Install and configure OpenLDAP server Solaris10

February 23, 2009

单位有一台Sparc Solaris10,配置Openldap Server在上面
bash-3.00# uname
-a  

SunOS cnbjnis1 5.10
Generic_118833-17 sun4u sparc SUNW,UltraAX-i2

bash-3.00# isainfo
-v

64-bit sparcv9
applications

       
vis

32-bit sparc
applications

       
vis v8plus div32 mul32

bash-3.00# isainfo
-b

64
Prepare
1. Download  Package from
http://www.sunfreeware.com/indexsparc10.html

• openldap-2.4.11-sol10-sparc-local.gz
• openssl-0.9.8j
• sasl-2.1.21
• db-4.2.52.NC
• gcc-3.4.6

Before you install OpenLDAP Package, Firstly install others.
2. Unzip file

gzip -d
*-sol10-sparc-local.gz

3. Installation

Pkgadd -d
*-sol10-sparc-local

4. ENV
set    
Solaris太多因env
而引起的问题

bash-3.00#
export LD_NOVERSION=yes
bash-3.00# export PATH=$PATH:/usr/local/sbin

5. Add LDAP user and group

# groupadd –g 55 ldap
# useradd -u 55 -g 55 -d /home/ldap -s /bin/false ldap

6. create Openldap Data
folder

# mkdir –p
/usr/local/var/openldap-data
# chmod 700 /usr/local/var/openldap-data
# chown –R ldap:daemon /usr/local/var/openldap-data
# chown –R ldap:daemon /usr/local/etc/openldap

Installation and Configure
Steps:
1.bash-3.00# vi slapd.conf
#

include        
/usr/local/etc/openldap/schema/core.schema

include        
/usr/local/etc/openldap/schema/cosine.schema

include        
/usr/local/etc/openldap/schema/inetorgperson.schema

include        
/usr/local/etc/openldap/schema/nis.schema

# Define global ACLs to
disable default read access.

pidfile        
/usr/local/var/run/slapd.pid

argsfile       
/usr/local/var/run/slapd.args

#      
Directives needed to implement policy:

 access to
dn.base=”” by * read

 access to
dn.base=”cn=Subschema” by * read

 access to
*

       
by self write

       
by users read

       
by anonymous auth

#

database       
bdb

suffix         
“dc=abc,dc=com”

rootdn         
“cn=root,dc=abc,dc=com”

rootpw         
secret

directory      
/usr/local/var/openldap-data

# Indices to
maintain

index
objectClass                      
eq,pres

index
ou,cn,mail,surname,givenname     
eq,pres,sub

index
uidNumber,gidNumber,loginShell   
eq,pres

index
uid,memberUid                    
eq,pres,sub

index
nisMapName,nisMapEntry           
eq,pres,sub

2. bash-3.00# vi base.ldif
dn:
dc=abc,dc=com

dc: asia

objectClass:
top

objectClass:
domain



dn:
ou=people,dc=abc,dc=com

ou: people

objectClass:
top

objectClass:
organizationalUnit



dn:
ou=qa,dc=abc,dc=com

ou: qa

objectClass:
top

objectClass:
organizationalUnit

3.bash-3.00# vi passwd.ldif
dn:
uid=ldap1,ou=people,dc=abc,dc=com

uid: ldap1

cn: ldap1

objectClass:
account

objectClass:
posixAccount

objectClass:
top

objectClass:
shadowAccount

userPassword:
aaa123

shadowLastChange:
13950

shadowMax:
99999

shadowWarning:
7

loginShell:
/bin/tcsh

uidNumber:
10001

gidNumber:
10002

homeDirectory:
/tmp/ldap1
4.bash-3.00# vi group.ldif
dn:
cn=ldapuser,ou=qa,dc=abc,dc=com

objectClass:
top

objectClass:
posixGroup

gidNumber: 10002
5.Configure DB config
bash-3.00# cp
/usr/local/etc/openldap/DB_CONFIG.example
/usr/local/var/openldap-data/DB_CONFIG
6.Start Slapd
bash-3.00#
/usr/local/libexec/slapd
7.Add LDIF
bash-3.00# ldapadd -D
“cn=root,dc=abc,dc=com” -f base.ldif -w
secret

bash-3.00# ldapadd -D
“cn=root,dc=abc,dc=com” -f passwd.ldif -w
secret
bash-3.00# 
ldapadd -D “cn=root,dc=abc,dc=com” -f
group.ldif -w secret
8.Check DB record Data
bash-3.00#
slapcat

bdb_monitor_db_open:
monitoring disabled; configure monitor database to
enable

dn:
dc=abc,dc=com

dc: asia

objectClass:
top

objectClass:
domain

structuralObjectClass:
domain

entryUUID:
4a27a464-95a4-102d-9751-4d76310c754f

creatorsName:
cn=root,dc=abc,dc=com

createTimestamp:
20090223031747Z

entryCSN:
20090223031747.826608Z#000000#000#000000

modifiersName:
cn=root,dc=abc,dc=com

modifyTimestamp:
20090223031747Z



dn:
ou=people,dc=abc,dc=com

ou: people

objectClass:
top

objectClass:
organizationalUnit

structuralObjectClass:
organizationalUnit

entryUUID:
4a2a14b0-95a4-102d-9752-4d76310c754f

creatorsName:
cn=root,dc=abc,dc=com

createTimestamp:
20090223031747Z

entryCSN:
20090223031747.842600Z#000000#000#000000

modifiersName:
cn=root,dc=abc,dc=com

modifyTimestamp:
20090223031747Z





dn:
uid=ldap1,ou=people,dc=abc,dc=com

uid: ldap1

cn: ldap1

objectClass:
account

objectClass:
posixAccount

objectClass:
top

objectClass:
shadowAccount

userPassword::
YWFhMTIz

shadowLastChange:
13950

shadowMax:
99999

shadowWarning:
7

loginShell:
/bin/tcsh

uidNumber:
10001

gidNumber:
10002

homeDirectory:
/tmp/ldap1

structuralObjectClass:
account

entryUUID:
2065ad86-95a6-102d-8b86-bf691587d087

creatorsName:
cn=root,dc=abc,dc=com

createTimestamp:
20090223033056Z

entryCSN:
20090223033056.762319Z#000000#000#000000

modifiersName:
cn=root,dc=abc,dc=com

modifyTimestamp:
20090223033056Z

dn:
cn=ldapuser,ou=qa,dc=abc,dc=com

objectClass:
top

objectClass:
posixGroup

gidNumber:
10002

structuralObjectClass:
posixGroup

cn: ldapuser

entryUUID:
81b68e26-9695-102d-9174-27873c9839ad

creatorsName:
cn=root,dc=abc,dc=com

createTimestamp:
20090224080429Z

entryCSN:
20090224080429.749742Z#000000#000#000000

modifiersName:
cn=root,dc=abc,dc=com

modifyTimestamp:
20090224080429Z
9. Go to configure LDAP client

Written by Eric Posted in Uncategorized