OpenLDAP的安装与基本使用方法(一)
本文介绍OpenLDAP的基本安装使用方法。我在本文中使用的操作系统是Fedora,以下是具体版本:
$ uname -a
Linux f64 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
openldap相关的包如下:
$ dnf search openldap*
Fedora 25 - x86_64 1.7 MB/s | 50 MB 00:30
RCM Tools for Fedora 25 (RPMs) 5.4 kB/s | 5.1 kB 00:00
Fedora 25 - x86_64 - Updates 2.0 MB/s | 24 MB 00:11
Last metadata expiration check: 0:00:08 ago on Sun Dec 24 20:52:58 2017.
=================================================== N/S Matched: openldap* ===================================================
openldap.i686 : LDAP support libraries
openldap.x86_64 : LDAP support libraries
openldap-devel.i686 : LDAP development libraries and header files
openldap-devel.x86_64 : LDAP development libraries and header files
openldap-clients.x86_64 : LDAP client utilities
openldap-servers.x86_64 : LDAP server
collectd-openldap.x86_64 : OpenLDAP plugin for collectd
我们要把所有openldap相关的包安装好:
$ sudo dnf install openldap-clients openldap-servers openldap-clients openldap-devel openldap
[sudo] password for weli:
Last metadata expiration check: 0:57:49 ago on Sun Dec 24 19:57:48 2017.
Package openldap-2.4.44-2.fc25.x86_64 is already installed, skipping.
Dependencies resolved.
==============================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================
Installing:
cyrus-sasl x86_64 2.1.26-26.2.fc24 fedora 91 k
cyrus-sasl-devel x86_64 2.1.26-26.2.fc24 fedora 314 k
openldap-clients x86_64 2.4.44-11.fc25 updates 190 k
openldap-devel x86_64 2.4.44-11.fc25 updates 805 k
openldap-servers x86_64 2.4.44-11.fc25 updates 2.1 M
Upgrading:
openldap x86_64 2.4.44-11.fc25 updates 352 k
Transaction Summary
==============================================================================================================================
Install 5 Packages
Upgrade 1 Package
Total download size: 3.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): openldap-clients-2.4.44-11.fc25.x86_64.rpm 188 kB/s | 190 kB 00:01
(2/6): cyrus-sasl-devel-2.1.26-26.2.fc24.x86_64.rpm 471 kB/s | 314 kB 00:00
(3/6): openldap-devel-2.4.44-11.fc25.x86_64.rpm 479 kB/s | 805 kB 00:01
(4/6): cyrus-sasl-2.1.26-26.2.fc24.x86_64.rpm 865 kB/s | 91 kB 00:00
(5/6): openldap-2.4.44-11.fc25.x86_64.rpm 256 kB/s | 352 kB 00:01
(6/6): openldap-servers-2.4.44-11.fc25.x86_64.rpm 631 kB/s | 2.1 MB 00:03
------------------------------------------------------------------------------------------------------------------------------
Total 573 kB/s | 3.8 MB 00:06
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Upgrading : openldap-2.4.44-11.fc25.x86_64 1/7
Installing : cyrus-sasl-2.1.26-26.2.fc24.x86_64 2/7
Installing : cyrus-sasl-devel-2.1.26-26.2.fc24.x86_64 3/7
Installing : openldap-devel-2.4.44-11.fc25.x86_64 4/7
Installing : openldap-clients-2.4.44-11.fc25.x86_64 5/7
Installing : openldap-servers-2.4.44-11.fc25.x86_64 6/7
Cleanup : openldap-2.4.44-2.fc25.x86_64 7/7
Verifying : openldap-clients-2.4.44-11.fc25.x86_64 1/7
Verifying : openldap-servers-2.4.44-11.fc25.x86_64 2/7
Verifying : openldap-devel-2.4.44-11.fc25.x86_64 3/7
Verifying : cyrus-sasl-devel-2.1.26-26.2.fc24.x86_64 4/7
Verifying : cyrus-sasl-2.1.26-26.2.fc24.x86_64 5/7
Verifying : openldap-2.4.44-11.fc25.x86_64 6/7
Verifying : openldap-2.4.44-2.fc25.x86_64 7/7
Installed:
cyrus-sasl.x86_64 2.1.26-26.2.fc24 cyrus-sasl-devel.x86_64 2.1.26-26.2.fc24 openldap-clients.x86_64 2.4.44-11.fc25
openldap-devel.x86_64 2.4.44-11.fc25 openldap-servers.x86_64 2.4.44-11.fc25
Upgraded:
openldap.x86_64 2.4.44-11.fc25
Complete!
使用下面的命令启动openldap的服务:
$ sudo service slapd start
Redirecting to /bin/systemctl start slapd.service
如上所示,openldap的服务名叫做slapd。验证服务已经启动:
$ ps -ef | grep slapd
ldap 583 1 0 21:00 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:/// ldaps:/// ldapi:///
接下来我们可以查看一下服务器的基本配置:
$ cd /etc/openldap
$ pwd
/etc/openldap
$ ls
cacerts certs check_password.conf ldap.conf schema slapd.d
如上所示,openldap的配置文件默认在/etc/openldap当中。其中slapd.d中保存了配置内容。注意我们使用的openldap版本为2.4,在2.4以前的版本中,OpenLDAP使用slapd.conf配置文件来进行服务器的配置,而2.4开始则使用slapd.d目录保存细分后的各种配置,这一点需要注意。接下来我们看看slapd.d中的内容。这个目录的用户默认是ldap:
drwxr-x--- 3 ldap ldap 4096 Dec 24 20:55 slapd.d
所以要查看内容的话,得用到sudo:
$ pwd
/etc/openldap
$ sudo tree slapd.d/
slapd.d/
├── cn=config
│ ├── cn=schema
│ │ └── cn={0}core.ldif
│ ├── cn=schema.ldif
│ ├── olcDatabase={0}config.ldif
│ ├── olcDatabase={-1}frontend.ldif
│ ├── olcDatabase={1}monitor.ldif
│ └── olcDatabase={2}mdb.ldif
└── cn=config.ldif
2 directories, 7 files
以上是slapd.d中的内容,后续慢慢讲解这些文件的内容。先看一下olcDatabase={2}mdb.ldif里面的内容:
$ pwd
/etc/openldap
$ sudo cat 'slapd.d/cn=config/olcDatabase={2}mdb.ldif'
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 87ab09c1
dn: olcDatabase={2}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcMdbConfig
entryUUID: 85d693ac-7cf5-1037-9e98-0fdde1182b45
creatorsName: cn=config
createTimestamp: 20171224125554Z
entryCSN: 20171224125554.835004Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20171224125554Z
在这个文件里面定义了openldap默认配置好的数据库:
objectClass: olcDatabaseConfig
配置文件中还定义了数据库的位置:
olcDbDirectory: /var/lib/ldap
数据库的类型默认使用openldap内置的「OpenLDAP Lightning Memory-Mapped Database」1 2 3:
objectClass: olcMdbConfig
我们看一下数据库文件所在目录/var/lib/ldap里面的数据库文件:
$ sudo ls /var/lib/ldap
data.mdb lock.mdb
为了读取这个数据库里面的内容,我们需要安装lmdb这个包:
$ dnf info lmdb
Last metadata expiration check: 1:26:27 ago on Sun Dec 24 20:52:58 2017.
Available Packages
Name : lmdb
Arch : i686
Epoch : 0
Version : 0.9.21
Release : 1.fc25
Size : 29 k
Repo : updates
Summary : Memory-mapped key-value database
URL : http://symas.com/mdb/
License : OpenLDAP
Description : LMDB is an ultra-fast, ultra-compact key-value embedded data
: store developed by Symas for the OpenLDAP Project. By using memory-mapped files,
: it provides the read performance of a pure in-memory database while still
: offering the persistence of standard disk-based databases, and is only limited
: to the size of the virtual address space.
Name : lmdb
Arch : x86_64
Epoch : 0
Version : 0.9.21
Release : 1.fc25
Size : 29 k
Repo : updates
Summary : Memory-mapped key-value database
URL : http://symas.com/mdb/
License : OpenLDAP
Description : LMDB is an ultra-fast, ultra-compact key-value embedded data
: store developed by Symas for the OpenLDAP Project. By using memory-mapped files,
: it provides the read performance of a pure in-memory database while still
: offering the persistence of standard disk-based databases, and is only limited
: to the size of the virtual address space.
安装上面这个包:
$ sudo dnf install lmdb
Last metadata expiration check: 2:26:47 ago on Sun Dec 24 19:57:48 2017.
Dependencies resolved.
==============================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================
Installing:
lmdb x86_64 0.9.21-1.fc25 updates 29 k
lmdb-libs x86_64 0.9.21-1.fc25 updates 56 k
Transaction Summary
==============================================================================================================================
Install 2 Packages
Total download size: 85 k
Installed size: 157 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): lmdb-0.9.21-1.fc25.x86_64.rpm 4.8 kB/s | 29 kB 00:06
(2/2): lmdb-libs-0.9.21-1.fc25.x86_64.rpm 8.7 kB/s | 56 kB 00:06
------------------------------------------------------------------------------------------------------------------------------
Total 7.4 kB/s | 85 kB 00:11
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Installing : lmdb-libs-0.9.21-1.fc25.x86_64 1/2
Installing : lmdb-0.9.21-1.fc25.x86_64 2/2
Verifying : lmdb-0.9.21-1.fc25.x86_64 1/2
Verifying : lmdb-libs-0.9.21-1.fc25.x86_64 2/2
Installed:
lmdb.x86_64 0.9.21-1.fc25 lmdb-libs.x86_64 0.9.21-1.fc25
Complete!
安装完成后,查看一下这个包里面的内容:
$ dnf repoquery -l lmdb
Last metadata expiration check: 1:31:56 ago on Sun Dec 24 20:52:58 2017.
/usr/bin/mdb_copy
/usr/bin/mdb_dump
/usr/bin/mdb_load
/usr/bin/mdb_stat
/usr/share/man/man1/mdb_copy.1.gz
/usr/share/man/man1/mdb_dump.1.gz
/usr/share/man/man1/mdb_load.1.gz
/usr/share/man/man1/mdb_stat.1.gz
这个包里面的mdb_dump命令可以用于查看数据库文件,我们可以使用这个命令来查看slapd的数据库文件:
$ sudo mdb_dump /var/lib/ldap/
VERSION=3
format=bytevalue
type=btree
mapsize=10485760
maxreaders=126
db_pagesize=4096
HEADER=END
61643269
00000000080000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
636e
00000000340000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
646e3269
000000000c0000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
676976656e4e616d65
00000000340000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
69643265
00000000080000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
6d61696c
00000000340000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
6f626a656374436c617373
00000000340000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
6f75
00000000340000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
736e
00000000340000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff
DATA=END
可以读取到数据库里面的信息。如果想输出成ascii字符的模式,可以在mdb_dump指令后面加入-p选项:
$ sudo mdb_dump -p /var/lib/ldap/
[sudo] password for weli:
VERSION=3
format=print
type=btree
mapsize=10485760
maxreaders=126
db_pagesize=4096
HEADER=END
ad2i
\00\00\00\00\08\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
cn
\00\00\00\004\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
dn2i
\00\00\00\00\0c\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
givenName
\00\00\00\004\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
id2e
\00\00\00\00\08\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
mail
\00\00\00\004\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
objectClass
\00\00\00\004\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
ou
\00\00\00\004\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
sn
\00\00\00\004\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\ff\ff\ff\ff
DATA=END
先写到这里,后续文章里再给大家继续介绍openldap的配置与使用。