1.1need packaging
nss_ldap-239-3mdk
openldap-clients-2.3.6-4mdk
perl-ldap-0.31-2mdk
libldap2.3_0-2.3.6-4mdk
pam_ldap-180-2mdk
php-ldap-5.0.4-4mdk
apache-mod_ldap-2.0.54-13.2.20060mdk
openldap-servers-2.3.6-4mdk
openldap-2.3.6-4mdk
libldap2.3_0-devel-2.3.6-4mdk
1.2 /etc/openldap/slapd.conf
$OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Modified by Christian Zoffoli
# Version 0.2
#
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /usr/share/openldap/schema/evolutionperson.schema
include /usr/share/openldap/schema/calendar.schema
include /usr/share/openldap/schema/sudo.schema
include /usr/share/openldap/schema/dnszone.schema
include /usr/share/openldap/schema/dhcp.schema
#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema
include /etc/openldap/schema/local.schema
# Define global ACLs to disable default read access and provide default
# behaviour for samba/pam use
include /etc/openldap/slapd.access.conf
# Provide write access to replicators, and cover access to any other
# attributes (default anonymous read access may be undesirable)
access to dn.subtree="dc=mpe,dc=fih-foxconn,dc=com"
by group="cn=Replicator,ou=Group,dc=mpe,dc=fih-foxconn,dc=com"
by users read
by anonymous read
# Replicas running syncrepl as non-rootdn need unrestricted size/time limits:
#limits group="cn=Replicator,ou=Group,dc=example,dc=com"
limits group="cn=Replicator,ou=Group,dc=mpe,dc=fih-foxconn,dc=com"
size=unlimited
time=unlimited
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
schemacheck off
# database backend modules available:
#moduleload back_dnssrv.la
#moduleload back_ldap.la
#moduleload back_meta.la
#moduleload back_monitor.la
#moduleload back_passwd.la
#moduleload back_sql.la
# overlay modules available:
#moduleload accesslog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload glue.la
#moduleload lastmod.la
#moduleload pcache.la
#moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
#moduleload syncprov.la
#moduleload translucent.la
#moduleload unique.la
#contrib overlays
#moduleload smbk5pwd.so
# SASL config
#sasl-host ldap.example.com
# To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem
# and uncomment the following lines.
#TLSRandFile /dev/random
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
#TLSCACertificatePath /etc/ssl/openldap/
#TLSCACertificateFile /etc/ssl/cacert.pem
TLSCACertificateFile /etc/ssl/openldap/ldap.pem
#TLSVerifyClient never # ([never]|allow|try|demand)
# logging
#loglevel 256
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=mpe,dc=fih-foxconn,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=root,dc=mpe,dc=fih-foxconn,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Tuning settings, please see the man page for slapd-bdb for more information
# as well as the DB_CONFIG file in the database directory
# commented entries are at their defaults
# In-memory cache size in entries
#cachesize 1000
# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed
# since the last checkpoint
checkpoint 256 5
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber,memberuid eq
index cn,mail,surname,givenname eq,subinitial
# samba searches on sid
#index sambaSID eq
# Basic ACL (deprecated in favour of ACLs in /etc/openldap/slapd.access.conf)
#access to attr=userPassword
# by self write
# by anonymous auth
# by dn="uid=root,ou=People,dc=example,dc=com" write
# by * none
#access to *
# by dn="uid=root,ou=People,dc=example,dc=com" write
# by * read
# ACL ensuring replicator has write access
#access to *
# by group="cn=Replicator,ou=Group,dc=example,dc=com" write
# by * read
# Replica configuration (if this server is a slave)
#updatedn "cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com"
#updateref "ldap://ldap-master.example.com"
1.3 ldap passwd setting
!/bin/sh
ldappasswd -x -D cn=root,dc=mpe,dc=fih-foxconn,dc=com -w secret -S uid=$1,ou=People,dc=mpe,dc=fih-foxconn,dc=com
1.4 ldapbrowse setting
host info
host:10.191.17.20 port 389
Base DN;dc=mpe,dc=fih-foxconn,dc=com
user info
user dn :cn=root append base DN v
password *
browsereditor:
dc=mpe,dc=fih-foxconn;dc=com
u=people
personel:
sn:s000008
userpasssword:
loginshell:/bin/false
uidnumber:501
gidnumber:100
objectclass:top
objectclass:person
objectclass:postfixaccount
uid=s0008
cn=s0008
homedirectory:/dev/null
1.7 sample
dn: dc=mpe,dc=fih-foxconn,dc=com
dc: mpe
objectClass: top
objectClass: domain
dn: u=People,dc=mpe,dc=fih-foxconn,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
1.8 entry sample
dn: uid=S00003,ou=People, dc=mpe,dc=fih-foxconn,dc=com sn: S00003 userPassword:: e0NSWVBUfWJ4c2VTV3hyLlphd28= loginShell: /bin/false uidNumber: 503 gidNumber: 100 objectClass: top objectClass: person objectClass: posixAccount uid: S00003 cn:: 5L2Z6Iyc homeDirectory: /dev/null
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/11754813/viewspace-544777/,如需转载,请注明出处,否则将追究法律责任。
请登录后发表评论
登录
全部评论
