如何建立 OpenLDAP serverLDAP 全名是 Lightweight Directory Access Protocol, 是一種目錄訪問協議, 在TCP/IP之上定義了一個相對簡單的升級和搜索目錄的協議。. 常見的用途有電話薄, 登入服務, 域名服務等. LDAP今次所介紹的是 OpenLDAP 服務器的安裝方法先安裝服務器所需軟件sudo apt-get install slapd ldap-utils重新設定 openldap 軟件Dpkg-reconfigure slapdomit openldap server configuration? nodns domain name? example.comorganization name? yourCompanydatabase backend to use? bdbdo you want the database to be removed when slapd is purged? yesmay be the question: move old database? yesadministrator password? confirm password? allow LDAPv2 protocol? no如果需要手動修改 slapd.conf, 可到 /etc/ldap/slapd.conf# This is the main slapd configuration file. See slapd.conf(5) for more# info on the configuration options.######################################################################## Global Directives:## Features to permitallow bind_v2# Schema and objectClass definitionsinclude /etc/ldap/schema/core.schemainclude /etc/ldap/schema/cosine.schemainclude /etc/ldap/schema/nis.schemainclude /etc/ldap/schema/inetorgperson.schema# Where the pid file is put. The init.d script# will not stop the server if you change this.pidfile /var/run/slapd/slapd.pid# List of arguments that were passed to the serverargsfile /var/run/slapd/slapd.args# Read slapd.conf(5) for possible values“/etc/ldap/slapd.conf” 139 lines, 4760 characters# This is the main slapd configuration file. See slapd.conf(5) for more# info on the configuration options.######################################################################## Global Directives:# Features to permitallow bind_v2# Schema and objectClass definitionsinclude /etc/ldap/schema/core.schemainclude /etc/ldap/schema/cosine.schemainclude /etc/ldap/schema/nis.schemainclude /etc/ldap/schema/inetorgperson.schema# Where the pid file is put. The init.d script# will not stop the server if you change this.pidfile /var/run/slapd/slapd.pid# List of arguments that were passed to the serverargsfile /var/run/slapd/slapd.args# Read slapd.conf(5) for possible valuesloglevel none# Where the dynamically loaded modules are storedmodulepath /usr/lib/ldapmoduleload back_bdb# The maximum number of entries that is returned for a search operationsizelimit 500# The tool-threads parameter sets the actual amount of cpu’s that is used# for indexing.tool-threads 1######################################################################## Specific Backend Directives for bdb:# Backend specific directives apply to this backend until another# ‘backend’ directive occursbackend bdb######################################################################## Specific Backend Directives for ‘other’:# Backend specific directives apply to this backend until another# ‘backend’ directive occurs#backend ######################################################################## Specific Directives for database #1, of type bdb:# Database specific directives apply to this databasse until another# ‘database’ directive occursdatabase bdb# The base of your directory in database #1suffix “dc=example,dc=com”修改 /etc/ldap/ldap.conf (示範如下)## LDAP Defaults## See ldap.conf(5) for details# This file should be world readable but not world writable.BASE dc=example,dc=comURI ldap://localhost:389SIZELIMIT 12TIMELIMIT 15DEREF never開始 slapd 服務器/etc/init.d/slapd restart測試netstat -lvt | grep ldaptcp 0 0 *:ldap *:* LISTENtcp6 0 0 [::]:ldap [::]:* LISTEN其實 OpenLDAP 服務器的安裝方法並不複雜. 困難反而在於 client 客戶端的設定之上. 下篇文章, 將會介紹如何用 LDAP 設置 Linux 上的使用者登入系統.