本文旨在介ç»å¦‚何安装OpenLDAPòq¶ä¸”讄¡½®ä¸€ä¸ªå…¬å¸å†…部的集ä¸åŒ–的邮äšg地å€è–„æœåС噍供客æˆïL(f¨¥ng)«¯æŸ¥è¯¢ã€?nbsp;
基本上,OpenLDAPg˜q˜åº”用在其它许多斚w¢åQŒè±¡é›†ä¸åŒ–的用户å¸å·éªŒè¯æœåŠ¡å™?但邮件地å€è–„查询是最常用的ã€?nbsp;
� 安装
ä»?a >www.openldap.orgä¸‹è²æœ€æ–°çš„openldap软äšg包,按照¾~–译和安装的æ¥éª¤åQŒä¾‹Æ¡è¿è¡Œï¼š(x¨¬)
#tar cvfz openldap-stable-20010524.tgz
#cd openldap-2.0.11
#./configure
#make depend
#make
#make test
#make install
我的æ“作环境是redhat 6.1åQŒå¦‚果没有é‡åˆîC“Q何错误,最åŽé»˜è®¤å®‰è£…LDAPåŽå°½E‹åºslapd到目å½?usr/local/libexec;é…置文äšg在目å½?usr/local/etc/openldap/ òq¶ä¸”攑ք¿UOpenLDAP工具
ldapadd,ldapdelete,ldapmodify,ldapmodrdn,ldappasswd,ldapsearch
在目å½?usr/local/bin,˜q行时数æ®åº“åœ?usr/local/var/openldap-ldbm ã€?nbsp;
ä¸? 讄¡½®
1) 更改é…置文äšg/usr/local/etc/openldap/slapd.conf
在include /usr/local/etc/openldap/schema/core.schema˜q™è¡ŒåŽé¢åŠ ä¸Šä¸‹é¢çš„行包括所有的æ–ÒŽ(gu¨©)¡ˆã€?nbsp;
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nadf.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
2) 在文件slapd.conf�ldbm database definitions"部分更改相应�
suffix,rootdn行如�nbsp;
database ldbm
suffix "o=yourdomain,c=us"
rootdn "cn=root,o=yourdomain,c=us"
rootpw secret
directory /usr/local/var/openldap-ldbm
有儿Uæ ¼å¼ä½ å¯ä»¥ç”¨ï¼Œ˜q™é‡Œæˆ‘用的是o=yourdomain,c=us è¯´æ˜Žä½ çš„å…¬å¸åŸŸå和所在的国家或地区rootdnçš„æ ¼å¼å®‰è£…åŽé»˜è®¤ä¸ºcn=Manager,˜q™é‡Œæ”¹äØ“(f¨´)root完全是自å·Þqš„喜好,˜q™æ ·½W¦åˆUnix/Linuxä¸rootå…ähœ‰æœ€é«˜æƒé™çš„ä¼ ç»Ÿã€?nbsp;
3) 现在å¯ä»¥å¯åЍslapd了,˜q行/usr/local/libexec/slapd ã€?nbsp;
å¯ä»¥è€ƒè™‘æŠ?usr/local/bin and /usr/local/libexecåŠ åˆ°æœçƒ¦è·¯å¾„ä¸ï¼Œå›_Š åˆ?etc/profileä¸çš„PATHè¡?
PATH="$PATH:/usr/X11R6/bin:/usr/local/bin:/usr/local/libexec"
˜q™æ ·ä¸‹æ¬¡ç™Õd½•åŽåªéœ€é”®å…¥ slapd ã€?nbsp;
4) ‹¹‹è¯•ldap serveræ˜¯å¦æ£å¸¸å·¥ä½œã€?nbsp;
˜q行下é¢çš„å‘½ä»¤æ£€æŸ¥æ˜¯å¦æœ‰ç›¸åº”的输出ã€?nbsp;
#ldapsearch -x -b 'o=yourdomain,c=us' '(objectclass=*)'
5) ¾~–辑.ldif文本文äšgåQŒç”¨ldapaddæ·ÕdŠ è®°å½•˜q›å…¥LDAPæ•°æ®åº“ã€?nbsp;
æ–‡äšg内容如下åQ?nbsp;
dn: o=yourdomain,c=us
objectclass: dcobject
objectclass: organization
o: yourdomain
dc: yourdomain
dn: cn=Jephe Wu,o=yourdomain,c=us
objectclass: inetorgperson
cn: Jephe Wu
sn: Wu
mail: jephe_wu@yourdomain.com
......more users......
便¬¡¾cÀLލåQŒæ·»åŠ æ¯ä¸ªäh的记录进入该文äšgä¸ï¼Œæ³¨æ„对象¾cÕdž‹ inetorgperson 臛_°‘å¿…é¡»è¦æœ‰cnå’Œsn,˜q™é‡Œæˆ‘们用cn,sn,mail三项定义,˜q™å¯¹æˆ‘们的邮件地å€è–„功能æ¥è¯´å·²¾lèƒöå¤Ÿã€‚ä½ ˜q˜å¯ä»¥å®šä¹‰è±¡mobile, homephone,pager......½{‰ç‰ã€?nbsp;
ç„¶åŽç”¨ä¸‹é¢çš„命ä×o(h¨´)æ·ÕdŠ ä¸Šé¢çš?ldifæ–‡äšg˜q›å…¥LDAPæ•°æ®åº?nbsp;
#ldapadd -x -D "cn=root,o=yourdomain,c=us" -w secret -f
"yourldiffilename"
注:(x¨¬)上é¢çš„æ–‡ä»¶çš„½W¬ä¸€éƒ¨åˆ†"dn: o=yourdomain,c=us"是必™åÈš„åQŒå¦åˆ™ä¸èƒ½æ·»åŠ æ•°æ®ã€?nbsp;
ç”¨ä½ çš„å…¬å¸çš„åŸŸåæ›¿æ¢ä¸Šé¢çš?yourdomain"ã€?nbsp;
6) 讄¡½®Outlook Express, å…许用LDAPæœåŠ¡å™¨æŸ¥è¯¢é‚®ä»¶åœ°å€ã€?nbsp;
"工具/å¸å·/æ·ÕdŠ --目录æœåŠ¡"åQŒå¡«å…¥ä½ çš„æœåŠ¡å™¨çš„IPåœ°å€æˆ–者主机全¿U°åŸŸå,在下一个å±òq•ä¸é€‰yes以å…许用目录æœåŠ¡æ¥æŸ¥è¯¢åœ°å€åQŒæœ€åŽåœ¨"目录æœåŠ¡"æ ä¸é€‰ä¸åˆšæ‰è®„¡½®çš„项目击“属æ€?高çñ”",åœ?æœçƒ¦åº?ä¸å¡«å…?nbsp;
"o=yourdomain,c=us" �nbsp;
Netscapeè¯äh ¹æ®ä¸Šé¢çš„ä¿¡æ¯è®„¡½®ç›¸åº”的选项ã€?nbsp;
å›? 常è§ä½¿ç”¨é—®é¢˜
1) 能å¯åЍslapd 没有问题åQŒä½†ä¸èƒ½æ·ÕdŠ æ•°æ®åº“,˜q行ldapaddæ·ÕdŠ æ—¶å‡ºé”?"ldap_bind:cannot contact LDAP Server" ã€?nbsp;
½{? 最å¯èƒ½çš„åŽŸå› æ˜¯åœ?etc/hosts䏿²¡æœ?27.0.0.1 localhost™å¹ç›®ã€?nbsp;
2) æ³¨æ„æŸ¥è¯¢™åºåº: 如果在Outlook Express的地å€è–„䏿œ‰å†…å®¹ï¼Œåˆ™æ£€æŸ¥åœ°å€æ—¶åœ°å€è–„优 先,如果在本地地å€è–„䏿‰¾ä¸åˆ°ç›¸åº”记录,然åŽå†æŸ¥è¯¢LDAPæœåС噍ã€?nbsp;
3) 用下é¢çš„命ä×o(h¨´)¼‹®ä¿¡å®¢æˆ·ç«¯ä¸ŽLDAPæœåŠ¡å™¨æœ‰é€šè®¯,在æœåС噍˜q行下é¢çš„命令,然åŽåœ¨OE䏿µ‹è¯•检查地å€åQŒä½ ž®†ä¼š(x¨¬)得到查询LDAPæ•°æ®åº“çš„˜qžæŽ¥˜q‡ç¨‹çš„输出ã€?nbsp;
# tcpdump port 389