Misc Notes

在mac上使用openldap

几个目录:

1
2
/etc/openldap
var/db/openldap/openldap-data

修改/etc/openldap/ldap.conf

1
2
BASE dc=yangxc,dc=com
URI ldap://127.0.0.1:389

生成密码:

1
2
slappasswd -s 123456
{SSHA}rpF1AqHFkpP9KdDjclUmFhsy951st6kb

修改/etc/openldap/sldap.conf

1
2
3
4
5
6
7
8
9
10
11
12
include         /private/etc/openldap/schema/core.schema
include         /private/etc/openldap/schema/cosine.schema
include         /private/etc/openldap/schema/nis.schema
include         /private/etc/openldap/schema/inetorgperson.schema

modulepath /usr/libexec/openldap
moduleload back_bdb.la


suffix          "dc=yangxc,dc=com"
rootdn          "cn=admin,dc=yangxc,dc=com"
rootpw          {SSHA}rpF1AqHFkpP9KdDjclUmFhsy951st6kb

启动:

1
sudo /usr/libexec/slapd -d3

新建第一个ou,domain.ldif:

1
2
3
4
dn: dc=yangxc,dc=com
objectClass: top
objectClass: domain
dc: yangxc

执行ldapadd添加:

1
ldapadd -D "cn=admin,dc=yangxc,dc=com" -W -x -f domain.ldif

再建些个子ou,unit.ldif:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
dn: ou=Manage,dc=yangxc,dc=com
objectClass: organizationalUnit
ou: Manage

dn: ou=Dev,dc=yangxc,dc=com
objectClass: organizationalUnit
ou: Dev

dn: ou=Tech,dc=yangxc,dc=com
objectClass: organizationalUnit
ou: Tech

dn: ou=General,dc=yangxc,dc=com
objectClass: organizationalUnit
ou: General

执行ldapadd添加:

1
ldapadd -D "cn=admin,dc=yangxc,dc=com" -W -x -f unit.ldif

下面添加用户,user.ldif:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
dn: uid=test1,ou=Dev,dc=yangxc,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
homeDirectory: /home/test1
userPassword: 123456
loginShell: /bin/bash
cn: test1
uidNumber: 1001
gidNumber: 1010
sn: Test1
mail: @yangxc.com
postalAddress: beijing
mobile: 13888888888

dn: uid=test2,ou=Manage,dc=yangxc,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
homeDirectory: /home/test2
userPassword: 123456
loginShell: /bin/bash
cn: test2
uidNumber: 1002
gidNumber: 1011
sn: Test2
mail: @yangxc.com
postalAddress: beijing
mobile: 13999999999

执行ldapadd添加:

1
ldapadd -D "cn=admin,dc=yangxc,dc=com" -W -x -f user.ldif

几个命令:

1
2
3
4
5
ldapsearch -x -LLL
ldapsearch -x -b "ou=Manage,dc=yangxc,dc=com"
ldapadd -D "cn=admin,dc=yangxc,dc=com" -W -x -f something.ldif
ldapmodify -D "cn=admin,dc=yangxc,dc=com" -W -x -f modify.ldif
ldapdelete -D "cn=admin,dc=yangxc,dc=com" -W -x "ou=General,dc=yangxc,dc=com"