openldap quick start guide

openldap 2.4 在centos 7 x64系统上部署

1 下载源码编译
解压
tar -xvf xx

./configure

make && make install

2 更改配置文件
默认在/usr/local/etc/openldap/slapd.ldif
主要更改 <MY-DOMAIN> and <COM>
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
OlcDbMaxSize: 1073741824
olcSuffix: dc=<MY-DOMAIN>,dc=<COM>
olcRootDN: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
olcRootPW: secret
olcDbDirectory: /usr/local/var/openldap-data
olcDbIndex: objectClass eq
Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your
domain name. For example, for example.com, use:
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
OlcDbMaxSize: 1073741824
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcDbDirectory: /usr/local/var/openldap-data
olcDbIndex: objectClass eq

把配置导入数据库
/usr/local/etc/slapd.d文件不存在可以先建立一个
su root -c /usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l
/usr/local/etc/openldap/slapd.ldif

3 启动与验证
su root -c /usr/local/libexec/slapd -F /usr/local/etc/slapd.d

验证
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

4 添加

注意每一行冒号后有空格，其他地方不要加空格
example.ldif文件
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager

ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f example.ldif

注意cn=Manager,dc=example,dc=com是配置里面定义的rootDN

Manager节点下添加一项

item.ldif

dn: cn=test2,cn=Manager,dc=novel,dc=com
cn: test2
sn: Test User
objectclass: person

ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f item.ldif

根下添加另外一个节点

node.ldif

dn: dc=novel,dc=com
objectclass: top
objectclass: dcobject
objectclass: organization
dc: novel
o: novel,Inc.

dn: ou=managers,dc=novel,dc=com
ou: managers
objectclass: organizationalUnit

ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f node.ldif

单独添加项目t.ldif

dn: cn=novel,ou=managers,dc=novel,dc=com
cn: novel
sn: wuyunhui
objectclass: person

ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f t.ldif

验证
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

5 更改

modi.ldif

dn: cn=test2,cn=Manager,dc=novel,dc=com
changetype: modify
replace: sn
sn: Test User ccccccf

ldapmodify -x -D "cn=Manager,dc=example,dc=com" -w secret -f t.ldif

编程相关

使用openldap库提供的接口可用使用C/C++访问ldap目录服务

ocsp协议相关接口openssl库有实现

参考：OpenLDAP-Admin-Guide