差異處

這裏顯示兩個版本的差異處。

--- tech:openldap [2007/10/25 18:32] – jonathan
+++ tech:openldap [2009/06/05 07:18] (目前版本) – jonathan
@@ 行 1: / 行 1: @@
+====== CentOS 5 安裝 OpenLdap 管理通訊錄 ======
+===== - 安裝套件 =====
+  * compat-openldap-2.3.27_2.2.29-5
+  * openldap-2.3.27-5
+  * openldap-devel-2.3.27-5
+  * openldap-clients-2.3.27-5
+  * openldap-servers-2.3.27-5
+  * openldap-servers-sql-2.3.27-5
+===== - 設定 LDAP Server =====
+  * 透過 slappasswd 產生主要的密碼
+<code>
+[root@pd920 ~]# slappasswd
+New password:
+Re-enter new password:
+{SSHA}N3Xr7mUajfh9BY_________xx_WfWgb
+</code>
+  * vi /etc/openldap/slapd.conf
+<code>
+:
+suffix          "dc=ichiayi,dc=com"
+rootdn          "cn=Manager,dc=ichiayi,dc=com"
+:
+rootpw          {SSHA}N3Xr7mUajfh9BY_________xx_WfWgb
+:
+</code>
+===== - 建立 LDAP 內組織結構 =====
+  * 將 DB_CONFIG.example -> /var/lib/ldap/DB_CONFIG
+<code>
+cd /etc/openldap
+cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG
+</code>
+  * 編輯與匯入組織結構檔
+++++root_unit.ldif|
+<code>
+# root node
+dn: dc=ichiayi,dc=com
+dc: ichiayi
+objectClass: dcObject
+objectClass: organizationalUnit
+ou: ichiayi Dot com
+#login top
+dn: ou=login,dc=ichiayi,dc=com
+ou: login
+objectClass: organizationalUnit
+#user, uid, password
+dn: ou=user,ou=login,dc=ichiayi,dc=com
+ou: user
+objectClass: organizationalUnit
+#group
+dn: ou=group,ou=login,dc=ichiayi,dc=com
+ou: group
+objectClass: organizationalUnit
+##for company organization top
+dn: ou=company,dc=ichiayi,dc=com
+ou: company
+objectClass: organizationalUnit
+#for company organization (unit)
+dn: ou=unit,ou=company,dc=ichiayi,dc=com
+ou: unit
+objectClass: organizationalUnit
+#human resource (under unit)
+dn: ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com
+ou: hr
+objectClass: organizationalUnit
+#MIS (under unit)
+dn: ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com
+ou: mis
+objectClass: organizationalUnit
+#Tech (under unit)
+dn: ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com
+ou: tech
+objectClass: organizationalUnit
+# for customers information
+dn: ou=customer,ou=company,dc=ichiayi,dc=com
+ou: customer
+objectClass: organizationalUnit
+</code>
+++++
+<code>
+slapadd -v -l root_unit.ldif
+----
+[root@pd920 openldap]# slapadd -v -l /tmp/root_unit.ldif
+added: "dc=ichiayi,dc=com" (00000001)
+added: "ou=login,dc=ichiayi,dc=com" (00000002)
+added: "ou=user,ou=login,dc=ichiayi,dc=com" (00000003)
+added: "ou=group,ou=login,dc=ichiayi,dc=com" (00000004)
+added: "ou=company,dc=ichiayi,dc=com" (00000005)
+added: "ou=unit,ou=company,dc=ichiayi,dc=com" (00000006)
+added: "ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com" (00000007)
+added: "ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com" (00000008)
+added: "ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com" (00000009)
+added: "ou=customer,ou=company,dc=ichiayi,dc=com" (0000000a)
+----
+chown -R ldap /var/lib/ldap/*
+</code>
+===== - 啟動 LDAP Server 與確認匯入資料正確 =====
+  * service ldap start
+  * ldapsearch -x -b "dc=ichiayi,dc=com"
+++++實際過程|
+<code>
+[root@pd920 openldap]# service ldap start
+正在為 slapd 檢查設定檔案:  config file testing succeeded
+                                                           [  確定  ]
+正在啟動 slapd:                                            [  確定  ]
+[root@pd920 openldap]# ldapsearch -x -b "dc=ichiayi,dc=com"
+# extended LDIF
+#
+# LDAPv3
+# base <dc=ichiayi,dc=com> with scope subtree
+# filter: (objectclass=*)
+# requesting: ALL
+#
+# ichiayi.com
+dn: dc=ichiayi,dc=com
+dc: ichiayi
+objectClass: dcObject
+objectClass: organizationalUnit
+ou: ichiayi Dot com
+# login, ichiayi.com
+dn: ou=login,dc=ichiayi,dc=com
+ou: login
+objectClass: organizationalUnit
+# user, login, ichiayi.com
+dn: ou=user,ou=login,dc=ichiayi,dc=com
+ou: user
+objectClass: organizationalUnit
+# group, login, ichiayi.com
+dn: ou=group,ou=login,dc=ichiayi,dc=com
+ou: group
+objectClass: organizationalUnit
+# company, ichiayi.com
+dn: ou=company,dc=ichiayi,dc=com
+ou: company
+objectClass: organizationalUnit
+# unit, company, ichiayi.com
+dn: ou=unit,ou=company,dc=ichiayi,dc=com
+ou: unit
+objectClass: organizationalUnit
+# hr, unit, company, ichiayi.com
+dn: ou=hr,ou=unit,ou=company,dc=ichiayi,dc=com
+ou: hr
+objectClass: organizationalUnit
+# mis, unit, company, ichiayi.com
+dn: ou=mis,ou=unit,ou=company,dc=ichiayi,dc=com
+ou: mis
+objectClass: organizationalUnit
+# tech, unit, company, ichiayi.com
+dn: ou=tech,ou=unit,ou=company,dc=ichiayi,dc=com
+ou: tech
+objectClass: organizationalUnit
+# customer, company, ichiayi.com
+dn: ou=customer,ou=company,dc=ichiayi,dc=com
+ou: customer
+objectClass: organizationalUnit
+# search result
+search: 2
+result: 0 Success
+# numResponses: 11
+# numEntries: 10
+[root@pd920 openldap]#
+</code>
+++++
+===== - 安裝 LDAP Web 管理介面系統 GOsa (尚未完成)=====
+  * GOsa 網站 : http://www.gosa-project.org/ [[ftp://oss.gonicus.de/pub/gosa/|下載目錄]]
+++++實際安裝過程|
+<code>
+cd /usr/share/
+wget ftp://oss.gonicus.de/pub/gosa/gosa-2.5.13.tar.gz
+tar -zxvf gosa-2.5.13.tar.gz
+mv gosa-2.5.13 gosa
+rm gosa-2.5.13.tar.gz
+cd gosa
+mkdir /var/spool/gosa
+chmod 777 /var/spool/gosa
+mkdir /etc/gosa
+</code>
+++++
+===== - 匯入現有 Thunderbird 通訊錄資料(尚未完成) =====
+  * 將通訊錄資料會出成 jonathan.ldif
+  * 使用 slapadd -v -l jonathan.ldif 匯入
+<code>
+[root@pd920 tmp]# slapadd -v -l jonathan.ldif
+bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
+Expect poor performance for suffix dc=ichiayi,dc=com.
+<= str2entry: str2ad(mozillaNickname): attribute type undefined
+slapadd: could not parse entry (line=742)
+[root@pd920 tmp]#
+[root@pd920 openldap]# service ldap start
+正在為 slapd 檢查設定檔案:  config file testing succeeded
+                                                           [  確定  ]
+正在啟動 slapd:                                            [  確定  ]
+[root@pd920 openldap]#
+</code>
+===== - 參考資料 =====
+  * [[http://ms.ntcb.edu.tw/~steven/article/ldap-1.htm|LDAP 入門]]
+  * [[http://ms.ntcb.edu.tw/~steven/article/ldap-2.htm|LDAP - 使用 Thunderbird / Outlook 查尋通訊錄]]
+  * [[http://b2d.phc.edu.tw/modules/tadbook2/view.php?book_sn=15&bdsn=472|澎湖人 No.1 - CentOS安裝OpenLDAP]]
+{{tag>ldap openldap draft draft_安裝 thunderbird 通訊錄}}