuration in Linux (for configuration and deployment in windows, refer)

Source: Internet
Author: User
Tags ldap ldapsearch unpack openldap

  1. Get the software 
    You can obtain a copy of the software by following the instructions on the OpenLDAP Software Download Page (http://www.openldap.org/software/download/). It is recommended that new users start with the latestRelease.
     
  2. Unpack the distribution 
    Pick a directory for the source to live under, change directory to there, and unpack the distribution using the following commands:
      Gunzip-C openldap-VERSION.tgz | tar Xvfb-

    Then relocate yourself into the distribution directory:

      CD openldap-version

    You'll have to replaceVersionWith the version name of the release.
     

  3. Review documentation 
    You shoshould now reviewCopyright,License,ReadmeAndInstallProvided with the distribution.CopyrightAndLicenseProvide information on acceptable use, copying, and limitation of warranty of OpenLDAP software.

    You shoshould also review other chapters of this document. In particle, the building and installing OpenLDAP software chapter of this document provides detailed information on prerequisite software and installation procedures.
     
  4. RunConfigure 
    You will need to run the providedConfigureScriptConfigureThe distribution for building on your system.ConfigureScript accepts register command line options that enable or disable optional software features. Usually the defaults are okay, but you may want to change them. To get a complete list of options thatConfigureACCEPTS, use-- HelpOption:
      ./Configure -- Help

    However, given that you are using this guide, we'll assume you are brave enough to just letConfigureDetermine what's best:

      ./Configure

    AssumingConfigureDoesn't dislike your system, you can proceed with building the software. IfConfigureDid complain, well, you'll likely need to go to the software FAQInstallationSection (http://www.openldap.org/faq? File = 8) and/or actually read the building and installing OpenLDAP software chapter of this document.
     

  5. Build the software.
    The next step is to build the software. This step has two parts, first we construct dependencies and then we compile the software:
      Make depend 
      Make

    Both makes shoshould complete without error.
     

  6. Test the build.
    To ensure a correct build, you shoshould run the test suite (it only takes a few minutes ):
      Make Test

    Tests which apply to your configuration will run and they shocould pass. Some tests, such as the replication test, may be skipped.
     

  7. Install the software.
    You are now ready to install the software; this usually requiresSuper-userPrivileges:
      Su root-C 'make install'

    Everything shoshould now be installed under/Usr/local(Or whatever installation prefix was usedConfigure).
     

  8. Edit the configuration file.
    Use your favorite editor to edit the providedSlapd. conf(5) Example (usually installed/Usr/local/etc/OpenLDAP/slapd. conf) To contain a bdb database definition of the form:
      Database bdb 
      Suffix "DC = <my-domain>, Dc = <COM>" 
      Rootdn "cn = manager, Dc = <my-domain>, Dc = <COM>" 
      Rootpw secret 
      Directory/usr/local/var/openldap-Data

    Be sure to replace<My-domain>And<COM>With the appropriate domain components of your domain name. For example,Example.com, Use:

      Database bdb 
      Suffix "DC = example, Dc = com" 
      Rootdn "cn = manager, Dc = example, Dc = com" 
      Rootpw secret 
      Directory/usr/local/var/openldap-Data

    If your domain contains additional components, suchEng.uni.edu. EU, Use:

      Database bdb 
      Suffix "DC = ENG, Dc = uni, Dc = Edu, Dc = Eu" 
      Rootdn "cn = manager, Dc = ENG, Dc = uni, Dc = Edu, Dc = Eu" 
      Rootpw secret 
      Directory/usr/local/var/openldap-Data

    Details regarding indexing ing slapd (8) can be found in the slapd. conf (5) manual page and the slapd configuration file chapter of this document. note that the specified directory must exist prior to starting slapd (8 ).

    If you want to load all schma, refer

     

    Include/etc/OpenLDAP/Schema/CORE. Schema
    Include/etc/OpenLDAP/Schema/cosine. Schema
    Include/etc/OpenLDAP/Schema/inetorgperson. Schema
    Include/etc/OpenLDAP/Schema/CORBA. Schema
    Include/etc/OpenLDAP/Schema/dyngroup. Schema
    Include/etc/OpenLDAP/Schema/Java. Schema
    Include/etc/OpenLDAP/Schema/Misc. Schema
    Include/etc/OpenLDAP/Schema/NIS. Schema
    Include/etc/OpenLDAP/Schema/OpenLDAP. Schema


    Include/etc/OpenLDAP/Schema/CORE. Schema
    Include/etc/OpenLDAP/Schema/cosine. Schema
    Include/etc/OpenLDAP/Schema/inetorgperson. Schema
    Include/etc/OpenLDAP/Schema/CORBA. Schema
    Include/etc/OpenLDAP/Schema/dyngroup. Schema
    Include/etc/OpenLDAP/Schema/Java. Schema
    Include/etc/OpenLDAP/Schema/Misc. Schema
    Include/etc/OpenLDAP/Schema/NIS. Schema

 

 

  • Start slapd.
    You are now ready to start the standalone LDAP daemon,Slapd(8), by running the command:

      Su root-C/usr/local/libexec/slapd

    To check to see if the server is running and configured correctly, you can run a search against itLdapsearch(1). By default,LdapsearchIs installed/Usr/local/bin/ldapsearch:

      Ldapsearch-X-B '-S base' (objectclass = *) 'namingcontexts

    Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This shocould return:

      DN: 
      Namingcontexts: DC = example, Dc = com

    Details regarding runningSlapd(8) can be found inSlapd(8) manual page and the running slapd chapter of this document.
     

  • Add Initial entries to your directory.
    You can useLdapadd(1) To add entries to your LDAP directory.LdapaddExpects input in ldif form. We'll do it in two steps:
    1. Create an ldif File
    2. Run ldapadd

    Use your favorite editor and create an ldif file that contains:

      DN: DC = <my-domain>, Dc = <COM> 
      Objectclass: dcobject 
      Objectclass: Organization 
      O: <my organization> 
      DC: <my-domain> 

      DN: Cn = manager, Dc = <my-domain>, Dc = <COM> 
      Objectclass: organizationalrole 
      CN: Manager

    Be sure to replace<My-domain>And<COM>With the appropriate domain components of your domain name.<My organization>Shocould be replaced with the name of your organization. When you cut and paste, be sure to trim any leading and trailing whitespace from the example.

      DN: DC = example, Dc = com
      Objectclass: dcobject
      Objectclass: Organization
      O: Example Company
      DC: Example

      DN: Cn = manager, Dc = example, Dc = com
      Objectclass: organizationalrole
      CN: Manager

    /* The key point of the file is that there cannot be spaces in the header and tail of each line */
    Now, you may runLdapadd(1) to insert these entries into your directory.

      Ldapadd-X-d "cn = manager, Dc = <my-domain>, Dc = <COM>"-w-F example. ldif

    Be sure to replace<My-domain>And<COM>With the appropriate domain components of your domain name. You will be prompted for"Secret"Specified inSlapd. conf. For example,Example.com, Use:

      Ldapadd-X-d "cn = manager, Dc = example, Dc = com"-w-F example. ldif

    WhereExample. ldifIs the file you created above.

    Additional information regarding Directory creation can be found in the database creation and maintenance tools chapter of this document.
     

  • See if it works.
    Now we're re ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example usesLdapsearch(1) tool. Remember to replaceDc = example, Dc = comWith the correct values for your site:

     

    Ldapsearch-X-B 'Dc = example, Dc = com ''(objectclass = *)'

    # Searching and timing objects

    Time ldapsearch-X-B "uid = user150000, ou = people, Dc = sky, Dc = com"

    This command will search for and retrieve every entry in the database.

     

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.