LDAP编译安装学习报告

OpenLDAP学习笔记LDAP(轻量级⽬录服务访问协议，Lightweight Directory Access Protocol)基于X.500标准，⽀持TCP/IP，使⽤简单⽅便。

现在越来越多的⽹络应⽤系统都⽀持LDAP。

OpenLDAP是LDAP的⼀种开源实现，本笔记基于OpenLDAP2.1.29。

2.1. 源码安装我的安装⽅法是以源码编译的⽅式进⾏的，以root⽤户进⾏安装。

安装所需软件如下：具体的安装步骤如下：1. 由于openldap需要Berkeley DB来存放数据，所以需先安装Berkeley DB 4.2.52，可到它的⽹站下载，⽹址见上⾯。

运⾏下⾯的命令解压：# tar -zxvf db-4.2.52.tar.gz解完压后，会⽣成⼀个db-4.2.52⽬录,进⾏该⽬录下的build_unix⽬录。

执⾏以下命令进⾏配置安装。

# ../dist/configure# make# make install也是按linux源码安装的三步曲完成，没有什么好说的了。

该软件默认是安装在/usr/local/BerkeleyDB.4.2⽬录下。

安装完成后，要把/usr/local/BerkeleyDB.4.2/lib的库路径加到/etc/ld.so.conf⽂件内，添加完成后执⾏⼀次ldconfig，使配置⽂件⽣效。

这样编译openldap时才能找到相应的库⽂件。

这样资料库就安装完成了，接下来可以安装openldap了。

ld.so.conf是什么东西？它就是系统动态链接库的配置⽂件。

此⽂件内,存放着可被LINUX共享的动态链接库所在⽬录的名字(系统⽬录/lib, /usr/lib除外)，各个⽬录名间以空⽩字符(空格，换⾏等)或冒号或逗号分隔。

⼀般的LINUX发⾏版中，此⽂件均含⼀个共享⽬录/usr /X11R6/lib，为X window窗⼝系统的动态链接库所在的⽬录。

ldconfig是它的管理命令，具体操作⽅法可查询man⼿册，这⾥就不细讲了。

浅谈windows安装ldap浅谈windows安装ldap(2008-02-20 14:37:10)标签：杂谈openldap 软件在它的官方网站, 不过下载过来是源代码，并没有包含 win32 下的 Makefile 文件，只提供了在 Unix/Linux 下编译用的 Makefile。

所以相应的在网上介绍在 windows 下安装使用本文在Windows 下安装配 openldap，LdapBrowser 客户端，及 Java 程序连接 openldap的全过程.1 先下载openldap的windows版本/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe以及LdapBrowser的客户端/Files/Unm2 安装很简单，一路 next 即可，假设我们安装在 d:\openldap3 安装完相关软件后就可以着手配置了。

Berkeley DB资料库没什么好配置的。

主要是配置openldap 服务。

配置文件在软件的安装目录的etc/openldap下，有四个文件，主要的是slapd.conf and ldap.conf，其它两个4 打开 d:\openldap\sldap.conf，找到ucdata-path d:/openldap/ucdata(该句前不能有空格,否则连接ldap服务器时报错)以及include d:/openldap/etc/schema/core.schema，在它后面添加include d:/openldap/etc/schema/cosine.schemainclude d:/openldap/etc/schema/inetorgperson.schema注意顺序不能错,因为文件里的属性存在依赖关系。

如果顺序不对，服务器启动不了，文档间的依赖关系在文档中都有说明5 还是在 sldap.conf 文件中，找到suffix "dc=my-domain,dc=com"rootdn "cn=Manager,dc=my-domain,dc=com"把这两行改为suffix "dc=giggs,c=com"rootdn "cn=Manager,dc=giggs,c=com"suffix 就是看自己如何定义了，后面步骤的 ldif 文件就必须与它定义了。

SunOne LDAP安装手册目录一、安装介质 (2)二、开始安装 (2)一、安装介质SunOne LDAP 4.5 P4版的安装文件下载地址：/download/products.xml?id=4373c4c2二、开始安装安装文件下载完成后，对压缩包进行解压缩。

执行setup.exe文件，开始安装。

点击Next，继续，点击Yes(Accept License)继续，这时，需要到C:\Windows\system32\drivers\etc目录下，对hosts 文件进行修改。

如上图所示，在文件末尾加上一行192.168.1.111 ，其中192.168.1.111为IP地址，为定义的机器名。

在Full Qualifield Computer Name：输入刚才定义的机器名。

点击Next继续。

默认选择Sun Java(TM) System Servers，点击Next继续。

默认选择Typical，点击Next继续。

选择安装目录后，点击Next继续。

提示是否创建安装目录，点击Create Directory，继续。

默认选择所有安装组件，点击Next继续。

默认选择不变，点击Next继续。

默认选择不变，点击Next继续。

更改Server Port为：389，其他不变，点击Next继续。

设置Password，填写Password和Password(again)，点击Next继续。

默认设置不变，点击Next继续。

设置Password，填写Password和Password(again)，点击Next继续。

默认设置不变，点击Next继续。

点击Install Now继续。

开始安装。

点击Next继续。

安装完成，点击Close结束。

Sun Directory Server Enterprise Edition7.0Installation GuideSun Microsystems,Inc.4150Network CircleSanta Clara,CA95054U.S.A.Part No:820–4807November2009Copyright2009Sun Microsystems,Inc.4150Network Circle,Santa Clara,CA95054U.S.A.All rights reserved.Sun Microsystems,Inc.has intellectual property rights relating to technology embodied in the product that is described in this document.In particular,and without limitation,these intellectual property rights may include one or more U.S.patents or pending patent applications in the U.S.and in other countries.ernment Rights–Commercial ernment users are subject to the Sun Microsystems,Inc.standard license agreement and applicable provisions of the FAR and its supplements.This distribution may include materials developed by third parties.Parts of the product may be derived from Berkeley BSD systems,licensed from the University of California.UNIX is a registered trademark in the U.S.and other countries,exclusively licensed through X/Open Company,Ltd.Sun,Sun Microsystems,the Sun logo,the Solaris logo,the Java Coffee Cup logo,,Java,and Solaris are trademarks or registered trademarks of Sun Microsystems,Inc.or its subsidiaries in the U.S.and other countries.All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International,Inc.in the U.S.and other countries.Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems,Inc. The OPEN LOOK and Sun TM Graphical User Interface was developed by Sun Microsystems,Inc.for its users and licensees.Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry.Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface,which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements.Products covered by and information contained in this publication are controlled by U.S.Export Control laws and may be subject to the export or import laws in other countries.Nuclear,missile,chemical or biological weapons or nuclear maritime end uses or end users,whether direct or indirect,are strictly prohibited.Export or reexport to countries subject to U.S.embargo or to entities identified on U.S.export exclusion lists,including,but not limited to,the denied persons and specially designated nationals lists is strictly prohibited.DOCUMENTATION IS PROVIDED“AS IS”AND ALL EXPRESS OR IMPLIED CONDITIONS,REPRESENTATIONS AND WARRANTIES,INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED,EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.Copyright2009Sun Microsystems,Inc.4150Network Circle,Santa Clara,CA95054U.S.A.Tous droits réservés.Sun Microsystems,Inc.détient les droits de propriétéintellectuelle relatifsàla technologie incorporée dans le produit qui est décrit dans ce document.En particulier, et ce sans limitation,ces droits de propriétéintellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis et dans d'autres pays.Cette distribution peut comprendre des composants développés par des tierces personnes.Certaines composants de ce produit peuventêtre dérivées du logiciel Berkeley BSD,licenciés par l'Universitéde Californie.UNIX est une marque déposée aux Etats-Unis et dans d'autres pays;elle est licenciée exclusivement par X/Open Company,Ltd.Sun,Sun Microsystems,le logo Sun,le logo Solaris,le logo Java Coffee Cup,,Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems,Inc.,ou ses filiales,aux Etats-Unis et dans d'autres pays.Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International,Inc.aux Etats-Unis et dans d'autres pays.Les produits portant les marques SPARC sont basés sur une architecturedéveloppée par Sun Microsystems,Inc.L'interface d'utilisation graphique OPEN LOOK et Sun aétédéveloppée par Sun Microsystems,Inc.pour ses utilisateurs et licenciés.Sun reconnaît les efforts de pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique.Sun détient une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox,cette licence couvrantégalement les licenciés de Sun qui mettent en place l'interface d'utilisation graphique OPEN LOOK et qui,en outre,se conforment aux licencesécrites de Sun.Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et peuventêtre soumis au droit d'autres pays dans le domaine des exportations et importations.Les utilisations finales,ou utilisateurs finaux,pour des armes nucléaires, des missiles,des armes chimiques ou biologiques ou pour le nucléaire maritime,directement ou indirectement,sont strictement interdites.Les exportations ouréexportations vers des pays sous embargo des Etats-Unis,ou vers des entités figurant sur les listes d'exclusion d'exportation américaines,y compris,mais de manière non exclusive,la liste de personnes qui font objet d'un ordre de ne pas participer,d'une façon directe ou indirecte,aux exportations des produits ou des services qui sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement designés,sont rigoureusement interdites. LA DOCUMENTATION EST FOURNIE"EN L'ETAT"ET TOUTES AUTRES CONDITIONS,DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES,DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE,Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE,A L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.091116@22749ContentsPreface (7)1Before You Install (17)Quick Scan of Fully Installed and Running Directory Server Enterprise Edition (17)Software Files (17)Data Files (18)Background Processes (18)Directory Server Enterprise Edition Software Distributions (20)Zip Distribution (20)Native Distribution (21)Comparison of Native Packages and Zip Distribution (21)File and Process Ownership on Unix Systems (22)Installation in Solaris Zones (22)Part I Installing and Uninstalling Directory Server Enterprise Edition (25)2Installing Directory Server Enterprise Edition (27)Installing Directory Server Enterprise Edition Using Zip Distribution (28)▼To Install Directory Server Enterprise Edition Using Zip Distribution (28)Pre-Configuring the Directory Server Enterprise Edition Installation (29)▼To Pre-Configure Directory Service Control Center (29)▼To Pre-Configure the DSCC Agent (30)Useful Information for Your Records (30)Checking Your Directory Server Enterprise Edition Installation (31)Creating Server Instances From Command Line (31)Creating Server Instances Using Directory Service Control Center (34)Environment Variables (37)3Contents3Uninstalling Directory Server Enterprise Edition (41)Removing Server Instance (41)▼To Delete a Directory Proxy Server Instance With DSCC (41)▼To Delete a Directory Proxy Server Instance From the Command Line (42)▼To Delete a Directory Server Instance With DSCC (42)▼To Delete a Directory Server Instance From the Command Line (43)Removing Software (43)▼To Unconfigure Directory Service Control Center (44)▼To Remove Directory Server Enterprise Edition Installed From the Zip Distribution (44)4Installing and Uninstalling Directory Server Enterprise Edition Using Native Packages (45)Installing Directory Server Enterprise Edition (45)▼To Install Directory Server Enterprise Edition (45)Pre-Configuring the Directory Server Enterprise Edition Installation (46)Uninstalling Directory Server Enterprise Edition (47)▼To Remove Directory Server Enterprise Edition (47)Preparing Your System for Directory Server Enterprise Edition Installation (48)▼To Install Shared Components (48)List of Packages Required Before Installing Directory Server Enterprise Edition (49)Location of Packages and Patches Required to Install Directory Server EnterpriseEdition (53)Part II Appendixes (57)A Deploying DSCC WAR File With Supported Application Servers (59)Deploying WAR File With Sun Java System Application Server (60)▼To Deploy WAR File With Sun Java System Application Server (60)Deploying WAR File With Tomcat (61)▼To Deploy WAR File With Tomcat (61)Deploying WAR File With BEA WebLogic Server (63)▼To Deploy WAR File With BEA WebLogic Server (63)Deploying WAR File With Sun Java System Web Server (64)▼To Deploy WAR File With Sun Java System Web Server (64)4Sun Directory Server Enterprise Edition7.0Installation Guide•November2009ContentsB Working With Sun Cryptographic Framework on Solaris10Systems (67)Using Directory Server With Cryptographic Hardware on a Solaris10System (67)▼To Use Directory Server With Cryptographic Hardware on a Solaris10System (67)Using Directory Proxy Server With Cryptographic Hardware on a Solaris10System (69)▼To Use Directory Proxy Server With Cryptographic Hardware on a Solaris10System (69)Index (71)56PrefaceThe Installation Guide provides detailed instructions for installing and uninstalling theDirectory Server Enterprise Edition software.This guide also covers how to pre-configure thesoftware to make the installation operational and how to test if the installation is fullyoperational.Who Should Use This BookThis Installation Guide is for administrators deploying Directory Server Enterprise Edition,Directory Service Control Center,and Identity Synchronization for Windows software.Thisdocument also covers configuration of Identity Synchronization for Windows.If you are installing Directory Server Enterprise Edition software for evaluation purposes only,put this guide aside for now,and see Sun Directory Server Enterprise Edition7.0EvaluationGuide.Before You Read This BookReview pertinent information in the Sun Directory Server Enterprise Edition7.0Release Notes.If you are deploying Directory Server Enterprise Edition software in production,also reviewpertinent information in the Sun Directory Server Enterprise Edition7.0Deployment PlanningGuide.Readers installing Identity Synchronization for Windows should be familiar with the followingtechnologies:■Directory Server■Microsoft Active Directory or Windows NT authentication■Lightweight Directory Access Protocol(LDAP)■Java TM technology■Extensible Markup Language(XML)■Public-key cryptography and Secure Sockets Layer(SSL)protocol■Intranet,extranet,and Internet security■Role of digital certificates in an enterprise7How This Book Is OrganizedChapter1,“Before You Install,”covers the information that you must know before installing theproduct.Part I covers the installation of Directory Server Enterprise Edition on supported systems.Part II covers all the additional information that you need to know to use Directory ServerEnterprise Edition.Sun Directory Server Enterprise Edition Documentation Set This documentation set explains how to use Sun TM Directory Server Enterprise Edition toevaluate,design,deploy,and administer directory services.In addition,it shows how to developclient applications for Directory Server Enterprise Edition.The Directory Server EnterpriseEdition documentation set is available at /coll/1819.1.The following table lists all the available documents.TABLE P–1Directory Server Enterprise Edition DocumentationDocumentTitle ContentsSun Directory Server Enterprise Edition7.0Release Notes Contains the latest information about Directory Server Enterprise Edition, including known problems.Sun Directory Server Enterprise Edition7.0 Documentation Center Contains links to key areas of the documentation set that help you to quickly locate the key information.Sun Directory Server Enterprise Edition7.0 Evaluation Guide Introduces the key features of this release.Demonstrates how these features work and what they offer in the context of a deployment that you can implement on a single system.Sun Directory Server Enterprise Edition7.0 Deployment Planning Guide Explains how to plan and design highly available,highly scalable directory services based on Directory Server Enterprise Edition.Presents the basic concepts and principles of deployment planning and design.Discusses the solution life cycle,and provides high-level examples and strategies to use when planning solutions based on Directory Server Enterprise Edition.Sun Directory Server Enterprise Edition7.0 Installation Guide Explains how to install the Directory Server Enterprise Edition software.Shows how to configure the installed software and verify the configured software.Sun Directory Server Enterprise Edition7.0Upgrade and Migration Guide Provides upgrade instructions to upgrade the version6installation and migration instructions to migrate version5.2installations.PrefaceSun Directory Server Enterprise Edition7.0Installation Guide•November2009 8TABLE P–1Directory Server Enterprise Edition Documentation(Continued) DocumentTitle ContentsSun Directory Server Enterprise Edition7.0 Administration Guide Provides command-line instructions for administering Directory Server Enterprise Edition.For hints and instructions about using the Directory Service Control Center, DSCC,to administer Directory Server Enterprise Edition,see the online help provided in DSCC.Sun Directory Server Enterprise Edition7.0 Developer’s Guide Shows how to develop directory client applications with the tools and APIs that are provided as part of Directory Server Enterprise Edition.Sun Directory Server Enterprise Edition7.0Reference Introduces technical and conceptual foundations of Directory ServerEnterprise Edition.Describes its components,architecture,processes,andfeatures.Sun Directory Server Enterprise Edition7.0Man Page Reference Describes the command-line tools,schema objects,and other public interfaces that are available through Directory Server Enterprise Edition.Individual sections of this document can be installed as online manual pages.Sun Directory Server Enterprise Edition7.0 Troubleshooting Guide Provides information for defining the scope of the problem,gathering data, and troubleshooting the problem areas by using various tools.Sun Java System Identity Synchronization for Windows6.0Deployment Planning Guide Provides general guidelines and best practices for planning and deploying Identity Synchronization for Windows.Sun Java System Identity Synchronization forWindows6.0Installation and Configuration GuideDescribes how to install and configure Identity Synchronization for Windows.Additional Installation Instructions for Sun Java System Identity Synchronization for Windows6.0Provides additional installation instructions in context of Directory Server Enterprise Edition7.0.For an introduction to Directory Server Enterprise Edition,review the following documents in the order in which they are listed.Preface9Related ReadingThe SLAMD Distributed Load Generation Engine is a Java application that is designed to stress test and analyze the performance of network-based applications.This application was originallyPrefaceSun Directory Server Enterprise Edition 7.0Installation Guide •November 200910Prefacedeveloped by Sun Microsystems,Inc.to benchmark and analyze the performance of LDAPdirectory servers.SLAMD is available as an open source application under the Sun PublicLicense,an OSI-approved open source license.To obtain information about SLAMD,go to/.SLAMD is also available as a project.Seehttps:///.Java Naming and Directory Interface(JNDI)supports accessing the Directory Server usingLDAP and DSML v2from Java applications.For information about JNDI,see/products/jndi/.The JNDI Tutorial contains detailed descriptions andexamples of how to use JNDI.This tutorial is at /products/jndi/tutorial/.Directory Server Enterprise Edition can be licensed as a standalone product,as part of a suite ofSun products,such as the Sun Java Identity Management Suite,or as an add-on package to othersoftware products from Sun.Identity Synchronization for Windows uses Message Queue with a restricted license.MessageQueue documentation is available at /coll/1307.2.Identity Synchronization for Windows works with Microsoft Windows password policies.■Information about password policies for Windows2003,is available in the Microsoftdocumentation online.■Information about the Microsoft Certificate Services Enterprise Root certificate authority,is available in the Microsoft support documentation online.■Information about configuring LDAP over SSL on Microsoft systems,is available in the Microsoft support documentation online.Redistributable FilesDirectory Server Enterprise Edition does not provide any files that you can redistribute.Default Paths and Command LocationsThis section explains the default paths used in documentation,and provides locations ofcommands on different operating systems and deployment types.Default PathsThe table in this section describes the default paths that are used in this document.For completedescriptions of the files installed,see Chapter1,“Directory Server Enterprise Edition FileReference,”in Sun Directory Server Enterprise Edition7.0Reference.11TABLE P–2Default PathsPlaceholder Description Default Valueinstall-path Represents the base installationdirectory for Directory ServerEnterprise Edition software.When you install from a zip distribution using unzip,the install-path is the current-directory/dsee7.When you install from a native package distribution,the default install-path is/opt/SUNWdsee7.instance-path Represents the full path to an instanceof Directory Server or Directory ProxyServer.Documentation uses/local/dsInst/for Directory Server and/local/dps/for Directory Proxy Server.No default path exists.Instance paths must nevertheless always be found on a local file system.On Solaris systems,the/var directory is recommended:serverroot Represents the parent directory of theIdentity Synchronization for Windowsinstallation location Depends on your installation.Note that the concept of a serverroot no longer exists for Directory Server and Directory Proxy Server.isw-hostname Represents the IdentitySynchronization for Windowsinstance directoryDepends on your installation/path/to/cert8.db Represents the default path and filename of the client’s certificate databasefor Identity Synchronization forWindowscurrent-working-dir/cert8.dbserverroot/isw-hostname/ logs/Represents the default path to theIdentity Synchronization for Windowslocal log files for the System Manager,each connector,and the CentralLoggerDepends on your installationserverroot/isw-hostname/ logs/central/Represents the default path to theIdentity Synchronization for Windowscentral log filesDepends on your installationCommand LocationsThe table in this section provides locations for commands that are used in Directory ServerEnterprise Edition documentation.To learn more about each of the commands,see the relevantman pages.PrefaceSun Directory Server Enterprise Edition7.0Installation Guide•November200912PrefaceTABLE P–3Command LocationsCommand Native Package Distribution Zip Distributioncacaoadm/usr/sbin/cacaoadm Solaris,Linux,HP—UX—install-path/bin/cacaoadmWindows-install-path\bin\cacaoadm.batcertutil/usr/sfw/bin/certutil install-path/bin/certutildpadm(1M)install-path/bin/dpadm install-path/bin/dpadmdpconf(1M)install-path/bin/dpconf install-path/bin/dpconfdsadm(1M)install-path/bin/dsadm install-path/bin/dsadmdsccmon(1M)install-path/bin/dsccmon install-path/bin/dsccmondsccreg(1M)install-path/bin/dsccreg install-path/bin/dsccregdsccsetup(1M)install-path/bin/dsccsetup install-path/bin/dsccsetupdsconf(1M)install-path/bin/dsconf install-path/bin/dsconfdsmig(1M)install-path/bin/dsmig install-path/bin/dsmigdsutil(1M)install-path/bin/dsutil install-path/bin/dsutilentrycmp(1)install-path/bin/entrycmp install-path/bin/entrycmpfildif(1)install-path/bin/fildif install-path/bin/fildifidsktune(1M)Not provided At the root of the unzipped zip distribution insync(1)install-path/bin/insync install-path/bin/insyncldapsearch(1)/opt/SUNWdsee/dsee6/bin install-path/dsrk/binrepldisc(1)install-path/bin/repldisc install-path/bin/repldiscTypographic ConventionsThe following table describes the typographic conventions that are used in this book.13TABLE P–4Typographic ConventionsTypeface Meaning ExampleAaBbCc123The names of commands,files,and directories,and onscreen computer output Edit your.login file.Use ls-a to list all files. machine_name%you have mail.AaBbCc123What you type,contrasted with onscreencomputer output machine_name%su Password:aabbcc123Placeholder:replace with a real name or value The command to remove a file is rmfilename.AaBbCc123Book titles,new terms,and terms to beemphasized Read Chapter6in the User's Guide.A cache is a copy that is stored locally.Do not save the file.Note:Some emphasized items appear bold online.Shell Prompts in Command ExamplesThe following table shows the default UNIX®system prompt and superuser prompt for the Cshell,Bourne shell,and Korn shell.TABLE P–5Shell PromptsShell PromptC shell machine_name%C shell for superuser machine_name#Bourne shell and Korn shell$Bourne shell and Korn shell for superuser#Shell Prompts in Command ExamplesThe following table shows default system prompts and superuser prompts.PrefaceSun Directory Server Enterprise Edition7.0Installation Guide•November200914TABLE P–6Shell PromptsShell PromptC shell on UNIX and Linux systems machine_name%C shell superuser on UNIX and Linux systems machine_name#Bourne shell and Korn shell on UNIX and Linux systems$Bourne shell and Korn shell superuser on UNIX and Linux systems#Microsoft Windows command line C:\Symbol ConventionsThe following table explains symbols that might be used in this book.TABLE P–7Symbol ConventionsSymbol Description Example Meaning[]Contains optional argumentsand command options.ls[-l]The-l option is not required.{|}Contains a set of choices for arequired command option.-d{y|n}The-d option requires that you useeither the y argument or the nargument.${}Indicates a variablereference.${com.sun.javaRoot}References the value of thecom.sun.javaRoot variable.-Joins simultaneous multiplekeystrokes.Control-A Press the Control key while you pressthe A key.+Joins consecutive multiplekeystrokes.Ctrl+A+N Press the Control key,release it,andthen press the subsequent keys.→Indicates menu itemselection in a graphical userinterface.File→New→Templates From the File menu,choose New.From the New submenu,chooseTemplates.Documentation,Support,and TrainingThe Sun web site provides information about the following additional resources:■Documentation(/documentation/)■Support(/support/)■Training(/training/)Preface15PrefaceSun Welcomes Your CommentsSun is interested in improving its documentation and welcomes your comments andsuggestions.To share your comments,go to and click Feedback. 16Sun Directory Server Enterprise Edition7.0Installation Guide•November20091C H A P T E R1BeforeYou InstallBefore installing Directory Server Enterprise Edition software in a production environment,obtain the plans for deployment that were created with the help of Sun Directory ServerEnterprise Edition7.0Deployment Planning Guide.With the plans in hand,read this section togauge how to approach installation for your deployment.This chapter includes the following sections.■“Quick Scan of Fully Installed and Running Directory Server Enterprise Edition”on page17■“Directory Server Enterprise Edition Software Distributions”on page20■“File and Process Ownership on Unix Systems”on page22■“Installation in Solaris Zones”on page22Quick Scan of Fully Installed and Running Directory Server Enterprise EditionAfter Directory Server Enterprise Edition is installed and running on your system,the followingelements are found on your system:■Software Files■Data Files■Background ProcessesSoftware FilesThe software files include executable files,resource files,and template files.These files arecopied on your system from the Directory Server Enterprise Edition distribution.The software files are organized hierarchically below a single directory,installation-path,whichis chosen at the time of installation.The hierarchy below the installation path is called the17Quick Scan of Fully Installed and Running Directory Server Enterprise Editioninstallation er commands are located in installation-path/bin andinstallation-path/dsrk/bin directories.For more information about information layout,see Chapter1,“Directory Server Enterprise Edition File Reference,”in Sun Directory ServerEnterprise Edition7.0Reference.Disk space occupied by installation-path is fixed and around1GB.Data FilesThere are two types of data files,that is,server instances and administration files.Server Instances■Contain user and configuration data for a single server.■Multiple server instances can reside on the same host.■Server instance location can be freely chosen.They can be separate from theinstallation-path.■Disk space occupied by a server instance is potentially unlimited.For more information about server instances,see Chapter2,“Directory Server Instances andSuffixes,”in Sun Directory Server Enterprise Edition7.0Administration Guide and Chapter17,“Directory Proxy Server Instances,”in Sun Directory Server Enterprise Edition7.0Administration Guide.Administration Files■Administration files are located in installation-path/var or/var/opt/SUNWdsee7 directory.■Disk space occupied is limited,that is,a few hundred KB.Background Processes■Core Server Daemons(ns-slapd)There is one daemon running per server instance.This daemon listens to the port that isconfigured in the server instance(389by default)and processes the incoming LDAPrequests.This daemon reads and writers configuration and user data located in the serverinstance.■Common Agent Container Framework DaemonThis daemon allows Directory Service Control Center to startup server instances that existon remote hosts.The daemon listens to port11162,by default.It hosts Directory ServiceControl Center Agent plugin.18Sun Directory Server Enterprise Edition7.0Installation Guide•November2009。

安装openldap准备注意：时间一致性、安装GCC、BerkeleyDB（BerkeleyDB.安装步骤安装版本，我下载的是：Berkeley DB 4.7.25.NC.zip下载之后，unzip db-4.3.21.NC.zip 解压，然后cd build_unix/ ，再运行../dist/configure ，最后，运行make, make install安装。

默认的安装在/usr/local，你可以通过../dist/configure --prefix=你的路径，来改变安装路径。

b）安装了Berkeley DB，但是系统找不到他的头文件和lib的库，这时，可以通过/etc/ld.so.conf，然后运行ldconfig –v使配置生效，也可以通过以下方法：把/usr/local/BerkeleyDB.4.7/include 中的所有文件拷贝到/usr/include 把/usr/local/BerkeleyDB.4.7/li b中的所有文件拷贝到/usr/lib ;还有就是修改环境变量：env CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"LDFLAGS="-L/usr/local/BerkeleyDB.4.7/lib"vi /etc/ld.so.conf拷贝一下内容：include ld.so.conf.d/*.conf/usr/ofed/lib/usr/local/BerkeleyDB.4.7/lib/usr/local/BerkeleyDB.4.7/include然后运行ldconfig –v使配置生效安装完Berkeley DB 之后，再运行./configure可以看到如下信息：Making servers/slapd/backends.cAdd config ...Add ldif ...Add monitor ...Add bdb ...Add hdb ...Add relay ...Making servers/slapd/overlays/statover.cAdd seqmod ...Add syncprov ...Please run "make depend" to build dependencies说明已经configure完毕。

ldap第⼀天编译安装LDAP+ldapadmin⼀．环境Server：基于CentOS-7-x86_64-1511Server IP: 172.18.12.203⼆．软件获取OpenLDAPOpenLDAP 2.4.44：BDBberkeley-db-5.1.29 (OpenLDAP当前与6.x版本不兼容，READEME中明确写出兼容4.4~4.8或5.0~5.1)：LDAP Administrtorldapadmin 2015.2：三．准备1. 关闭selinux；2. 打开防⽕墙tcp 389 / 636端⼝。

# tcp 389 是openldap 明⽂传输端⼝，tcp 636是ssl加密传输的端⼝。

# centos7默认⾃带firewalld服务，可以停⽤之后安装iptables。

四．安装OpenLDAP1.依赖包[root@localhost ~]# yum install *ltdl* -y# 涉及libtool-ltdl与libtool-ltdl-devel，如不安装，在编译时报错：configure: error: could not locate libtool ltdl.h2.安装BDB[root@localhost ~]# cd /usr/local/src/[root@localhost src]# tar -zxvf db-5.1.29.tar.gz[root@localhost src]# cd db-5.1.29/build_unix/[root@localhost build_unix]# ../dist/configure --prefix=/usr/local/berkeleydb-5.1.29[root@localhost build_unix]# make[root@localhost build_unix]# make install#必须在解压包的build_unix⽬录中编译安装，否则会报错。

编译并安装OpenLDAP本节讨论Senior Level Linux Professional（LPIC-3）考试301 的302.1 主题的内容。

这个主题的权值为3。

在本节中，学习如何：∙从源代码编译和配置OpenLDAP∙理解OpenLDAP 后端数据库∙管理OpenLDAP 守护进程∙排除安装期间的错误OpenLDAP 是一个实现LDAP 服务器和相关工具的开放源码应用程序。

因为它是开放源码的，所以可以免费下载它的源代码。

OpenLDAP 项目并不直接发布二进制代码，但是大多数主流的发行版都打包了二进制代码。

在本教程中，学习如何从源代码和软件包安装OpenLDAP。

从源代码编译第一步是从项目站点下载OpenLDAP 的最新版本（见参考资料中的下载链接）。

这个项目通常有两个当前版本：一个是稳定版本，另一个是测试版本。

本教程使用稳定版2.3.30 和2.3.38。

如果按照本教程进行操作，一些目录名可能会随版本而变化。

为了从下载的文件中提取源代码，输入tar -xzf openldap-stable-20070831.tgz。

这会将下载的文件解压到一个目录中。

用cd openldap-2.3.38命令进入这个新目录（根据需要替换您的OpenLDAP 版本号）。

现在的位置在源代码目录中。

现在必须配置系统的构建环境，然后构建这个软件。

OpenLDAP 使用脚本configure执行这些操作。

输入./configure --help就可以看到可用的所有选项。

一些选项定义安装文件的位置（比如--prefix）：其他选项定义希望安装的OpenLDAP 特性。

清单1 列出特性及其默认设置。

清单 1. 与OpenLDAP 特性相关的配置选项SLAPD (Standalone LDAP Daemon) Options:--enable-slapd enable building slapd [yes]--enable-aci enable per-object ACIs (experimental) [no]--enable-cleartext enable cleartext passwords [yes]--enable-crypt enable crypt(3) passwords [no]--enable-lmpasswd enable LAN Manager passwords [no]--enable-spasswd enable (Cyrus) SASL password verification [no]--enable-modules enable dynamic module support [no]--enable-rewrite enable DN rewriting in back-ldap and rwm overlay[auto]--enable-rlookups enable reverse lookups of client hostnames [no]--enable-slapi enable SLAPI support (experimental) [no]--enable-slp enable SLPv2 support [no]--enable-wrappers enable tcp wrapper support [no]SLAPD Backend Options:--enable-backends enable all available backends no|yes|mod--enable-bdb enable Berkeley DB backend no|yes|mod [yes]--enable-dnssrv enable dnssrv backend no|yes|mod [no]--enable-hdb enable Hierarchical DB backend no|yes|mod [yes]--enable-ldap enable ldap backend no|yes|mod [no]--enable-ldbm enable ldbm backend no|yes|mod [no]--enable-ldbm-api use LDBM API auto|berkeley|bcompat|mdbm|gdbm [auto]--enable-ldbm-type use LDBM type auto|btree|hash [auto]--enable-meta enable metadirectory backend no|yes|mod [no]--enable-monitor enable monitor backend no|yes|mod [yes]--enable-null enable null backend no|yes|mod [no]--enable-passwd enable passwd backend no|yes|mod [no]--enable-perl enable perl backend no|yes|mod [no]--enable-relay enable relay backend no|yes|mod [yes]--enable-shell enable shell backend no|yes|mod [no]--enable-sql enable sql backend no|yes|mod [no]SLAPD Overlay Options:--enable-overlays enable all available overlays no|yes|mod--enable-accesslog In-Directory Access Logging overlay no|yes|mod [no] --enable-auditlog Audit Logging overlay no|yes|mod [no]--enable-denyop Deny Operation overlay no|yes|mod [no]--enable-dyngroup Dynamic Group overlay no|yes|mod [no]--enable-dynlist Dynamic List overlay no|yes|mod [no]--enable-lastmod Last Modification overlay no|yes|mod [no]--enable-ppolicy Password Policy overlay no|yes|mod [no]--enable-proxycache Proxy Cache overlay no|yes|mod [no]--enable-refint Referential Integrity overlay no|yes|mod [no]--enable-retcode Return Code testing overlay no|yes|mod [no]--enable-rwm Rewrite/Remap overlay no|yes|mod [no]--enable-syncprov Syncrepl Provider overlay no|yes|mod [yes]--enable-translucent Translucent Proxy overlay no|yes|mod [no]--enable-unique Attribute Uniqueness overlay no|yes|mod [no]--enable-valsort Value Sorting overlay no|yes|mod [no]SLURPD (Replication Daemon) Options:--enable-slurpd enable building slurpd [auto]Optional Packages:--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)--with-subdir=DIR change default subdirectory used for installs--with-cyrus-sasl with Cyrus SASL support [auto]在清单1 中，可以看到许多特性在默认情况下是禁用的，比如元目录和模块。

LDAP学习资料整理LDAP中的objectClass与Attribute初学LDAP时容易弄错的问题就是objectClass和Attribute之间的关系的，当时找过许多的中文资料都没有得到答案。

最近终于彻底弄明白了这个问题，于是决定做个笔记。

下面我会对照Java里面的一些概念来讲讲LDAP中的objectClass与Attribute，非常惊喜的是他们非常相似！LDAP中每一个Entry必须属于某一个objectClass，用Java的方式来理解就是Entry是一个Instance，而objectClass就是class。

在Java中Class可以分为Abstract，concrete两种，我们知道要new 一个Instance时必须要有一个concrete Class。

在LDAP中objectClass分为三种：Abstract，Structural，AUXIALIARY。

要定义一个Entry必须包含一个Structural类型的ObjectClass，其他两个类型可包括0或多个。

其中T op是一个顶级ObjectClass，里面定义了一个MUST Attribute：ObjectClass，于是也就决定了必须有一个其它的Structural ObjectClass才能定义一个Entry.其中ObjectClass 又可以存在继承关系，该继承关系于Java中有点相似，子ObjectClass会继承父ObjectClass中的全部Attribute.下面分析一下ObjectClass与Attribute的关系。

如同Java里面的一个类可以包括多个Field，在业务上可能会定义某些Field是必须的，另外一些是可选的。

在LDAP中也存在类似关系，每一个ObjectClass都定义了一些Attribute，其Attribute仍然可以是ObjectClass。

在这些Attriubte中分为两种类型MUST，MAY，MUST表示这个Entry必须包括的属性，MAY为可选。

冠：dn:cn=zhujian_jiluming,ou=biao_ming,dc=shujuku_mingsn 真实名称cn 常用名称也可是具体哪个管理员或用户ou 部门也可是管理员或用户o 公司c 国家dc 域名数据类型主要是字符型，为了检索的需要添加了BIN(二进制数据)、CIS(忽略大小写)、CES(大小写敏感)、TEL(电话型)等1、完整DN包括：基准DN：dc=..，dc=..，dc=..，等等相对路径(ou)：可以是多层文件夹，例如ou=..，ou=..，ou=..，等等区别名(cn或uid)：相当于记录的名字2、条目：相当于记录，而且每个条目必须属于某个或多个对象类OpenDS中左侧的属性大部分都是来自于左侧的所属的对象类3、如下是LDAP记录的详细信息dn:cn=stan,ou=linux,ou=computer,dc=school,dc=org 此处cn是记录的名字，与下面的cn不同objectClass：organizationalPerson 这个就是所属的对象类cn:stan cn是属性，此cn与下面的cn是同一个属性，只不过包含多个值吧了，方便查找cn:小刀cn是属性，这些属性大部分来自于所属的对象类sn:小刀sn是属性description:agoodboy（以上是一条记录的信息，如果把他保存成LDIF文件，可以导入到LDAP数据库中）4、若使用系统提供的对象类，则必须遵守该对象类对包含的属性所做的限制，例如，你可以用哪些属性，哪些属性不能为空，哪些属性最多只能有一个值等，例如，你选择了“objectClass：organizationalPerson”，虽然这个类中没有“sex”这个属性，不过你完全可以用一个“空闲”的属性来顶替。

若使用自己定义的对象类，则没有上面的限制。

LDAP 连接池的最小尺寸:缺省值为 1。

OpenDS在刚开机时显示LDAP 连接池的最大尺寸:缺省值为 10。

RHEL6 OPENLDAP 的搭建及本地帐户向LDAP 的迁移一. 服务器环境准备1.防火墙、selinux配置安装RHEL6.0操作系统（注意是RHEL6.0，因为不同版本操作系统对应修改的配置文件可能就不一样）配置前我们需要先关闭iptables和selinux。

[root@ldap ~]# iptables -F[root@ldap ~]# service iptables saveiptables：将防火墙规则保存到 /etc/sysconfig/iptables： [确定] [root@ldap ~]# service iptables stopiptables：清除防火墙规则： [确定] iptables：将链设置为政策 ACCEPT：filter [确定] iptables：正在卸载模块： [确定] [root@ldap ~]# chkconfig iptables off[root@ldap ~]# setenforce 0[root@ldap ~]# getenforcePermissive[root@ldap ~]# grep disabled /etc/selinux/config# disabled - No SELinux policy is loaded.SELINUX=disabled2.网卡文件配置[root@ldap ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE="eth0"HWADDR="00:0C:29:97:96:05"NM_CONTROLLED="yes"ONBOOT="static"IPADDR=192.168.37.37NETMASK=255.255.255.0GATEWAY=192.168.37.1DNS1=192.168.37.373.主机名配置[root@ldap ~]# cat /etc/sysconfig/networkNETWORKING=yesHOSTNAME=二. 安装配置Bind DNS Server1.安装软件Bind软件包Linux下面使用的DNS服务端软件叫bindrpm -qa | grep bind #查询是否安装了bind软件如果没有安装就需要安装了yum install bind* -y2.修改Bind配置文件修改根域配置文件如下，三个any。