1. Build an LDAP server
LDAP is a Lightweight Directory Access protocol, the full name is Lightweight Directory Access Protocol, which is generally referred to as LDAP
(1) What is a directory service?
Directory service is the pattern of storing information in tree form
What are the characteristics of directory services? is directory service different from relational database?
- The data type of the directory service is primarily character type, not the type of integer, floating-point, date, currency, etc. provided by the relational database, with the addition of bin (binary data), CIS (ignoring case), CES (case sensitive), tel (phone type) syntax (Syntax) in order to retrieve
- Also does not provide a large number of functions that are commonly contained in relational databases
- The directory has a strong query (read) function, suitable for the retrieval of large amounts of data
- However, the directory generally only performs simple update (write) operations and does not support the transactional capabilities required for bulk updates
- It is primarily data-oriented query services (query and modify operations are larger than 10:1) and does not provide a rollback (rollback) mechanism for transactions.
- Directory has the ability to replicate information extensively and is suitable for multiple directory servers to synchronize/update
(2) LDAP Service features
- The structure of LDAP is represented by a tree, not by a table. Because of this, you can't use SQL statements.
- LDAP can get query results very quickly, but in terms of writing, it's much slower.
- LDAP provides a quick way to query static data
- Client/server model
Server for storing data
Client provides tools to manipulate directory information tree
(3) LDAP storage is the most useful information: the data needs to be read from different locations, but it does not need to be updated frequently:
Phone book and org chart for company employees
Customer's contact information
Information required for Computer Management, including NIS mappings, email kana, and more
Configuration information for the package
Public certificates and security keys
(4) LDAP directory data structure
- Directory in LDAP is organized by tree-directory Information tree (DIT)
DIT is a database that is primarily read operations
- The DIT consists of an entry (Entry), which corresponds to the record of a table in a relational database;
An entry is a collection of attribute-value pairs (attribute-value, referred to as AV) with Distinguished name DN (distinguished name)
(5) How to organize data in the directory tree
In UNIX file systems, the top level is the root directory (root), and the LDAP directory is usually rooted, often called BaseDN.
Because of history (X.500), the LDAP directory uses the OU (Organization Unit) to logically separate the data.
An Ou is also an entry, a container entry
Under the Ou is the real user entry
(6) What is a DN?
dn,distinguished Name Distinguished Name
In LDAP, the resolution of an entry is called "DN", which is the unique name identifier of the entry in the entire tree, and the DN corresponds to the keyword (Primary key) in the relational database table; is a recognition property that is typically used to retrieve
2. Start the construction process:
sudo apt-get install ldap-utils SLADPD
Error occurred:
Solve the problem:
sudo apt-get install SLAPD ldap-utils migrationtools
(2) Reconfiguration:
sudo dpkg-reconfigure slapd
, Modify the DIT suffix to dc=example,dc=com, and DNS domain name to fill in the example.com, that is, the client to fill in the benchmark DN
(3) Create a new add_content.ldif file to add the corresponding user password , such as adding a John User
sudo vi add_content.ldif
Enter as follows:
Dn:ou=people,dc=example,dc=ComobjectClass:organizationalUnitou:Peopledn:ou=groups,dc=example,dc=COMOBJECTCLASS:ORGANIZATIONALUNITOU:GROUPSDN:CN=miners,ou=groups,dc=example,dc=ComobjectClass:posixGroupcn:minersgidNumber: thedn:uid=john,ou=people,dc=example,dc= comobjectClass:inetOrgPersonobjectClass:posixAccountobjectClass:shadowAccountuid:johnSN: Doegivenname:johncn:john doedisplayname:john doeuidnumber:10000Gidnumber: the userpassword:johnldapgecos:john Doeloginshell:/bin/bashhomedirectory:/home/john
Ldapadd-x-D cn=admin,dc=example,dc=com-w-F add_content.ldif
finish John 's configuration
(4) Router as a client configuration
(5) Login Authentication success: Login successful, indicating the LDAP server authentication success
UBUNTU14 under the AAA certification of various Servers 3