====== CentOS 5 安裝 OpenLdap 管理通訊錄 ======
===== - 安裝套件 =====
* compat-openldap-2.3.27_2.2.29-5
* openldap-2.3.27-5
* openldap-devel-2.3.27-5
* openldap-clients-2.3.27-5
* openldap-servers-2.3.27-5
* openldap-servers-sql-2.3.27-5
===== - 設定 LDAP Server =====
* 透過 slappasswd 產生主要的密碼
[root@pd920 ~]# slappasswd
New password:
Re-enter new password:
{SSHA}N3Xr7mUajfh9BY_________xx_WfWgb
* vi /etc/openldap/slapd.conf
:
suffix "dc=ichiayi,dc=com"
rootdn "cn=Manager,dc=ichiayi,dc=com"
:
rootpw {SSHA}N3Xr7mUajfh9BY_________xx_WfWgb
:
===== - 建立 LDAP 內組織結構 =====
* 將 DB_CONFIG.example -> /var/lib/ldap/DB_CONFIG
cd /etc/openldap
cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG
* 編輯與匯入組織結構檔
++++root_unit.ldif|
# root node
dn: dc=ichiayi,dc=com
dc: ichiayi
objectClass: dcObject
objectClass: organizationalUnit
ou: ichiayi Dot com
#login top
dn: ou=login,dc=ichiayi,dc=com
ou: login
objectClass: organizationalUnit
#user, uid, password
dn: ou=user,ou=login,dc=ichiayi,dc=com
ou: user
objectClass: organizationalUnit
#group
dn: ou=group,ou=login,dc=ichiayi,dc=com
ou: group
objectClass: organizationalUnit
##for company organization top
dn: ou=company,dc=ichiayi,dc=com
ou: company
objectClass: organizationalUnit
#for company organization (unit)
dn: ou=unit,ou=company,dc=ichiayi,dc=com
ou: unit
objectClass: organizationalUnit
#human resource (under unit)
dn: ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com
ou: hr
objectClass: organizationalUnit
#MIS (under unit)
dn: ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com
ou: mis
objectClass: organizationalUnit
#Tech (under unit)
dn: ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com
ou: tech
objectClass: organizationalUnit
# for customers information
dn: ou=customer,ou=company,dc=ichiayi,dc=com
ou: customer
objectClass: organizationalUnit
++++
slapadd -v -l root_unit.ldif
----
[root@pd920 openldap]# slapadd -v -l /tmp/root_unit.ldif
added: "dc=ichiayi,dc=com" (00000001)
added: "ou=login,dc=ichiayi,dc=com" (00000002)
added: "ou=user,ou=login,dc=ichiayi,dc=com" (00000003)
added: "ou=group,ou=login,dc=ichiayi,dc=com" (00000004)
added: "ou=company,dc=ichiayi,dc=com" (00000005)
added: "ou=unit,ou=company,dc=ichiayi,dc=com" (00000006)
added: "ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com" (00000007)
added: "ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com" (00000008)
added: "ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com" (00000009)
added: "ou=customer,ou=company,dc=ichiayi,dc=com" (0000000a)
----
chown -R ldap /var/lib/ldap/*
===== - 啟動 LDAP Server 與確認匯入資料正確 =====
* service ldap start
* ldapsearch -x -b "dc=ichiayi,dc=com"
++++實際過程|
[root@pd920 openldap]# service ldap start
正在為 slapd 檢查設定檔案: config file testing succeeded
[ 確定 ]
正在啟動 slapd: [ 確定 ]
[root@pd920 openldap]# ldapsearch -x -b "dc=ichiayi,dc=com"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ichiayi.com
dn: dc=ichiayi,dc=com
dc: ichiayi
objectClass: dcObject
objectClass: organizationalUnit
ou: ichiayi Dot com
# login, ichiayi.com
dn: ou=login,dc=ichiayi,dc=com
ou: login
objectClass: organizationalUnit
# user, login, ichiayi.com
dn: ou=user,ou=login,dc=ichiayi,dc=com
ou: user
objectClass: organizationalUnit
# group, login, ichiayi.com
dn: ou=group,ou=login,dc=ichiayi,dc=com
ou: group
objectClass: organizationalUnit
# company, ichiayi.com
dn: ou=company,dc=ichiayi,dc=com
ou: company
objectClass: organizationalUnit
# unit, company, ichiayi.com
dn: ou=unit,ou=company,dc=ichiayi,dc=com
ou: unit
objectClass: organizationalUnit
# hr, unit, company, ichiayi.com
dn: ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com
ou: hr
objectClass: organizationalUnit
# mis, unit, company, ichiayi.com
dn: ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com
ou: mis
objectClass: organizationalUnit
# tech, unit, company, ichiayi.com
dn: ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com
ou: tech
objectClass: organizationalUnit
# customer, company, ichiayi.com
dn: ou=customer,ou=company,dc=ichiayi,dc=com
ou: customer
objectClass: organizationalUnit
# search result
search: 2
result: 0 Success
# numResponses: 11
# numEntries: 10
[root@pd920 openldap]#
++++
===== - 安裝 LDAP Web 管理介面系統 GOsa (尚未完成)=====
* GOsa 網站 : http://www.gosa-project.org/ [[ftp://oss.gonicus.de/pub/gosa/|下載目錄]]
++++實際安裝過程|
cd /usr/share/
wget ftp://oss.gonicus.de/pub/gosa/gosa-2.5.13.tar.gz
tar -zxvf gosa-2.5.13.tar.gz
mv gosa-2.5.13 gosa
rm gosa-2.5.13.tar.gz
cd gosa
mkdir /var/spool/gosa
chmod 777 /var/spool/gosa
mkdir /etc/gosa
++++
===== - 匯入現有 Thunderbird 通訊錄資料(尚未完成) =====
* 將通訊錄資料會出成 jonathan.ldif
* 使用 slapadd -v -l jonathan.ldif 匯入
[root@pd920 tmp]# slapadd -v -l jonathan.ldif
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=ichiayi,dc=com.
<= str2entry: str2ad(mozillaNickname): attribute type undefined
slapadd: could not parse entry (line=742)
[root@pd920 tmp]#
[root@pd920 openldap]# service ldap start
正在為 slapd 檢查設定檔案: config file testing succeeded
[ 確定 ]
正在啟動 slapd: [ 確定 ]
[root@pd920 openldap]#
===== - 參考資料 =====
* [[http://ms.ntcb.edu.tw/~steven/article/ldap-1.htm|LDAP 入門]]
* [[http://ms.ntcb.edu.tw/~steven/article/ldap-2.htm|LDAP - 使用 Thunderbird / Outlook 查尋通訊錄]]
* [[http://b2d.phc.edu.tw/modules/tadbook2/view.php?book_sn=15&bdsn=472|澎湖人 No.1 - CentOS安裝OpenLDAP]]
{{tag>ldap openldap draft draft_安裝 thunderbird 通訊錄}}