ITPub博客

首页 > Linux操作系统 > Linux操作系统 > openldap configure

openldap configure

原创 Linux操作系统 作者:bontonpan 时间:2009-01-30 10:40:50 0 删除 编辑

1.1need packaging
nss_ldap-239-3mdk
openldap-clients-2.3.6-4mdk
perl-ldap-0.31-2mdk
libldap2.3_0-2.3.6-4mdk
pam_ldap-180-2mdk
php-ldap-5.0.4-4mdk
apache-mod_ldap-2.0.54-13.2.20060mdk
openldap-servers-2.3.6-4mdk
openldap-2.3.6-4mdk
libldap2.3_0-devel-2.3.6-4mdk
1.2 /etc/openldap/slapd.conf

 $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Modified by Christian Zoffoli
# Version 0.2
#

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /usr/share/openldap/schema/evolutionperson.schema
include /usr/share/openldap/schema/calendar.schema
include /usr/share/openldap/schema/sudo.schema
include /usr/share/openldap/schema/dnszone.schema
include /usr/share/openldap/schema/dhcp.schema

#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema

include /etc/openldap/schema/local.schema


# Define global ACLs to disable default read access and provide default
# behaviour for samba/pam use
include         /etc/openldap/slapd.access.conf

# Provide write access to replicators, and cover access to any other
# attributes (default anonymous read access may be undesirable)
access to dn.subtree="dc=mpe,dc=fih-foxconn,dc=com"
        by group="cn=Replicator,ou=Group,dc=mpe,dc=fih-foxconn,dc=com"
        by users read
        by anonymous read
# Replicas running syncrepl as non-rootdn need unrestricted size/time limits:
#limits group="cn=Replicator,ou=Group,dc=example,dc=com"
limits group="cn=Replicator,ou=Group,dc=mpe,dc=fih-foxconn,dc=com"
 size=unlimited
 time=unlimited

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

modulepath      /usr/lib/openldap
schemacheck     off

# database backend modules available:
#moduleload      back_dnssrv.la
#moduleload      back_ldap.la
#moduleload      back_meta.la
#moduleload      back_monitor.la
#moduleload      back_passwd.la
#moduleload      back_sql.la

# overlay modules available:
#moduleload     accesslog.la
#moduleload     denyop.la
#moduleload     dyngroup.la
#moduleload     dynlist.la
#moduleload     glue.la
#moduleload     lastmod.la
#moduleload     pcache.la
#moduleload     ppolicy.la
#moduleload     refint.la
#moduleload     retcode.la
#moduleload     rwm.la
#moduleload     syncprov.la
#moduleload     translucent.la
#moduleload     unique.la

#contrib overlays
#moduleload      smbk5pwd.so
# SASL config
#sasl-host ldap.example.com

# To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem
# and uncomment the following lines.
#TLSRandFile            /dev/random
#TLSCipherSuite         HIGH:MEDIUM:+SSLv2
TLSCertificateFile      /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
#TLSCACertificatePath   /etc/ssl/openldap/
#TLSCACertificateFile    /etc/ssl/cacert.pem
TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
#TLSVerifyClient never # ([never]|allow|try|demand)

# logging
#loglevel 256

#######################################################################
# database definitions
#######################################################################

database        bdb
suffix          "dc=mpe,dc=fih-foxconn,dc=com"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=root,dc=mpe,dc=fih-foxconn,dc=com"
#rootdn         "cn=Manager,o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# rootpw                {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap

# Tuning settings, please see the man page for slapd-bdb for more information
# as well as the DB_CONFIG file in the database directory
# commented entries are at their defaults
# In-memory cache size in entries
#cachesize 1000
# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed
# since the last checkpoint
checkpoint 256 5
# Indices to maintain
#index  objectClass                             eq
index   objectClass,uid,uidNumber,gidNumber,memberuid   eq
index   cn,mail,surname,givenname               eq,subinitial
# samba searches on sid
#index  sambaSID                                eq

# Basic ACL (deprecated in favour of ACLs in /etc/openldap/slapd.access.conf)
#access to attr=userPassword
#        by self write
#        by anonymous auth
#        by dn="uid=root,ou=People,dc=example,dc=com" write
#        by * none

#access to *
#        by dn="uid=root,ou=People,dc=example,dc=com" write
#        by * read

# ACL ensuring replicator has write access
#access to *
#       by group="cn=Replicator,ou=Group,dc=example,dc=com" write
#       by * read

# Replica configuration (if this server is a slave)
#updatedn        "cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com"
#updateref       "ldap://ldap-master.example.com"

1.3 ldap passwd setting

!/bin/sh
ldappasswd -x -D cn=root,dc=mpe,dc=fih-foxconn,dc=com -w secret -S uid=$1,ou=People,dc=mpe,dc=fih-foxconn,dc=com

1.4 ldapbrowse setting
host info
host:10.191.17.20 port 389
Base DN;dc=mpe,dc=fih-foxconn,dc=com
user info
user dn :cn=root append base DN v
password *

browsereditor:
dc=mpe,dc=fih-foxconn;dc=com
u=people
personel:
sn:s000008
userpasssword:
loginshell:/bin/false
uidnumber:501
gidnumber:100
objectclass:top
objectclass:person
objectclass:postfixaccount
uid=s0008
cn=s0008
homedirectory:/dev/null
1.7 sample
dn: dc=mpe,dc=fih-foxconn,dc=com
dc: mpe
objectClass: top
objectClass: domain

dn: u=People,dc=mpe,dc=fih-foxconn,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
1.8 entry sample
dn: uid=S00003,ou=People, dc=mpe,dc=fih-foxconn,dc=com sn: S00003 userPassword:: e0NSWVBUfWJ4c2VTV3hyLlphd28= loginShell: /bin/false uidNumber: 503 gidNumber: 100 objectClass: top objectClass: person objectClass: posixAccount uid: S00003 cn:: 5L2Z6Iyc homeDirectory: /dev/null




来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/11754813/viewspace-544777/,如需转载,请注明出处,否则将追究法律责任。

上一篇: proftpd for linux
请登录后发表评论 登录
全部评论

注册时间:2009-01-30

  • 博文量
    51
  • 访问量
    37097