Home | Mirror | Search

2. Configure

過程 1.1. Configure Openldap

  1. 配置/etc/ldap.conf

    #
    # LDAP Defaults
    #
    
    # See ldap.conf(5) for details
    # This file should be world readable but not world writable.
    
    #BASE   dc=example, dc=com
    #URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
    
    #SIZELIMIT      12
    #TIMELIMIT      15
    #DEREF          never
    HOST 127.0.0.1
    BASE dc=bg7nyt,dc=cn
    TLS_CACERTDIR /etc/openldap/cacerts
    			
  2. 配置/etc/slapd.conf

    suffix          "dc=bg7nyt,dc=cn"
    rootdn          "cn=Manager,dc=bg7nyt,dc=cn"
    rootpw          {crypt}ijFYNcSNctBYg
    			

    rootpw 預設是 secret

    crypt 密碼產生很簡單,很多語言裡都有crypt(key,salt)函數,不過最簡單的辦法是,使用UNIX Shadow 密碼,使用apache的htpasswd生成

    如果你想使用更複雜的加密算法,可以參考我的另一篇文章《信息安全與加密》

  3. ldap 腳本

    service ldap {start|stop|restart|status|condrestart}

    or

    /etc/init.d/ldap {start|stop|restart|status|condrestart}

    [root@backup openldap]# service ldap
    Usage: /etc/init.d/ldap {start|stop|restart|status|condrestart}
    [root@backup openldap]# service ldap start
    Checking configuration files for : config file testing succeeded
    Starting slapd:                                            [  OK  ]
    [root@backup openldap]# service ldap restart
    Stopping slapd:                                            [  OK  ]
    Checking configuration files for slapd: config file testing succeeded
    Starting slapd:                                            [  OK  ]
    [root@backup openldap]# service ldap stop
    Stopping slapd:                                            [  OK  ]
    [root@backup openldap]#
    			

reconfigure

sudo dpkg-reconfigure slapd		
		
comments powered by Disqus