Transcription of LDAP 入門 - 鳥哥的 Linux 私房菜
1 ldap ldap ldap (O'Reilly, ISBN: 986-7794-21-4) HTTP Mail File System (Samba) Mail Mail File System File System ldap ldap AP ldap Linux login Postfix Samba HTTP ldap Redhat Linux ldap OpenLDAP Microsoft Active Directory AD
2 ldap ldap command CentOS CentOS 4 Redhat Enterprise Linux 4 Fedora Core 3 Fedora Core 4 CentOS OpenLDAP ldap ldap server devel ldap Server root # rpm -qa | grep # CentOS 4 RPM root # rpm -ivh openldap*Page 1 of 11 ldap ~ ~root # ldap ldap / \ login company / \ / \ user group unit customer / | \ mis account hr login login login company ldap -> company -> unit Note.
3 ldap ldap ldap LDAPv3 ldap cn=user name,ou=gourp,dc=your,dc=domain mis steven steven cn=steven,ou=mis,ou=unit,ou=company,dc=l -penguin,dc=idv,dc=tw dn ldap cn ou ou=mis steven steven steven ldap mis dn Page 2 of 11 ldap cn= ,ou=mis,ou=unit,ou=company,dc=l-penguin, dc=idv,dc=tw ldap ldap ldap OpenLDAP /etc/ Note.
4 , ldap OpenLDAP root # vi /etc/ "dc=l-penguin,dc=idv,dc=tw"rootdn "cn=Manager,dc=l-penguin,dc=idv,dc=tw"ro otpw secret================================== ========== suffix "dc=l-penguin,dc=idv,dc=tw"suffix ldap rootdn "cn=Manager,dc=l-penguin,dc=idv,dc=tw" Unix/ Linux root rootdn ldap root ldap cn Manager rootpw secret Manager secret / ldap *.
5 Ldif LDIF /etc/openldap/ Page 3 of 11 ldap # root nodedn: dc=l-penguin,dc=idv,dc=twdc: l-penguinobjectClass: dcObjectobjectClass: organizationalUnitou: l-penguin Dot idv Dot tw#login topdn: ou=login,dc=l-penguin,dc=idv,dc=twou: loginobjectClass: organizationalUnit#user, uid, passworddn: ou=user,ou=login,dc=l-penguin,dc=idv,dc= twou: userobjectClass: organizationalUnit#groupdn: ou=group,ou=login,dc=l-penguin,dc=idv,dc =twou: groupobjectClass: organizationalUnit##for company organization topdn: ou=company,dc=l-penguin,dc=idv,dc=twou: companyobjectClass: organizationalUnit#for company organization (unit)dn: ou=unit,ou=company,dc=l-penguin,dc=idv,d c=twou: unitobjectClass: organizationalUnit#human resource (under unit)dn: ou=hr,ou=unit,ou=company,dc=l-penguin,dc =idv,dc=twou: hrobjectClass: organizationalUnit#MIS (under unit)dn: ou=mis,ou=unit,ou=company,dc=l-penguin,d c=idv,dc=twou: misobjectClass: organizationalUnit#Account (under unit)dn: ou=account,ou=unit,ou=company,dc=l-pengu in,dc=idv,dc=twou: accountPage 4 of 11 ldap objectClass.
6 OrganizationalUnit# for customers informationdn: ou=customer,ou=company,dc=l-penguin,dc=i dv,dc=twou: customerobjectClass: organizationalUnit dn objectClass key ldap slapadd root # slapadd -v -l /etc/openldap/ : "ou=login,dc=l-penguin,dc=idv,dc=tw" (00000005)added: "ou=user,ou=login,dc=l-penguin,dc=idv,dc =tw" (00000006)added: "ou=group,ou=login,dc=l-penguin,dc=idv,d c=tw" (00000007)added: "ou=company,dc=l-penguin,dc=idv,dc=tw" (00000008)added: "ou=unit,ou=company,dc=l-penguin,dc=idv, dc=tw" (00000009)added: "ou=hr,ou=unit,ou=company,dc=l-penguin,d c=idv,dc=tw"(0000000a)added: "ou=mis,ou=unit,ou=company,dc=l-penguin, dc=idv,dc=tw"(0000000b)added: "ou=account,ou=unit,ou=company,dc=l-peng uin,dc=idv,dc=tw"(0000000c)added: "ou=customer,ou=company,dc=l-penguin,dc= idv,dc=tw" (0000000d)root # DLAP RPM root # service ldap startChecking configuration files for.
7 Config file testing succeededStarting slapd: [ OK ]root # Note: slap* ldap ldap root # ldapsearch -x -b "dc=l-penguin,dc=idv,dc=tw"# extended LDIFPage 5 of 11 ldap ## LDAPv3# base <dc=l-penguin,dc=idv,dc=tw> with scope sub# filter: (objectclass=*)# requesting: ALL## : dc=l-penguin,dc=idv,dc=twdc: l-penguinou: l-penguin Dot idv Dot twobjectClass: dcObjectobjectClass: organizationalUnit# login, : ou=login,dc=l-penguin,dc=idv,dc=twou: loginobjectClass: organizationalUnit# user, login, : ou=user,ou=login,dc=l-penguin,dc=idv,dc= twou: userobjectClass: organizationalUnit# group, login, : ou=group,ou=login,dc=l-penguin,dc=idv,dc =twou: groupobjectClass: organizationalUnit~ ~# search resultsearch: 2result: 0 Success# numResponses: 11# numEntries: 10root # ldap :) ldif Page 6 of 11 ldap ^^ /etc/openldap/ # dn.
8 Cn= ,ou=hr,ou=unit,ou=company,dc=l-penguin,d c=idv,dc=twcn: sn: N/Aobjectclass: personobjectclass: inetOrgPersongivenName: mail: 02-29587572mobile: 0939689593postalAddress: 1 postalCode: 235ou: o: l-penguin : : (?!) inetOrgPerson person objectclass dn: sn: ldap key Shell Script Perl Note: inetOrgPerson person objectClass ldap unix UTF-8 Windows ldif Windows vi ^M Linux vi dos2unix Page 7 of 11 ldap root # dos2unix /etc/openldap/ # Windows Big5 UTF-8 ldap ldif UTF-8 Big5 UTF-8 iconv root # iconv -f big5 -t UTF-8 -o # file.
9 UTF-8 Unicode textroot # ldapmodify root # ldapmodify -D "cn=Manager,dc=l-penguin,dc=idv,dc=tw" -w secret -x -a -f/etc/openldap/ ~ ~root # ldapsearch root # ldapsearch -x -b "ou=unit,ou=company,dc=l-penguin,dc=idv, dc=tw"# extended LDIF## LDAPv3# base <ou=unit,ou=company,dc=l-penguin,dc=idv,dc=tw> with scope sub# filter: (objectclass=*)# requesting: ALL#~ ~# \E9\BB\83\E6\80\A1\E9\9A\86, hr, unit, company, ::Y2496buD5oCh6 ZqGLG91 PWhyLG91 PXVuaXQsb3U9Y29tcGFueSxkYz1sLXBlbmd1aW4s ZGM9aWR2 LGRjPXR3cn:: 6buD5oCh6 ZqGsn: N/AobjectClass: topobjectClass: personPage 8 of 11 ldap objectClass: inetOrgPersongivenName:: 6buD5oCh6 ZqGmail: 02-29587572mobile: 0939689593postalAddress:: 5Y+w5 YyX57ij5 Lit5 ZKM5biC5pmv5bmz6 LevMeiZnw==postalCode: 235ou:: 5Lq65 Yqb6 LOH5rqQo: l-penguin : :: 5Lq65 LqL6 LOH5rqQ6 YOo5Li75Lu7# \E5\90\B3\E5\