OpenLDAP 安装指南

一：安装db-4.4.20数据库

tar -xvzf db-4.4.20.tar.gz

cd db-4.4.20

cd build_unix/

../dist/configure

../dist/configure --help

../dist/configure --prefix=/usr/local/BerkeleyDB

Make  &&  make install

vi /etc/ld.so.conf  打开文件

添加 /usr/local/BerkeleyDB/lib

装载配置ldconfig

二:  安装cyrus-sasl

tar –zxvf cyrus-sasl-2.1.20.tar.gz

cd cyrus-sasl-2.1.20

./configure

make

make install

三：安装openldap

tar -xvzf openldap-2.3.20.tgz

cd openldap-2.3.20

env CPPFLAGS=-I/usr/local/BerkeleyDB/include LDFLAGS=-L/usr/local/BerkeleyDB/lib ./configure --prefix=/usr/local/openldap --enable-bdb

make

make test

出现如下错误的话

cd tests; make test

make[1]: entering directory `/home/liudan/openldap-2.3.4/tests‘

make[2]: entering directory `/home/liudan/openldap-2.3.4/tests‘

initiating ldap tests for bdb...

running ./scripts/all...

>>>>> executing all ldap tests for bdb

>>>>> starting test000-rootdse ...

running defines.sh

starting slapd on tcp/ip port 9011...

using ldapsearch to retrieve the root dse…

waiting 5 seconds for slapd to start …

waiting 5 seconds for slapd to start …

./scripts/test000-rootdse: line 61: kill: (3538) – no such process

ldap_bind: can’t contact ldap server (-1)

…

通过查看slapd.1.log

root@gregorian:/tmp/openldap-2.3.4/servers/slapd

daemon_init: ldap://localhost:9011/

daemon_init: listen on ldap://localhost:9011/

daemon_init: 1 listeners to open...

ldap_url_parse_ext(ldap://localhost:9011/)

daemon: initialized ldap://localhost:9011/

daemon_init: 1 listeners opened

slapd init: initiated server.

slap_sasl_init: sasl library version mismatch: expected 2.1.20, got 2.1.10

slapd destroy: freeing system resources.

slapd stopped.

connections_destroy: nothing to destroy.

redhat 9默认安装的是2.1.10，删除/usr/lib下所有的lib*sasl*so的文件，

再从新安装cyrus sasl library，再次安装openldap

./configure && make depend && make  && make test && make install

安装完成。

四：改配置文件：

/usr/local/openldap/sbin/slappasswd  zhangadmin  生成密码

vi /usr/local/openldap/etc/sldap.conf

#注意include 载入问件错误。。。！

include         /usr/local/openldap/etc/openldap/schema/core.schema

include         /usr/local/openldap/etc/openldap/schema/corba.schema

include         /usr/local/openldap/etc/openldap/schema/cosine.schema

include         /usr/local/openldap/etc/openldap/schema/dyngroup.schema

include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema

include         /usr/local/openldap/etc/openldap/schema/java.schema

include         /usr/local/openldap/etc/openldap/schema/misc.schema

include         /usr/local/openldap/etc/openldap/schema/nis.schema

include         /usr/local/openldap/etc/openldap/schema/openldap.ldif

include         /usr/local/openldap/etc/openldap/schema/openldap.schema

include         /usr/local/openldap/etc/openldap/schema/ppolicy.schema

suffix          "dc=focus,dc=cn"

rootdn          "cn=Manager,dc=focus,dc=cn"

rootpw          {SSHA}PJ+lzIhCFL1xn/FtheggYsxxS7Rbaop8

启动 /usr/local/openldap/libexec/slapd

 kill -INT `cat /usr/local/openldap/var/run/slapd.pid` 停止

slapd侦听端口 389

初始化数据条目：

vi example.ldif

dn:dc=focus,dc=cn

objectclass:dcObject

objectclass:organization

o:Focus,Inc.

dc:focus

dn:cn=Manager,dc=focus,dc=cn

objectclass:organizationalRole

cn:Manager

每个条目之间要有空行

/usr/local/bin/ldapadd -x -D "cn=Manager,dc=focus,dc=cn" -W -f example.ldif

/usr/local/bin/ldapsearch -x -b ‘dc=focus,dc=cn‘ ‘(objectclass=*)‘

    五：安装phpadminldap

         phpldapAdmin 是免费的工具，可以管理OpenLDAP服务器，使用它透过浏览器就可管理OpenLDAP服务器。phpldapAdmin是一个开源工具，官方主页：http://phpldapadmin.sourceforge.net/ ，最新版本：0.9.7.2 ，下载安装步骤：
    #cd  /var/www/html/
    # wegt http://jaist.dl.sourceforge.net/sourceforge/phpldapadmin/phpldapadmin-0.9.7.2.tar.gz
    #gunzip phpldapadmin-0.9.7.2.tar.gz
    #tar vxf phpldapadmin-0.9.7.2.tar
    #cd phpldapadmin-0.9.7.2/config
    #cp config.php.example config.php

如果详细了解phpldapadmin的的文件配置。查看官方文章！！