How to set up a basic OpenLDAP Server This article comes from: http: //www.linuxforum.net Author: Wu Ah Ting Jephe wu (2001-09-04 15:00:01)
First, the purpose
This article is intended to introduce how to install OpenLDAP and set a centralized mail address thinner server within a company to check. Basically, OpenLDAPG is also applicable to many other aspects, like a centralized user account verification server, but the mail address thin query is most common.
Second. Installation
Download the latest OpenLDAP package from www.openldap.org, follow the steps compiled and installed, follow:
#TAR CVFZ OpenLDAP-Stable-20010524.tgz #cd OpenLDAP-2.0.11 #. / Configure #Make Depend #make #make test #MAKE INSTALL
My operating environment is Redhat 6.1, if no error is encountered, the last default installation LDAP background program SLAPD to the directory / usr / local / libexec; configuration file in directory / usr / local / etc / OpenLDAP / and put various OpenLDAP tools LDAPAdd, LDAPDELETE, LDAPMODIFY, LDAPMODRDN, LDAPPAPAPASSWD, LDAPSear in directory / usr / local / bin, runtime database in / usr / local / var / OpenLDAP-LDBM.
III. Setting
1) Change Profile /usR/local/etc/openldap/slapd.conf Add the following lines after include /usr/local/etc/openldap/schema/core.schema this line, including all schemes.
include /usr/local/etc/openldap/schema/corba.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include / usr / local /etc/openldap/schema/java.schema include /usr/local/etc/openldap/schema/krb5-kdc.schema include /usr/local/etc/openldap/schema/misc.schema include / usr / local / etc / Openldap / schema / nadf.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schemaa
2) Change the corresponding suffix in the "LDBM Database Definitions" section of the file slapd.conf, and the rootdn line is as follows.
Database ldbm suffix "o = YourDomain, c = US" rootdn "cn = root, o = yourDomain, c = US" rootpw secret Directory / usr / local / var / OpenLDAP-LDBM
There are various formats you can use, here I use O = YourDomain, c = USS indication that your company domain name and the country's country or region Rootdn format is installed in the format CN = Manager, here is changed to root is completely yourself The preferences, so that ROOT has the highest permission in Unix / Linux. 3) You can now start SLAPD, run / usr / local / libexec / slap.
You can consider adding / usr / local / bin and / usr / local / libexec to the search path, adding to the PATH line in / etc / profile: Path = "$ PATH: / USR / X11R6 / BIN: / USR / Local / bin: / usr / local / libexec "This will only be typed next time, just type SLAPD.
4) Test if the LDAP Server works normally. Run the following command to check if there is a corresponding output.
#LDapsearch -x -b 'o = yourDomain, c = us' '(ObjectClass = *)'
5) Edit the .ldif text file, add a record to the LDAP database with LDAPADD. The document content is as follows:
DN: o = YourDomain, c = US ObjectClass: DCObject ObjectClass: Organization o: YourDomain DC: YourDomain
DN: CN = Jephe Wu, O = YourDomain, C = US ObjectClass: inetorgperson CN: Jephe Wu Sn: wu mail: jephe_wu@yourDomain.com
... more users ......
Push each person, add each person's record into the file, pay attention to the object type inetoerson must have CN and SN, where we use CN, Sn, Mail three definitions, which is enough for our mail address thin function. You can also define images, homephone, pager ..., and more.
Then add the above .ldif file to the LDAP database with the following command.
#LDapadd -x -d "cn = root, o = YourDomain, c = us" -w Secret -f "YourldiffileName"
Note: The first part of the file above "DN: O = YourDomain, C = US" is required, otherwise the data cannot be added. Use your company's domain name to replace "YourDomain" above.
6) Set Outlook Express to allow the email address to be queried with the LDAP server.
"Tool / Account / Add-Directory Service", fill in your server's IP address or host full-term domain name, select YES in the next screen to allow the directory service to query the address, and finally select it in the "Directory Service" column. Set the item strike "Properties / Advanced", fill in "O = YourDomain, C = US" in the Search Library. Netscape Please set the appropriate options according to the above information.
Fourth. Common use problems
1) There is no problem with SLAPD, but you cannot add a database, running LDAPADD, an error "LDAP_BIND: Cannot Contact LDAP Server" is running. A: The most likely reason is that there is no 127.0.0.1 localhost project in / etc / hosts. 2) Pay attention to the order of query: If there is content in the address of Outlook Express, the address is thin, and if the corresponding record is not found in the local address thin, then the LDAP server is queried.
3) Confirm that the client is communicating with the LDAP server, runs the following command, and then test the check address in OE, you will get the output of the connection process of the LDAP database.
# TCPDUMP port 389
