用mysql作openldap的後台資料庫

來源:互聯網
上載者:User

  Setting up OpenLDAP with MySQL backend

  用mysql作後台資料庫安裝openldap

  author: TBONIUS

  OpenLDAP is an X.500 Lightweight Directory Access Server used for

  centralized authentication and directory lookups. This article covers configuring this service to utilize SQL services in order to store its data object. Having these objects stored in a SQL database allow for third party applications access to manage these objects.

  openldap是一個基於x.500協議用來集中認證和目錄搜尋的級目錄訪問伺服器。這篇文章包含的內容是:利用sql服務來配置這個伺服器 ,用來儲存對象和資料。允許第三方應用訪問、管理這些儲存在SQL資料庫裡的對象。

  Ports that are needed:

  需要的ports有:

  MySQL 4.x server : /usr/ports/databases/mysql41-server

  MySQL 4.x client : /usr/ports/databases/mysql41-client

  LibIODBC 3.x : /usr/ports/databases/libiodbc

  MyODBC 3.x : /usr/ports/databases/myodbc

  OpenLDAP 2.x : /usr/ports/databases/openldap21-server WITH_ODBC="YES"

  Configuring the MySQL server

  配置mysql伺服器

  OpenLDAP has the option to use many different kinds of databases, in this case we will use MySQL. The first step in setting this up is to create a MySQL database for which OpenLDAP will use.

  openldap可選很多不同種類的資料庫。在這種情況下,我將使用mysql。要完成這個任務的第一步是建立一個openldap將要使用的mysql資料庫

  root@host # mysqladmin create ldap

  Next we will create a MySQL account that OpenLDAP will use for our newly created ldap database

  下面我將建立一個openldap會用的mysql帳號,對應我們建立立的ldap資料庫。

  root@host # mysql

  Welcome to the MySQL monitor. Commands end with ; or g.

  Your MySQL connection id is 10 to server version: 4.0.18

  Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

  mysql>;grant all privileges on ldap.* to 'ldap'@'localhost'

  ->;identified by 'password' with grant option;

  Query OK, 0 rows affected (0.13 sec)

  We of course want to substitute 'password' with the actual password we wish to use for this particular user account

  對特定的使用者帳號,我們當然想用我們真正想用的密碼替換'password'。

  Configuring LibIODBC to use the MyODBC driver

  配置LibODBC使用MyODBC驅動。

  Quite simply we need to edit two file here to get LibODBC to use the MyODBC driver in accessing the MySQL server.

  事實上我們只需要簡單得修改這裡的兩個檔案就可讓LibODBC使用MyODBC驅動來訪問MySQL伺服器。

  Take a look at the /usr/local/etc/libiodbc/odbcinst.ini file and make the following changes

  看看這個檔案/usr/local/etc/libiodbc/odbcinst.ini並修改內容:

  [ODBC Drivers]

  MySQL = Installed

  [MySQL]

  Description=ODBC for MySQL

  Driver=/usr/local/lib/libmyodbc3.so

  Take a look at the /usr/local/etc/libiodbc/odbc.ini and make the following changes

  看看這個檔案/usr/local/etc/libiodbc/odbc.ini並作如下修改:

  [ODBC Data Sources]

  ldap = MySQL LDAP DSN

  [ldap]

  Driver = /usr/local/lib/libmyodbc3.so

  Description = OpenLDAP Database

  Host = localhost

  ServerType = MySQL

  Port = 3306

  FetchBufferSize = 99

  User = ldap

  Password = password

  Database = ldap

  ReadOnly = no

  Socket = /tmp/mysql.sock

  [ODBC]

  InstallDir=/usr/local/lib

  Again, substitute password for the actual password we created for the ldap user of the MySQL database.

  再次,為我們在mysql資料庫建立的ldap使用者的密碼。

  We can test our current configuration before installing and configuring OpenLDAP. LibIODBC provides a test utility to check DSN configurations.

  在安裝配置openldap以前,我們可以測試我們當前的配置。LibIODBC提供了檢測DSN配置的測試載入器。

  Note from darxpryte: Upon following this tutorial I've found that iodbctest was not built automatically. This may be fixed later but if you find this to be the case you'll need to do the following:

  darxpryte提示:在這篇指南的下面,我發現iodbctest沒有自動建立,以後或許會修正這個問題,不過如果你需要如此的話,按照修面的操作:

  cd /usr/ports/databases/libiodbc/

  make extract

  cd work/libiodbc-3.52.2/samples

  make install

  This will install iodbctest into /usr/local/bin/

  這將把iodbctest安裝到/usr/local/bin/

  Once you install iodbctest, you can do the following to test your connection:

  一旦你安裝了iodbctest,你就可以安裝下面的方法來測試你的串連:

  root@host # iodbctest

  iODBC Demonstration program

  This program shows an interactive SQL processor

  Driver Manager: 03.51.0001.0908

  Enter ODBC connect string (? shows list): ?

  DSN | Description

  ---------------------------------------------------------------

  ldap | MySQL LDAP DSN

  Enter ODBC connect string (? shows list):DSN=ldap

  Driver: 03.51.06

  SQL>;show tables;

  Tables_in_ldap

  ---------------------

  authors_docs

  documents

  institutes

  ldap_attr_mappings

  ldap_entries

  ldap_entry_objclasses

  ldap_oc_mappings

  ldap_referrals

  persons

  phones

  result set 1 returned 10 rows.

  This shows us that the DSN is configured correctly for LibIODBC to use the MyODBC driver in order to connect to our ldap database we set up on our MySQL Server

  這表示,DSN已經為LibIODBC配置好使用MyODBC驅動,好用來串連到我們在mysql伺服器上安裝的ldap資料庫。

  If you have problems displaying the DSN names defined in the odbc.ini file via the test program, try exporting the following shell environmental variable:

  如果你通過測試程式時有問題(顯示定義在odbc.ini裡面的DSN名字),嘗試輸入下面的shell環境變數:

  For csh or tcsh:

  對於csh或者tcsh:

  setenv ODBCINI /usr/local/etc/libiodbc/odbc.ini

  For sh or bash:

  對於sh或者bash:

  export ODBCINI=/usr/local/etc/libiodbc/odbc.ini

  Configuring OpenLDAP to use MySQL

  配置openldap使用mysql

  During the build of OpenLDAP, we need to pass the WITH_ODBC="YES" option so that the server build the appropriate SQL configurations

  在編譯openldap的時候,我們需要跳過 WITH_ODBC="YES"選項,這樣,伺服器編譯專用的sql配置。

  After the make install process, we will copy over the slapd.conf file that is configured to use a SQL backend. This file is buried under the OpenLDAP ports directory in the following path:

  在安裝過程完畢後,我們將複製使用SQL作背景slapd.conf檔案,這個檔案在openldap的ports目錄的下面的路徑中產生:

  work/openldap-2.1.30/servers/slapd/back-sql/rdbms_depend/mysql

  Change to this directory, from the ports directory of OpenLDAP, and copy the configuration file over

  >; cp slapd.conf /usr/local/etc/openldap

  Then we can import the back SQL file from this directory into our running MySQL server database

  root@host # mysql < backsql_create.sql ldap

  root@host # mysql < testdb_create.sql ldap

  Optionally we can import the testdb_data and testdb_metadata files into the database so that we can have example data with which to work

  Next we need to edit the /usr/local/etc/openldap/slapd.conf file and make the protper adjustments. We need to setup the slapd service to use a SQL backend under the "SQL database definitions" section

  database sql

  suffix "o=sql,c=RU"

  rootdn "cn=root,o=sql,c=RU"

  rootpw secret

  dbname ldap

  dbuser ldap

  dbpasswd password

  subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"

  insentry_query "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"

  Go ahead and comment out or delete any other example configurations for alternate SQL connectors such as Postgres and/or MsSQL settings. (Unless of course you are using a Postgres or MsSQL server as your backend

  Post installation configuration

  Next, we need to edit the /etc/rc.conf and configure the OpenLDAP server to star on boot by making the following changes

  slapd_enable="YES"

  slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'

  slapd_sockets="/var/run/openldap/ldapi"

  And finally we need to edit the OpenLDAP startup script and setup the ODBC path for the server to use. Edit /etc/rc.d/slapd file and add the following line:

  export ODBCINI=/usr/local/etc/libiodbc/odbc.ini

  Just as we performed the iodbctest, this variable is essential for OpenLDAP to know where the configuration file to use for ODBC connectivity

  Now we are ready to try and bring up our OpenLDAP server. Let us start by running slapd manually in debug mode to see the output of startup:

  root@host # /usr/local/libexec/slapd -d 1

  We should see the following at the end of the debug output:

  <==load_schema_map()

  <==backsql_get_db_conn()

  ==>;backsql_free_db_conn()

  backsql_free_db_conn(): closing db connection

  ==>;backsql_close_db_conn()

  <==backsql_close_db_conn()

  <==backsql_free_db_conn()

  <==backsql_db_open(): test succeeded, schema map loaded

  slapd starting

  If this is the given output then it looks like our configuration is correct and we are ready to start up OpenLDAP normally for operation.

  /etc/rc.d/slapd start

  This will startup the OpenLDAP server and we can verify it is running with the following command:

  root@host # sockstat |grep slapd

  ldap slapd 71838 5 dgram -< /var/run/log

  ldap slapd 71838 8 stream /var/run/openldap/ldapi

  ldap slapd 71838 9 tcp4 *:389 *:*

  From here, use any OpenLDAP Administration tool of your choice to add, edit and remove data

相關文章

Beyond APAC's No.1 Cloud

19.6% IaaS Market Share in Asia Pacific - Gartner IT Service report, 2018

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。