3、ok,安装完相关软件后就可以着手配置了。Berkeley DB资料库没什么好配置的。主要是配置openldap 服务。配置文件在软件的安装目录的etc/openldap下,有四个文件,主要的是slapd.conf and ldap.conf,其它两个是backup文件。首先,我们先来配置slapd.conf文档。 系统默认的slapd.conf文件如下: # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema 设置schema配置文档包含
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write!
database bdb 设置使用的资料库,也可用lbdm。 suffix "dc=my-domain,dc=com" 设置目录后缀 rootdn "cn=Manager,dc=my-domain,dc=com" 设置目录管理员 # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd( and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret 设置管理密码,这里用了明文的secret密码。 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data 设置资料库路径 # Indices to maintain index objectClass eq 设置目录项索引
要服务器正常动作,要修改一些始初参数和设置,修改后的配置文档如下:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema 为了有效使用目录服务,包含相关的文件。 include /usr/local/openldap/etc/openldap/schema/corba.schema 注意,在包含文件时是要按一定顺序的,因为文件include /usr/local/openldap/etc/openldap/schema/cosine.schema 里的属性存在依赖关系。如果顺序不对,服务器启include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema 动不了,文档间的依赖关系在文档中都有说明,请include /usr/local/openldap/etc/openldap/schema/misc.schema 仔细查看一个。如果懒得看也可以按我的顺序。 include /usr/local/openldap/etc/openldap/schema/openldap.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/samba.schema # Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
设为主页
收藏本站
相关文章: