• ldap连接mysql (openldap-2.4.40 rpm + 操作系统CentOS 6.5标准版)


     

    1. 将附件解压到服务器/usr/local/ldap目录下

        

    2. 进入/usr/local/ldap/libdbi目录,安装libdbi依赖库,如果存在老版本,请rpm -e卸载或rpm -Uvh升级老版本

        rpm -ivh libdbi-0.8.3-4.el6.x86_64.rpm

        rpm -ivh libdbi-devel-0.8.3-4.el6.x86_64.rpm

        rpm -ivh libdbi-drivers-0.8.3-5.1.el6.x86_64.rpm

        rpm -ivh libdbi-dbd-mysql-0.8.3-5.1.el6.x86_64.rpm

        

    3. 进入/usr/local/ldap/cyrus目录,安装cyrus依赖库,如果存在老版本,rpm -e卸载或rpm -Uvh升级老版本

        rpm -ivh cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64.rpm

        rpm -ivh cyrus-sasl-2.1.23-15.el6_6.2.x86_64.rpm

        rpm -ivh cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64.rpm

        rpm -ivh cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64.rpm

        

    4. 进入/usr/local/ldap/unixODBC目录,安装unixODBC和依赖库libtool-ltdl

        rpm -ivh libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm

        rpm -ivh unixODBC-2.2.14-14.el6.x86_64.rpm

        rpm -ivh unixODBC-devel-2.2.14-14.el6.x86_64.rpm

        

    5. 进入/usr/local/ldap/mysql,安装mysql,如果存在老版本,rpm -e卸载或rpm -Uvh升级老版本

        rpm -ivh mysql-libs-5.1.73-8.el6_8.x86_64.rpm

        rpm -ivh perl-DBD-MySQL-4.013-3.el6.x86_64.rpm

        rpm -ivh mysql-5.1.73-8.el6_8.x86_64.rpm

        rpm -ivh mysql-server-5.1.73-8.el6_8.x86_64.rpm

        rpm -ivh mysql-connector-odbc-5.1.5r1144-7.el6.x86_64.rpm

        

    6. 操作mysql,准备数据

        1. 启动mysql

            service mysql start

        2. 设置mysql密码

            mysql_secure_installation

        3. 登录mysql

            mysql -uroot -p密码

        4. 创建用户,创建数据库ldap,赋权

            CREATE USER linying@localhost IDENTIFIED BY '123456';

            CREATE DATABASE IF NOT EXISTS ldap;

            GRANT ALL PRIVILEGES ON ldap.* TO 'linying'@'localhost' identified by '123456';

            GRANT ALL PRIVILEGES ON ldap.* TO 'linying'@'127.0.0.1' identified by '123456';

            GRANT ALL PRIVILEGES ON *.* TO 'linying'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;

            FLUSH PRIVILEGES;

        5. 导入表和测试数据

            source /usr/local/ldap/ldap.sql

        6. 导入库

            cd /usr/share/doc/openldap-servers-sql-2.4.40/rdbms_depend/mysql

            mysql -ulinying -p123456 ldap< backsql_create.sql

            mysql -ulinying -p123456 ldap< testdb_create.sql

            mysql -ulinying -p123456 ldap< testdb_data.sql

            mysql -ulinying -p123456 ldap< testdb_metadata.sql

    7. 配置/etc/odbc.ini和/etc/odbcinst.ini文件

            odbc.ini

            

            odbcinst.ini(没有修改,默认配置)

            

    8.  测试连接:isql -v ldap

         

            

    9. 进入/usr/local/ldap/openldap,安装openldap,如果存在openldap老版本先卸载

        rpm -ivh openldap-2.4.40-16.el6.x86_64.rpm

        rpm -ivh pam_ldap-185-11.el6.x86_64.rpm

        rpm -ivh openldap-devel-2.4.40-16.el6.x86_64.rpm

        rpm -ivh openldap-servers-2.4.40-16.el6.x86_64.rpm

        rpm -ivh openldap-servers-sql-2.4.40-16.el6.x86_64.rpm

        rpm -ivh openldap-clients-2.4.40-16.el6.x86_64.rpm

        

    10.配置openldap

        1. 设置openldap密码

            slappasswd

            {SSHA}rJ3sVQ8nJ3Mp5an0UeSm2sTb4XWE3r6J

        2.将配置模版拷贝到执行目录

            cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

            cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

        3.配置vi /etc/openldap/slapd.conf

            #

            # See slapd.conf(5) for details on configuration options.

            # This file should NOT be world readable.

            #

            

            include  /etc/openldap/schema/corba.schema

            include  /etc/openldap/schema/core.schema

            include  /etc/openldap/schema/cosine.schema

            include  /etc/openldap/schema/duaconf.schema

            include  /etc/openldap/schema/dyngroup.schema

            include  /etc/openldap/schema/inetorgperson.schema

            include  /etc/openldap/schema/java.schema

            include  /etc/openldap/schema/misc.schema

            include  /etc/openldap/schema/nis.schema

            include  /etc/openldap/schema/openldap.schema

            include  /etc/openldap/schema/ppolicy.schema

            include  /etc/openldap/schema/collective.schema

            

            # Allow LDAPv2 client connections.  This is NOT the default.

            allow bind_v2

            

            # Do not enable referrals until AFTER you have a working directory

            # service AND an understanding of referrals.

            #referral ldap://root.openldap.org

            

            pidfile  /var/run/openldap/slapd.pid

            argsfile /var/run/openldap/slapd.args

            

            # Load dynamic backend modules

            # - modulepath is architecture dependent value (32/64-bit system)

            # - back_sql.la overlay requires openldap-server-sql package

            # - dyngroup.la and dynlist.la cannot be used at the same time

            

            # modulepath /usr/lib/openldap

            # modulepath /usr/lib64/openldap

            

            modulepath /usr/lib64/openldap

            moduleload back_sql

            

            # moduleload accesslog.la

            # moduleload auditlog.la

            # moduleload back_sql.la

            # moduleload chain.la

            # moduleload collect.la

            # moduleload constraint.la

            # moduleload dds.la

            # moduleload deref.la

            # moduleload dyngroup.la

            # moduleload dynlist.la

            # moduleload memberof.la

            # moduleload pbind.la

            # moduleload pcache.la

            # moduleload ppolicy.la

            # moduleload refint.la

            # moduleload retcode.la

            # moduleload rwm.la

            # moduleload seqmod.la

            # moduleload smbk5pwd.la

            # moduleload sssvlv.la

            # moduleload syncprov.la

            # moduleload translucent.la

            # moduleload unique.la

            # moduleload valsort.la

            

            # The next three lines allow use of TLS for encrypting connections using a

            # dummy test certificate which you can generate by running

            # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk

            # at self-signed certificates, however.

            TLSCACertificatePath /etc/openldap/certs

            TLSCertificateFile ""OpenLDAP Server""

            TLSCertificateKeyFile /etc/openldap/certs/password

            

            # Sample security restrictions

            # Require integrity protection (prevent hijacking)

            # Require 112-bit (3DES or better) encryption for updates

            # Require 63-bit encryption for simple bind

            # security ssf=1 update_ssf=112 simple_bind=64

            

            # Sample access control policy:

            # Root DSE: allow anyone to read it

            # Subschema (sub)entry DSE: allow anyone to read it

            # Other DSEs:

            #  Allow self write access

            #  Allow authenticated users read access

            #  Allow anonymous users to authenticate

            # Directives needed to implement policy:

            # access to dn.base="" by * read

            # access to dn.base="cn=Subschema" by * read

            # access to *

            # by self write

            # by users read

            # by anonymous auth

            #

            # if no access controls are present, the default policy

            # allows anyone and everyone to read anything but restricts

            # updates to rootdn.  (e.g., "access to * by * read")

            #

            # rootdn can always read and write EVERYTHING!

            

            # enable on-the-fly configuration (cn=config)

            database config

            access to *

             by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage

             by * none

            

            # enable server status monitoring (cn=monitor)

            database monitor

            access to *

             by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read

                    by dn.exact="cn=Directory Manager,o=h3gat" write

                    by * none

            

            #######################################################################

            # database definitions

            #######################################################################

            

            database sql

            suffix  "o=h3gat"

            rootdn  "cn=Directory Manager,o=h3gat"

            rootpw  {SSHA}rJ3sVQ8nJ3Mp5an0UeSm2sTb4XWE3r6J

            dbname          ldap

            dbuser          linying

            dbpasswd        123456

            subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"

            insentry_stmt   "INSERT INTO ldap_entries(dn, oc_map_id, parent, keyval) VALUES(?, ?, ?, ?)"

            has_ldapinfo_dn_ru no

            

            

            # The database directory MUST exist prior to running slapd AND 

            # should only be accessible by the slapd and slap tools.

            # Mode 700 recommended.

            #directory /var/lib/ldap

            

            # Indices to maintain for this database

            #index objectClass                       eq,pres

            #index ou,cn,mail,surname,givenname      eq,pres,sub

            #index uidNumber,gidNumber,loginShell    eq,pres

            #index uid,memberUid                     eq,pres,sub

            #index nisMapName,nisMapEntry            eq,pres,sub

            

            # Replicas of this database

            #replogfile /var/lib/ldap/openldap-master-replog

            #replica host=ldap-1.example.com:389 starttls=critical

            #     bindmethod=sasl saslmech=GSSAPI

            #     authcId=host/ldap-master.example.com@EXAMPLE.COM

        4. 删除默认配置文件,赋权,重新生成新配置文件       

            rm -rf /etc/openldap/slapd.d/*

            chown -R ldap:ldap /var/lib/ldap/

            chown -R ldap:ldap /etc/openldap/

            slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

        5. 赋权,启动openldap

            chown -R ldap.ldap /etc/openldap/slapd.d/*

            service slapd start

            

        6. 停止openldap,查看mysql连接

            service slapd stop

            slapd -d 1

            

    注:安装中请注意版本,尽量与我版本一致,rpm包在文件栏中。

  • 相关阅读:
    BlockingQueue 原理 分析
    java引用 强引用,软引用,弱引用
    actomic cas无锁操作。
    MongoDB库设计原则及实践
    spring事物传播机制 事物隔离级别
    Hive UDAF介绍与开发
    [技术学习]js接口继承
    [技术学习]js继承
    [技术学习]正则表达式分析
    [技术学习]js正则表达式汇总
  • 原文地址:https://www.cnblogs.com/linying/p/7308051.html
Copyright © 2020-2023  润新知