CentOS 5 安裝 OpenLdap 管理通訊錄

- 安裝套件

compat-openldap-2.3.27_2.2.29-5
openldap-2.3.27-5
openldap-devel-2.3.27-5
openldap-clients-2.3.27-5
openldap-servers-2.3.27-5
openldap-servers-sql-2.3.27-5

- 設定 LDAP Server

透過 slappasswd 產生主要的密碼

[root@pd920 ~]# slappasswd
New password:
Re-enter new password:
{SSHA}N3Xr7mUajfh9BY_________xx_WfWgb

vi /etc/openldap/slapd.conf

:
suffix          "dc=ichiayi,dc=com"
rootdn          "cn=Manager,dc=ichiayi,dc=com"
:
rootpw          {SSHA}N3Xr7mUajfh9BY_________xx_WfWgb
:

- 建立 LDAP 內組織結構

將 DB_CONFIG.example → /var/lib/ldap/DB_CONFIG

cd /etc/openldap
cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

編輯與匯入組織結構檔

root_unit.ldif

# root node
dn: dc=ichiayi,dc=com
dc: ichiayi
objectClass: dcObject
objectClass: organizationalUnit
ou: ichiayi Dot com

#login top
dn: ou=login,dc=ichiayi,dc=com
ou: login
objectClass: organizationalUnit

#user, uid, password
dn: ou=user,ou=login,dc=ichiayi,dc=com
ou: user
objectClass: organizationalUnit

#group
dn: ou=group,ou=login,dc=ichiayi,dc=com
ou: group
objectClass: organizationalUnit

##for company organization top
dn: ou=company,dc=ichiayi,dc=com
ou: company
objectClass: organizationalUnit

#for company organization (unit)
dn: ou=unit,ou=company,dc=ichiayi,dc=com
ou: unit
objectClass: organizationalUnit

#human resource (under unit)
dn: ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com
ou: hr
objectClass: organizationalUnit

#MIS (under unit)
dn: ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com
ou: mis
objectClass: organizationalUnit

#Tech (under unit)
dn: ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com
ou: tech
objectClass: organizationalUnit

# for customers information
dn: ou=customer,ou=company,dc=ichiayi,dc=com
ou: customer
objectClass: organizationalUnit

slapadd -v -l root_unit.ldif
----
[root@pd920 openldap]# slapadd -v -l /tmp/root_unit.ldif
added: "dc=ichiayi,dc=com" (00000001)
added: "ou=login,dc=ichiayi,dc=com" (00000002)
added: "ou=user,ou=login,dc=ichiayi,dc=com" (00000003)
added: "ou=group,ou=login,dc=ichiayi,dc=com" (00000004)
added: "ou=company,dc=ichiayi,dc=com" (00000005)
added: "ou=unit,ou=company,dc=ichiayi,dc=com" (00000006)
added: "ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com" (00000007)
added: "ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com" (00000008)
added: "ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com" (00000009)
added: "ou=customer,ou=company,dc=ichiayi,dc=com" (0000000a)
----
chown -R ldap /var/lib/ldap/*

- 啟動 LDAP Server 與確認匯入資料正確

service ldap start
ldapsearch -x -b “dc=ichiayi,dc=com”

實際過程

[root@pd920 openldap]# service ldap start
正在為 slapd 檢查設定檔案:  config file testing succeeded
                                                           [  確定  ]
正在啟動 slapd:                                            [  確定  ]
[root@pd920 openldap]# ldapsearch -x -b "dc=ichiayi,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=ichiayi,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ichiayi.com
dn: dc=ichiayi,dc=com
dc: ichiayi
objectClass: dcObject
objectClass: organizationalUnit
ou: ichiayi Dot com

# login, ichiayi.com
dn: ou=login,dc=ichiayi,dc=com
ou: login
objectClass: organizationalUnit

# user, login, ichiayi.com
dn: ou=user,ou=login,dc=ichiayi,dc=com
ou: user
objectClass: organizationalUnit

# group, login, ichiayi.com
dn: ou=group,ou=login,dc=ichiayi,dc=com
ou: group
objectClass: organizationalUnit

# company, ichiayi.com
dn: ou=company,dc=ichiayi,dc=com
ou: company
objectClass: organizationalUnit

# unit, company, ichiayi.com
dn: ou=unit,ou=company,dc=ichiayi,dc=com
ou: unit
objectClass: organizationalUnit

# hr, unit, company, ichiayi.com
dn: ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com
ou: hr
objectClass: organizationalUnit

# mis, unit, company, ichiayi.com
dn: ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com
ou: mis
objectClass: organizationalUnit

# tech, unit, company, ichiayi.com
dn: ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com
ou: tech
objectClass: organizationalUnit

# customer, company, ichiayi.com
dn: ou=customer,ou=company,dc=ichiayi,dc=com
ou: customer
objectClass: organizationalUnit

# search result
search: 2
result: 0 Success

# numResponses: 11
# numEntries: 10
[root@pd920 openldap]#

- 安裝 LDAP Web 管理介面系統 GOsa (尚未完成)

GOsa 網站 : http://www.gosa-project.org/ 下載目錄

實際安裝過程

cd /usr/share/
wget ftp://oss.gonicus.de/pub/gosa/gosa-2.5.13.tar.gz
tar -zxvf gosa-2.5.13.tar.gz
mv gosa-2.5.13 gosa
rm gosa-2.5.13.tar.gz
cd gosa
mkdir /var/spool/gosa
chmod 777 /var/spool/gosa
mkdir /etc/gosa

- 匯入現有 Thunderbird 通訊錄資料(尚未完成)

將通訊錄資料會出成 jonathan.ldif
使用 slapadd -v -l jonathan.ldif 匯入

[root@pd920 tmp]# slapadd -v -l jonathan.ldif

bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=ichiayi,dc=com.
<= str2entry: str2ad(mozillaNickname): attribute type undefined
slapadd: could not parse entry (line=742)
[root@pd920 tmp]#

[root@pd920 openldap]# service ldap start
正在為 slapd 檢查設定檔案:  config file testing succeeded
                                                           [  確定  ]
正在啟動 slapd:                                            [  確定  ]
[root@pd920 openldap]#

- 參考資料

ldap, openldap, draft, draft 安裝, thunderbird, 通訊錄