OpenBSD上安装配置OpenLDAP

在配置了$PKG_PATH变量的情况下：
#pkg_add -v openldap-server

否则：
#pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/openldap-server-2.3.43.tgz

安装完成后，按照下面的提示配置rc.conf.local和rc.local:

========================================================================
— openldap-server-2.3.43 ——————-
To start slapd, configure it in /etc/openldap/slapd.conf then add
the following line to /etc/rc.conf.local:

slapd_flags=”-u _openldap”

and to /etc/rc.local (be sure to start it _before_ any daemon that may
need it):

if [ “$slapd_flags” != “NO” -a -x /usr/local/libexec/slapd ]; then
install -d -o _openldap /var/run/openldap
/usr/local/libexec/slapd $slapd_flags
echo -n ‘ slapd’
fi
========================================================================

接下来，安装phpldapadmin,OpenLDAP的web管理界面：

# pkg_add -v phpldapadmin

如果PHP5-core以前没装过会出现下面的提示：

=========================================================================
— php5-core-5.2.10 ——————-
To enable the php5 module please create a symbolic
link from /var/www/conf/modules.sample/php5.conf
to /var/www/conf/modules/php5.conf.

ln -s /var/www/conf/modules.sample/php5.conf
/var/www/conf/modules

The recommended php configuration has been installed
to /var/www/conf/php.ini.

Don’t forget that the default OpenBSD httpd is chrooted
into /var/www by default, so you may need to create support
directories such as /var/www/tmp for PHP to work correctly.
— php5-ldap-5.2.10 ——————-
You can enable this module by creating a symbolic
link from /var/www/conf/php5.sample/ldap.ini to
/var/www/conf/php5/ldap.ini.

ln -fs /var/www/conf/php5.sample/ldap.ini
/var/www/conf/php5/ldap.ini

— phpldapadmin-1.1.0.7 ——————-
phpLDAPAdmin has been installed into /var/www/phpldapadmin-1.1.0.7

Edit /var/www/phpldapadmin-1.1.0.7/config/config.php to configure phpLDAPAdmin

You should point this to the DocumentRoot of your web-server:
# cd /var/www/htdocs
# ln -s ../phpldapadmin-1.1.0.7 /var/www/htdocs/phpldapadmin
(make sure you use a relative symlink since Apache is chrooted)

For jpeg photos to work properly, you must do this:
# mkdir /var/www/tmp
# chown www:daemon /var/www/tmp
# chmod 1755 /var/www/tmp
Where tmp is the $jpeg_temp_dir configured in config.php

You can ensure you have a working install by accessing:
http:///phpldapadmin/index.php
==========================================================================

想要使用phpldapadmin,编辑其下面的config/config.php:

其中我使用的域名为kdump.cn,LDAP管理员DN为cn=admin,dc=kdump,dc=cn(默认为manager,根据slapd.conf中的定义进行更改）：

SetValue($i,’server’,’name’,’kdump.cn LDAP Server’);
$ldapservers->SetValue($i,’server’,’host’,’127.0.0.1′);
$ldapservers->SetValue($i,’server’,’port’,389);
$ldapservers->SetValue($i,’server’,’base’,array(‘dc=kdump,dc=cn’));
$ldapservers->SetValue($i,’server’,’auth_type’,’cookie’);
$ldapservers->SetValue($i,’login’,’dn’,’cn=admin,dc=kdump,dc=cn’);

$q=0;
$queries = array();
$queries[$q][‘name’] = ‘User List’;
$queries[$q][‘base’] = ‘dc=kdump,dc=cn’;
$queries[$q][‘scope’] = ‘sub’;

$queries[$q][‘filter’] = ‘(&(objectClass=posixAccount)(uid=*))’;
$queries[$q][‘attributes’] = ‘cn, uid, homeDirectory, telephonenumber, jpegphoto’;
$q++;
$queries[$q][‘name’] = ‘Samba Users’;
$queries[$q][‘base’] = ‘dc=kdump,dc=cn’;
$queries[$q][‘scope’] = ‘sub’;
$queries[$q][‘filter’] = ‘(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccou
nt)(!(uid=*$)))’;
$queries[$q][‘attributes’] = ‘uid, smbHome, uidNumber’;
$q++;
$queries[$q][‘name’] = ‘Samba Computers’;
$queries[$q][‘base’] = ‘dc=kdump,dc=cn’;
$queries[$q][‘scope’] = ‘sub’;
$queries[$q][‘filter’] = ‘(&(objectClass=sambaAccount)(uid=*$))’;
$queries[$q][‘attributes’] = ‘uid, homeDirectory’;
?>

这里我不再赘述apache/php相关的配置，直接转入OpenLDAP本身：

配置/etc/openldap/slapd.conf

[root@henan /etc/openldap]# grep -v ^# slapd.conf | grep -v ^$

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/cosin.schema
include /etc/openldap/schema/interorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database ldbm
suffix “dc=kdump,dc=cn”
rootdn “cn=admin,dc=kdump,dc=cn”
rootpw {SSHA}bYrEcnhoZxO4MZP8F/X71PRAWcahwFgf
directory /var/openldap-data
index objectClass eq

其中的rootpw可以用“slappasswd”命令来生成后复制至slapd.conf中。

在启动openldap启动之前，先生成base DN。

创建一个以下内容的“base.ldif”文件：
dn: dc=kdump,dc=cn
dc: kdump
objectClass: top
objectClass: domain

导入此文件：
#slapadd -v -l base.ldif

然后重启系统以启动openldap (如果rc.local已经配置好)，或者使用以下命令：

/usr/local/libexec/slapd -u _openldap

现在openldap服务器应该可以运行了。

接下来的事情就是添加账户，配置客户机使用LDAP来验证，以及备用OpenLDAP服务器。