2. Tech
  3. Install OPLDAP Adventures

Install OPLDAP Adventures

xiaoxiao2021-03-06  39

Install OpenLDAP Adventures

Author: cleverpig

Installation Environment:

Redhat Linux9.0 kernel version

2.40.2

-8

First, ready to work:

Prepare for software listed in http://www.openldap.org/faq/data/cache/196.html:

1. The prerequisite for installation is: the C development environment, supports a regular expression of the POSIX standard, and supports the Berkeley standard network protocol.

OpenLDap 2.x is designed to "configure" and "build" on unix (and unix-like) systems.

The Prerequisites Depending Upon The Which Features You Desire.

General prerequisites include:

C development environment

POSIX Regex Routines

Berkeley Networking (Socket / Select) Routines

2. Installing SLAPD is the software required for OpenLDAP's daemon: Berkeley database and GBDM database can choose one of them. I chose the former.

Berkeley Database 4.2 and related patches file: Source code and patch files can be downloaded from http://www.sleepycat.com/. Patching the Patch To run using the patch command, the main function is bug in the source code before compiling. For details on patches, please refer to WWW-900.IBM.com/developerWorks/ CN / Linux / L-Diffp / Index.SHTML.

SLAPD (with bdb database) prerequisites incrudes:

Berkeley Database 4.2 from sleepycat (http://www.sleepycat.com/)

Latest version with patches is recommended.

SLAPD (with LDBM Database) Prerequisites include Suitable Database Support. One of Following Packages Can Fulfill The Prerequisite.

Berkeley Database from Sleepycat (http://www.sleepycat.com/)

GNU Database Manager (GDBM) from fsf (http://www.gnu.org/)

For OpenLDAP 2.1 (or Later), Berkeley DB 4.1 is Recommended.

SLURPD Prerequisites include:

Thread Support (POSIX Threads and Others)

3. Optional software: SSL / TLS and SASL. SSL / TLS provides information encryption, you can download from http://www.openssl.org, but you need to make patch before installation http://www.openldap.org/faq/index.cgi?file=185. Cyrus-SASL is primarily provided to some secure authentication features, you can download the source code from http://asg.web.cmu.edu/sASL/. Since these two are optional software, the latter is selected according to the load of the computer.

SSL / TLS Prerequisites:

OpenSSL

0.9.6

From http://www.openssl.org

The OpenSSL library usually needs to be patched before it will work correctly See this FAQ article for details:. Http://www.openldap.org/faq/index.cgi?file=185 (Note about OpenSSL and crypt ()) SASL Prerequisites:

Cyrus-sasl from http://asg.Web.cmu.edu/sASL/

Second, start installation:

1. Install Berkeley Database (Berkeley Database

4.2.52

):

Tar -ZXVF DB-

4.2.52

.Nc.tar.gz or gzip -d db-4.2.52.nc.tar.gz again TAR-XF DB-4.2.52.NC.TAR. After the compression is completed, a DB-4.2.52.NC directory will be generated, and the build_unix directory in this directory will be configured and the Berkeley 4.2.2.52 is configured in this directory. Perform the following command to configure the installation. # ../dist/configure # make # make install is also the three-step completion of the Linux source installation, nothing to say. The software is installed by default in /usr/local/berkeleydb.4.2 directory. After the installation is complete, you want to add the /usr/libal/berkeleydb.4.2/lib's library path to the /etc/ld.so.conf file, this file is the configuration file of the system dynamic link library. In this file, the name of the directory where the dynamic link library that can be shared by the Linux is stored (except for system directory / lib, / usr / lib, / usr / lib), and each directory name is separated by blank characters (space, wrap, etc.) or colon or comma. In a general Linux release, this file contains a shared directory / usr / x11r6 / lib that is located for the Dynamic Link Library of the X Window window system. After adding, execute a ldconfig -V, use the configuration file to take effect. This can be found in this way to find the corresponding library files when you compile OpenLDAP.

2. Install Cyrus-Sasl (Cyrus-SasL-

2.1.20

):

Tar -ZXVF Cyrus-SasL-

2.1.20

.tar.gz or gzip -d cyrus-sasl-2.1.20.tar.gz re-tar -xf cyrus-sasl-2.1.20.tar.

After the compression, Cyrus-SASL will be generated-

2.1.20

Directory, enter this directory, follow the three-step song installed in the Linux source code:

# ./configure

# Make

# make install

Since Cyrus-SASL requires some library support, please visit http://asg.web.cmu.edu/sasl/. I am more fortunate :-). After the installation is complete, you want to add the / usr / local / lib / sasl2 and / usr / local / lib / SASL2 and / USR / LICAL / LIB's library path to the /etc/ld.so.conf file, then execute ldconfig -V after adding completion, use the configuration file to take effect. . This can be found in this way to find the corresponding library files when you compile OpenLDAP.

operation result:

LDConfig -V

...

/ usr / local / lib:

LibLDAP_R-2.2.SO.7 -> libldap_r-2.2.so.

7.0.13

LibLDAP-2.2.SO.7 -> libldap-2.2.so.

7.0.13

Liblber-2.2.so. 7-> liblber-2.2.so.

7.0.13

Libsasl2.so.2-> libsasl2.so.2.0.20

/ usr / local / lib / sasl2:

Libanonymous.so.2 -> libanonymous.so.

2.0.20

Libplain.so.2 -> libplain.so.

2.0.20

Libotp.so.2 -> libotp.so.

2.0.20

LibDigestMD5.SO.2 -> libdigestmd5.so.

2.0.20

Libcrammd5.so.2 -> libcrammd5.so.

2.0.20

Libsasldb.so.2 -> libsasldb.so.

2.0.20

...

Some symbolic connection information of SASL can be seen. Command LDD in Linux can also view the library link information of the execution file or library file, and detailed usage can be found with ldd --help.

3. Install OpenLDAP (OpenLDAP-Stable

2.2.20

(20050103)):

Like the installation of Cyrus-Sasl, decompress the generated OpenLDAP-

2.2.20

Directory, according to the trilum test installed in the Linux source code (Make Test):

# ./configure

A. The first taste failed: the problem is coming, just run ./configure appears below 1:

Checking Berkeley DB Version for BDB Backend ... No

Configure: Error: BDB: BerkeleyDB Version Incompatible

This error shows that the version of the Berkeley database is not compatible with OpenLDAP? ? Strange, I installed

4.2.52

But OpenLDAP official documentation clearly states support! Carefully check that I have installed Berkeley on my RH9 installed on my RH9.

So I first set the environment variable before executing configure:

Export cppflags = "- I / usr / local / berkeleydb.4.2 / incrude"

Export ldflags = "- l / usr / local / berkeleydb.4.2 / lib"

Environment Variables used by Configure:

CC = ... C Compiler Name CPPFLAGS = ... Various C pre-processing and compiler parameters CFLAGS = ... C compiler debugging and optimizing parameters ldflags = ... Various connector parameters libs =. .. Library location information of the connector ("-l" -l "parameter) IncludDes = ... header file search directory (" -IDIR "). Target = ... [default: Apache] Target execution file Name NOTEST_CPPFLAGS = ... NOTEST_CFLAGS = ... NOTEST_LDFLAGS = ... NOTEST_LIBS = ...

These two environment variables specify pre-processing compilation parameters, connector parameters, which will be read by Configure when executing Configure and is used in later MAKE. Sure enough, there is no problem in Configure.

B. Again, I just solved a problem, I haven't breathed a breath, configure has a problem, error 2:

Checking Cyrus Sasl Library Version ... no

Configure: Error: Cyrus Sasl Library Located But Is Incompatible, like a Berkeley database, is not compatible with the version of Cycrus SASL? ? Originally, the same reason: there is a low version of Cycrus SASL in the system. . . L. . . trouble! I have to enrich the environment variables:

Export cppflags = "- I / usr / local / berkeleydb.4.2 / incrude"

Export ldflags = "- l / usr / local / lib / -L / usr / local / berkeleydb.4.2 / lib -l / usr / local / lib / sasl2"

Put the library of the Cycrus SASL that is just installed into the connector parameter ldflags. Then re-configure, passed.

# Make

This stage basically my job is waiting, drink some water. . . After the Make is over. .

# Make Test

C. One wave of three fold: big problem (if the configuration is incorrect, this error will also appear when Make Install is running SLAPD -D 9). . Error 3:

CD Tests; Make Test

Make [1]: Entering Directory `/ Home / Liudan / OpenLDAP-

2.2.20

/ Tests'

Make [2]: Entering Directory `/ Home / Liudan / OpenLDAP-

2.2.20

/ Tests'

Initiating LDAP Tests for BDB ...

Running ./scripts/All ...

>>>>> EXECUTING All LDAP Tests for BDB

>>>>> STARTING TEST000-ROOTDSE ...

Running defines.sh

Starting Slapd on TCP / IP Port 9011 ...

...

SLAPD INIT: INITIATED Server.

SLAP_SASL_INIT: SASL LIBRARY VERSION MISMATCH: EXPECTED

2.1.20

GOT 2.1.10

SLAPD SHUTDOWN: Freeing System Resources.

Slapd stopped.

Connections_DESTROY: NOTHING to DESTROY.

Cyrus SASL's library version is inconsistent with the requirements! ! OpenLDAP needs

2.1.20

And use 2.1.10 when testing? ? Cyrus SASL 2.1.10 is the old version of the library installed when the system is installed, exists in the / usr / lib / sasl directory. Is it the old library used when testing Make Test? . .

Take a look at the slapd after Make Install: installed in the / usr / local / libexec directory. Use the -d parameter when running: Select different levels of information:

[root @ WeblServer Libexec] # ./slapd -d 9

@ (#) $ OpenLDAP: SLAPD

2.2.20

(Jan 17 2005 14:19:20) $

Root @ weblserver: / home / liudan / OpenLDAP-

2.2.20

/ Servers / Slapd

Daemon_init: Listen on LDAP: ///

Daemon_init: 1 listener to Open ...

LDAP_URL_PARSE_EXT (LDAP: ///) Daemon: IPv6 Socket () failed errno = 97 (Address Family Not Supported by Protocol)

Daemon: Initialized LDAP: ///

Daemon_init: 2 listener Opened

SLAPD INIT: INITIATED Server.

SLAP_SASL_INIT: SASL LIBRARY VERSION MISMATCH: EXPECTED

2.1.20

GOT 2.1.10

SLAPD SHUTDOWN: Freeing System Resources.

Slapd stopped.

Connections_DESTROY: NOTHING to DESTROY.

The same error. It seems that there is a problem with Cyrus SASL used during runtime, check out the library link of SLAPD:

[root @ WeblServer Libexec] # l l s s

LibDB-4.2.so => ​​/usr/local/berkeleydb.4.2/lib/libdb-4.2.so (0x4002b000)

Libssl.so.4 => /lib/libssl.so.4 (0x400D2000)

Libcrypt.so.1 => /lib/libcrypt.so.1 (0x40107000)

Libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40134000)

Libpthread.so.0 => /lib/tls/libpthread.so.0 (0x40147000)

Libc.so.6 => /lib/tls/libc.so.6 (0x42000000)

Libresolv.so.2 => /lib/libresolv.so.2 (0x40155000)

Libcrypto.so.4 => /lib/libcrypto.so.4 (0x40167000)

Libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40258000)

Libkrb5.SO.3 => /usr/kerberos/lib/libkrb5.so.3 (0x4026b000)

Libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x

402C

9000)

Libcom_err.so.3 => /usr/kerberos/lib/libcom_ERR.SO.3 (0x402d9000)

Libdl.so.2 => /lib/libdl.so.2 (0x402dc000)

Libz.so.1 => /usr/lib/libz.so.1 (0x402df000)

/LIB/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

It was found that it was actually called or /usr/lib/libsasl2.so.2 (pointing /us / ru/lib/sasl/libsasl2.so.

2.0.10

This symbol connection.

D. First try: Add a connection library path variable LD_Library_Path to the environment.

Export ld_library_path = "/ usr / local / lib"

Run SLAPD again, successful.

E. Solve your heart: Each time the SLAPD is added to add this environment variable or write this environment variable into the profile? I think it is still a completely modified symbol connection. So the original system's / usr / lib / sasl directory and symbolic connection / usr / lib / libsasl2.so.2 and the Libsasl2.so point to it or to rename it:

MV / USR / LIB / SASL / USR / LIB / SASL-ORIG or delete SASL

[root @ weblserver lib] # ls -l libsasl *

-rw-r - r - 1 root root 259634 2003-01-26 Libsasl2.a

-RWXR-XR-x 1 root root 768 2003-01-26 Libsasl2.LA

LRWXRWXRWX 1 Root Root 18 January 5 22:20 libsasl2.so -> libsasl2.so.

2.0.10

LRWXRWXRWX 1 Root Root 18 January 5 21:44 Libsasl2.so.2 -> libsasl2.so.

2.0.10

-RWXR-XR-X 1 root root 76612 2003-01-26 libsasl2.so.

2.0.10

-rw-r - r - 1 root root 62474 2003-01-26 Libsasl.a

-RWXR-XR-x 1 root root 770 2003-01-26 Libsasl.la

LRWXRWXRWX 1 root root 17 January 5 22:20 Libsasl.so -> libsasl.so.

7.1.11

LRWXRWXRWX 1 Root Root 17 January 5 21:44 Libsasl.so.7 -> libsasl.so.

7.1.11

-RWXR-XR-X 1 root root 43612 2003-01-26 libsasl.so.

7.1.11

[root @ weblserver lib] # rm libsasl2.so.2

[root @ weblserver lib] # rm Libsasl2.so

Re-link:

[root @ weblserver lib] # ln -s / usr / local / lib / sasl2 / usr / lib / SASL2

[root @ weblserver lib] # ln -s /usr/local/lib/libsasl2.so.

2.0.20

Libsasl2.so.2

[root @ weblserver lib] # ln -s /usr/local/lib/libsasl2.so.

2.0.20

Libsasl2.so

View SLAPD library link:

[root @ WeblServer Libexec] # l l s s

LibDB-4.2.so => ​​/usr/local/berkeleydb.4.2/lib/libdb-4.2.so (0x4002b000)

Libssl.so.4 => /lib/libssl.so.4 (0x400D2000)

Libcrypt.so.1 => /lib/libcrypt.so.1 (0x40107000)

Libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40134000)

Libpthread.SO.0 => /Lib/tls/libpthread.so.0 (0x40147000) libc.so.6 => /Lib/tls/libc.so. 6 (0x42000000)

Libresolv.so.2 => /lib/libresolv.so.2 (0x40155000)

Libcrypto.so.4 => /lib/libcrypto.so.4 (0x40167000)

Libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40258000)

Libkrb5.SO.3 => /usr/kerberos/lib/libkrb5.so.3 (0x4026b000)

Libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x

402C

9000)

Libcom_err.so.3 => /usr/kerberos/lib/libcom_ERR.SO.3 (0x402d9000)

Libdl.so.2 => /lib/libdl.so.2 (0x402dc000)

Libz.so.1 => /usr/lib/libz.so.1 (0x402df000)

/LIB/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Well, correct! At this time, go back to OpenLDAP source code directory - OpenLDAP-

2.2.20

, Execute Make Test:

[root @ WeblServer OpenLDAP-

2.2.20

] # Make Test

CD Tests; Make Test

Make [1]: Entering Directory `/ Home / Liudan / OpenLDAP-

2.2.20

/ Tests'

Make [2]: Entering Directory `/ Home / Liudan / OpenLDAP-

2.2.20

/ Tests'

Initiating LDAP Tests for BDB ...

Running ./scripts/All ...

>>>>> EXECUTING All LDAP Tests for BDB

>>>>> STARTING TEST000-ROOTDSE ...

Running defines.sh

Starting Slapd on TCP / IP Port 9011 ...

Using ldapsearch to retrieve the root dse ...

Waiting 5 Seconds for Slapd to Start ...

Using ldapsearch to retrieve the cn = monitor ...

DN:

ObjectClass: TOP

ObjectClass: OpenLDaprootdse

StructuralObjectClass: OpenLDAPROOTDSE

NamingContexts: o = OpenLDAP Project, L = Internet

MonitorContext: CN = Monitor

SupportedControl: 2.16.840.1.113730.3.4.18

SupportedControl: 2.16.840.1.113730.3.4.2

SupportedControl:

1.3.6

. 1.4.1.4203.1.10.1

SupportedControl: 1.2.840.113556.1.4.1413

SupportedControl: 1.2.840.113556.1.4.1339supportedControl: 1.2.840.113556.1.4.319

SupportedControl: 1.2.826.0.1.334810.2.3

SupportedExtension:

1.3.6

17.1.4203.1.11.1

SupportedExtension:

1.3.6

. 1.4.1.4203.1.11.3

Supportedfeatures:

1.3.6

17.4.1.4203.1.5.1

Supportedfeatures:

1.3.6

17.4.1.4203.1.5.2

Supportedfeatures:

1.3.6

17.4.1.4203.1.5.3

Supportedfeatures:

1.3.6

17.4.1.4203.1.5.4

Supportedfeatures:

1.3.6

17.4.1.4203.1.5.5

SupportedLDapVersion: 3

SupportedsSsLmechanism: OTP

SupportedsSSSLMechanisms: Digest-MD5

Supportedsaslmechanism: CRAM-MD5

Vendorname: The OpenLDAP Project

Subschemasubentry: CN = Subschema

DN: CN = Monitor

ObjectClass: MonitorServer

StructuralObjectClass: MonitorServer

CN: Monitor

Description: this subtree contains monitoring / managing objects.

Description: This Object Contains Information About this Server.

CreatetimeStamp: 20050118053256Z

ModifyTimeStamp: 20050118053256Z

MonitoredInfo: @ (#) $ OpenLDAP: SLAPD

2.2.20

(Jan 18 2005 13:32:15) $

Subschemasubentry: CN = Subschema

Hassubordinates: True

>>>>> Test succeeded

>>>>> ./scripts/test000-rootdse completed ok.

>>>>> WAITING 10 Seconds for Things to EXIT

>>>>> STARTING TEST001-SLAPADD ...

Running defines.sh

Running SlapAdd to Build Slapd Database ...

Starting Slapd on TCP / IP Port 9011 ...

Using ldapsearch to retrieve all the entry ...

Waiting 5 Seconds for Slapd to Start ...

Filtering LDAPSearch Results ...

Filtering Original LDIF Used to Create Database ...

Comparing filter output ...

>>>>> Test succeeded

>>>>> ./scripts/test001-slapadd completed ok.

>>>>> WAITING 10 Seconds for Things to EXIT ...

After N more tests, there is no problem!

# make install

Finally, reinstall it. . Oh, there is nothing necessary.

In short, this is a good adventure, although I used to go for a few hours, it can be a great example for the installer in the environment coexisting in different versions.

F. Several points and several tools (specifically refer to the environment coexisting in different versions):

1) Configuring compilation is incorrectly related to the environment variable settings, can be solved by setting the necessary correct environment variables;

2) Rename or delete the older library file and library links to rebuild links for new versions.

3) LDD is a good tool for checking the link! LN is the Tools for the production library link.

Attach my environment for your reference:

[root @ WeblServer Libexec] # ENV

LDFLAGS = -L / usr / local / lib / -l / usr / local / berkeleydb.4.2 / lib -l / usr / local / lib / sasl2

Hostname = WeblServer

Term = VT100

Shell = / bin / bash

Histsize = 1000

CPPFLAGS = -i / usr / local / berkeleydb.4.2 / include

SSH_Client = 202.127.166.89 1962 22

Qtdir = / usr / lib / qt-3.1

Oldpwd = / home / liudan / OpenLDAP-

2.2.20

SSH_TTY = / dev / pts / 0

User = root

LD_LIBRARY_PATH = / usr / local / lib

LS_COLORS = NO = 00: FI = 00: Di = 01; 34: ln = 01; 36: Pi = 40; 33: SO = 01; 35: BD = 40; 33; 01: CD = 40; 33; 01: OR = 01; 05; 37; 41: mi = 01; 05; 37; 41: EX = 01; 32: *. cmd = 01; 32: *. evE = 01; 32: *. com = 01; 32: * .btm = 01; 32: *. BAT = 01; 32: *. SH = 01; 32: *. CSH = 01; 32: *. TAR = 01; 31: *. TGZ = 01; 31: *. Arj = 01; 31: *. Taz = 01; 31: *. lzh = 01; 31: *. zip = 01; 31: *. z = 01; 31: *. z = 01; 31: *. gz = 01; 31: *. BZ2 = 01; 31: *. Bz = 01; 31: *. Tz = 01; 31: *. Rpm = 01; 31: *. CPIO = 01; 31: *. Jpg = 01; 35: *. Gif = 01; 35: *. BMP = 01; 35: *. XBM = 01; 35: *. Xpm = 01; 35: *. Png = 01; 35: *. TIF = 01; 35:

Username = root

Mail = / var / spool / mail / root

Path = / usr / local / sbin: / usr / local / bin: / sbin: / bin: / usr / sbin: / usr / bin: / usr / x11r6 / bin: / root / bin

INPUTRC = / etc / inputrc

PWD = / usr / local / libexec

LANG = zh_cn.gb18030

SSH_ASKPASS = / usr / libexec / openssh / gnome-ssh-askpassshlvl = 1

HOME = / root

Language = zh_cn.gb18030: en_cn.gb2312: zh_cn

Bash_env = / root / .bashrc

Logname = root

SSH_CONNECTION = 202.127.166.89 1962 202.127.166.35 22

Lessopen = | /usr/bin/lesspipe.sh% s

G_broken_filenames = 1

_ = / bin / ENV

About profile: In addition, I have encountered this error when I run SLAPD:

[root @ WeblServer root] # SLAPD -D 9

@ (#) $ OpenLDAP: SLAPD

2.2.20

(Jan 18 2005 13:32:15) $

Root @ weblserver: / home / liudan / OpenLDAP-

2.2.20

/ Servers / Slapd

Daemon_init: Listen on LDAP: ///

Daemon_init: 1 listener to Open ...

LDAP_URL_PARSE_EXT (LDAP: ///)

Daemon: IPv6 Socket () Failed Errno = 97 (Address Family Not Supported by Protocol)

Daemon: Initialized LDAP: ///

Daemon_init: 2 listener Opened

SLAPD INIT: INITIATED Server.

SLAP_SASL_INIT: INITIALIZED!

BDB_BACK_INITIALIZE: Initialize BDB Backend

BDB_BACK_INITIALIZE: SLEEPYCAT Software: Berkeley DB

4.2.52

: (December 3, 2003)

>>> DNNORMALIZE:

=> LDAP_BV2DN (CN = Subschema, 0)

LDAP_ERR2STRING

<= ldap_bv2dn (cn = subschema) = 0 access

=> LDAP_DN2BV (272)

LDAP_ERR2STRING

<= LDAP_DN2BV (CN = Subschema) = 0 Success

<<< DNNORMALIZE:

Unrecognized Database Type (LDBM)

Database ldbm initialization failed.

SLAPD SHUTDOWN: Freeing System Resources.

Slapd stopped.

Connections_DESTROY: NOTHING to DESTROY.

It is obvious that the database type is wrong, I have said OpenLDAP in front of the two databases: BerKeyledb and GDBM, and I installed the Berkeley database. So to modify the slapd.conf file (note that this file is configured before SLAPD runs before running SLAPD.):

#

# See slapd.conf (5) for details on configuration options.

# This file shouth not be world readable.

#

INCLUDE /USR /CAL/etc/openldap/schema/core.schemainclude /usr/local/etc/openldap/schema/corba.schema

INCLUDE /USR / OPAL/etc/openldap/schema/cosine.schema

INCLUDE /USR /LOCAL/etc/openldap/schema/inetorgperson.schema

INCLUDE /USR /LOCAL/etc/openldap/schema/misc.schema

INCLUDE /USR / ICAL/etc/openldap/schema/openldap.schema

INCLUDE /USR /LOCAL/etc/openldap/schema/nis.schema

INCLUDE /USR /LOCAL/etc/openldap/schema/samba.schema

# Define Global Acls to Disable Default Read Access.

# Do not enable Referrals Until after you have a working Directory

# Service and an understanding of referrars.

#referral ldap: //root.openldap.org

Pidfile /usr/local/var/run/slapd.pid

Argsfile /usr/local/var/run/slapd.args

Loglevel 296

# Loading Dynamic Backend Modules:

# modulepath / usr / local / libexec / OpenLDAP

# ModuLoad Back_BDB.LA

# ModuleLoad Back_LDap.la

# ModuLoad Back_LDBM.LA

# moduleLoad back_passwd.la

# ModuleLoad Back_Shell.la

# Sample Security Restrictions

# Require Integrity Protection (Prevent Hijacking)

# Require 112-bit (3DES or Better) Encryption for Updates

# Require 63-bit Encryption for Simple Bind

# Security SSF = 1 Update_ssf = 112 Simple_bind = 64

# Sample Access Control Policy:

# Root dse: allow anyone to read it

# Subschema (SUB) Entry DSE: Allow Anyone to Read IT

# DSES:

# Allow self write access

# Allow authenticated users read access

# Allow anonymous users to automate

# DIRECTIVES NEEDED TO IMPLEMENT Policy:

# access to dn.base = "" "" by * read

# access to dn.base = "cn = subschema" by * read # access to *

# By self write

# By Users Read

# By anonymous auth

#

# if no access controls are present, The default policy

# allows anyone and everyone to read anything but restricts

# Updates to rootdn. (E.g., "Access to * by * read")

#

# rootdn can always read and write everything!

######################################################################################################################################################################################################################################################################################################## #####################

# ldbm Database Definitions Comment Erinks the incorrect database type, use the Berkeley database

######################################################################################################################################################################################################################################################################################################## #####################

#Database ldbm

######################################################################################################################################################################################################################################################################################################## #####################

# BDB Database Definitions

######################################################################################################################################################################################################################################################################################################## #####################

Database bdb

SUFFIX "DC = BEIC, DC = GOV, DC = CN"

Rootdn "CN = Manager, DC = BEIC, DC = GOV, DC = CN"

# Cleartext Passwords, Especially for the rootdn, Should

# be avoid. See slapsswd (8) and slapd.conf (5) for details.

# Use of strong authentication encouraged.

ROOTPW {md5} r3rdeketub9t / hq7yj3 og ==

# The Database Directory Must Exist Prior To Running Slapd and

# Should Only Be Accessible By The Slapd and Slap Tools.

# Mode 700 Recommended.

Directory / usr / local / var / OpenLDAP-DATA

# Ion to maintain

INDEX ObjectClass EQ

INDEX CN, MAIL, SN EQ, SUB

INDEX DepartmentNumber EQ

Cachesize 2000

#ACL Configure

Access to attr = Userpassword

By Self Write

By Anonymous Auth

Access to attr = mail

By Self Write

By Anonymous Auth

Access to *

By Self Write

By Anonymous Auth

Then run the SLAPD again.

转载请注明原文地址:https://www.9cbs.com/read-67398.html

9cbs

New Post(0)