- 论坛徽章:
- 0
|
刚刚接触LDAP。用的是SUSE10.1自带的LDAP。
源文件:
- #
- # See slapd.conf(5) for details on configuration options.
- # This file should NOT be world readable.
- #
- include /etc/openldap/schema/core.schema
- include /etc/openldap/schema/cosine.schema
- include /etc/openldap/schema/inetorgperson.schema
- include /etc/openldap/schema/rfc2307bis.schema
- include /etc/openldap/schema/yast.schema
- # Define global ACLs to disable default read access.
- # Do not enable referrals until AFTER you have a working directory
- # service AND an understanding of referrals.
- #referral ldap://root.openldap.org
- pidfile /var/run/slapd/slapd.pid
- argsfile /var/run/slapd/slapd.args
- # Load dynamic backend modules:
- modulepath /usr/lib/openldap/modules
- # moduleload back_ldap.la
- # moduleload back_meta.la
- # moduleload back_monitor.la
- # moduleload back_perl.la
- # Sample security restrictions
- # Require integrity protection (prevent hijacking)
- # Require 112-bit (3DES or better) encryption for updates
- # Require 63-bit encryption for simple bind
- # security ssf=1 update_ssf=112 simple_bind=64
- # Sample access control policy:
- # Root DSE: allow anyone to read it
- # Subschema (sub)entry DSE: allow anyone to read it
- # Other DSEs:
- # Allow self write access to user password
- # Allow anonymous users to authenticate
- # Allow read access to everything else
- # Directives needed to implement policy:
- access to dn.base=""
- by * read
- access to dn.base="cn=Subschema"
- by * read
- access to attrs=userPassword,userPKCS12
- by self write
- by * auth
- access to attrs=shadowLastChange
- by self write
- by * read
- access to *
- by * read
- # if no access controls are present, the default policy
- # allows anyone and everyone to read anything but restricts
- # updates to rootdn. (e.g., "access to * by * read")
- #
- # rootdn can always read and write EVERYTHING!
- #######################################################################
- # BDB database definitions
- #######################################################################
- loglevel 0
- TLSCertificateFile /etc/ssl/servercerts/servercert.pem
- TLSCACertificatePath /etc/ssl/certs/
- TLSCertificateKeyFile /etc/ssl/servercerts/serverkey.pem
- database bdb
- suffix "dc=site"
- rootdn "cn=Administrator,dc=site"
- rootpw "{ssha}QCFxfa8jl/QsGh7WBZd0CFP5kGxRS1JKRg=="
- directory /var/lib/ldap
- checkpoint 1024 5
- cachesize 10000
- index objectClass,uidNumber,gidNumber eq
- index member,mail eq,pres
- index cn,displayname,uid,sn,givenname sub,eq,pres
复制代码
liceven-desktop:/etc/openldap # ldapsearch -x -D "cn=Administrator,dc=site" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
可是我想自己按照http://bbs.chinaunix.net/thread-924763-1-1.html配置这个文件:
把:
- database bdb
- suffix "dc=site"
- rootdn "cn=Administrator,dc=site"
复制代码
改成:
- suffix “o=Acme,c=UK”
- rootdn “cn=admin,o=Acme,c=UK”
复制代码
然后想自己添加:
- dn: o=Acme,c=UK
- o: Acme
- objectClass: top
- objectClass: organization
- dn: ou=Sales,o=Acme,c=UK
- ou: Sales
- objectClass: top
- objectClass: organizationalUnit
复制代码
可是这样作好像不行。运行:ldapsearch -x -D “cn=admin,o=Acme,c=UK” -W
就出错了:ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
帮忙,这是怎么回事阿?我该怎么修改阿?
谢谢! |
|