Solaris10安装配置LDAP(iPlanet Directory Server )

Solaris10安装光盘自带了iPlanet Directory Server安装包，系统管理员可以利用iPlanet Directory Server在Solaris系统创建一个LDAP Server。

LDAP Server : 10.0.22.20

LDAP Client : 10.0.22.30

1. 安装配置LDAP Server

1.1 在LDAP服务器上设置缺省域名

设置缺省域名：
root@ladpsrv # domainname local.com
root@ladpsrv # domainname > /etc/defaultdomain
root@ladpsrv # more /etc/defaultdomain
local.com
 
将域名信息加入/etc/hosts文件
root@ladpsrv # more /etc/hosts
#
# Internet host table
#
::1     localhost
127.0.0.1       localhost
10.0.22.20      ldapsrv ldapsrv.local.com       loghost

1.2 安装iPlanet Directory Server软件包

root@ladpsrv # cd /cdrom/sol_10_811_x86/Solaris_10/Product/
 
root@ladpsrv # pkgadd -d . IPLTnspr
root@ladpsrv # pkgadd -d . IPLTnss
root@ladpsrv # pkgadd -d . IPLTjss
root@ladpsrv # pkgadd -d . IPLTnls
root@ladpsrv # pkgadd -d . IPLTpldap
root@ladpsrv # pkgadd -d . IPLTdsu
root@ladpsrv # pkgadd -d . IPLTdsr

1.3 配置LDAP Server

root@ladpsrv # directoryserver setup
/usr/iplanet/ds5/setup/setup -S
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
Welcome to the iPlanet Server Products configuration program
This program will configure iPlanet Server Products and the
iPlanet Console on your computer.
 
You must have "root" privilege to configure the
software.
 
Tips for using the configuration program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" to go back to the previous screen
  - Type "Control-C" to cancel the configuration program
  - You can enter multiple items using commas to separate them.
    For example: 1, 2, 3
 
Would you like to continue with configuration? [Yes]: <回车>
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
Select the items you would like to configure:
 
   1. iPlanet Servers
       Configures iPlanet Servers with the integrated iPlanet Console
       onto your computer.
 
   2. iPlanet Console
       Configures iPlanet Console
       as a stand-alone Java application on your computer.
 
To accept the default shown in brackets, press the Enter key.
 
Select the component you want to configure [1]: <回车>
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
Choose a configuration type:
 
   1. Express Configuration
       Allows you to quickly configure the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.
 
   2. Typical Configuration
       Allows you to specify common defaults and options.
 
   3. Custom Configuration
       Allows you to specify more advanced options. This is
       recommended for experienced server administrators only.
 
To accept the default shown in brackets, press the Enter key.
 
Choose a configuration type [2]: <回车>
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
iPlanet Server Products components:
 
Components with a number in () contain additional subcomponents
which you can select using subsequent screens.
 
    1. iPlanet Directory Suite (2)
 
Specify the components you wish to configure [All]: <回车>
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
iPlanet Directory Suite components:
 
Components with a number in () contain additional subcomponents
which you can select using subsequent screens.
 
    1. iPlanet Directory Server
    2. iPlanet Directory Server Console
 
Specify the components you wish to configure [1, 2]: <回车>
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
Enter the fully qualified domain name of the computer
on which you're configuring server software. Using the form
<hostname>.<domainname>
Example: eros.airius.com.
 
To accept the default shown in brackets, press the Enter key.
 
Computer name [ladpsrv.local.com]: <回车>
 
                             Sun-Netscape Alliance
                     iPlanet Server Products Configuration
--------------------------------------------------------------------------------
 
Choose a Unix user and group to represent the iPlanet server
in the user directory.  The iPlanet server will run as this user.
It is recommended that this user should have no privileges
in the computer network system.  The Administration Server
will give this group some permissions in the server root
to perform server-specific operations.
 
If you have not yet created a user and group for the iPlanet
server,create this user and group using your native UNIX
system utilities.
 
To accept the default shown in brackets, press the Return key.
 
System User [nobody]: <回车>
 
System Group [nobody]: <回车>
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
iPlanet server information is stored in the iPlanet configuration
directory server, which you may have already set up.  If so, you
should configure this server to be managed by the configuration
server.  To do so, the following information about the configuration
server is required: the fully qualified host name of the form
<hostname>.<domainname>(e.g. hostname.domain.com), the port number,
the suffix, and the DN and password of a user having permission to
write the configuration information, usually the iPlanet
configuration directory administrator.
 
If you want to install this software as a standalone server, or if you
want this instance to serve as your iPlanet configuration directory
server, press Enter.
 
Do you want to register this software with an existing
iPlanet configuration directory server? [No]: <回车>
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
If you already have a directory server you want to use to store your
data, such as user and group information, answer Yes to the following
question.  You will be prompted for the host, port, suffix, and bind
DN to use for that directory server.
 
If you want this directory server to store your data, answer No.
 
Do you want to use another directory to store your data? [No]: <回车>
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
The standard directory server network port number is 389.  However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use, and that you run the admin
server as the superuser.
 
Directory server network port [389]: <回车>
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
Each instance of a directory server requires a unique identifier.
Press Enter to accept the default, or type in another name and press
Enter.
 
Directory server identifier [ladpsrv]: <回车>
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
Please enter the administrator ID for the iPlanet configuration
directory server.  This is the ID typically used to log in to the
console.  You will also be prompted for the password.
 
iPlanet configuration directory server
administrator ID [admin]: <回车>
 
Password:  password (密码)
Password (again):  password (密码)
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
The suffix is the root of your directory tree.  You may have more than
one suffix.
 
Suffix [dc=local, dc=com]: <回车>
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.  Press Enter to
accept the default value, or enter another DN.  In either case, you
will be prompted for the password for this user.  The password must
be at least 8 characters long.
 
Directory Manager DN [cn=Directory Manager]: <回车>
 
Password: password (密码)
Password (again): password (密码)
 
                             Sun-Netscape Alliance
                            Directory Configuration
--------------------------------------------------------------------------------
 
The Administration Domain is a part of the configuration directory
server used to store information about iPlanet software.  If you are
managing multiple software releases at the same time, or managing
information about multiple domains, you may use the Administration
Domain to keep them separate.
 
If you are not using administrative domains, press Enter to select the
default.  Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization responsible
for managing the domain.
 
Administration Domain [local.com]: <回车>
 
[slapd-ldapsrv]: starting up server ...
[slapd-ldapsrv]: [29/Nov/2013:15:31:28 +0800] - iPlanet-Directory/5.1 B2002.283.1739 starting up
[slapd-ldapsrv]: [29/Nov/2013:15:31:28 +0800] - slapd started.  Listening on all interfaces port 389 for LDAP requests
Your new directory server has been started.
Created new Directory Server
Start Slapd  Starting Slapd server configuration.
Success Slapd Added Directory Server information to Configuration Server.
 
Press Return to continue...
 
root@ldapsrv #

1.4 配置LDAP Server支持Solaris 9 OE clients

运行idsconfig脚本。

root@ldapsrv # cd /usr/lib/ldap
root@ldapsrv # ./idsconfig
It is strongly recommended that you BACKUP the directory server
before running idsconfig.
 
Hit Ctrl-C at any time before the final confirmation to exit.
 
Do you wish to continue with server setup (y/n/h)? [n] y
Enter the Directory Server's hostname to setup: ldapsrv
Enter the port number for DSEE (h=help): [389] <回车>
Enter the directory manager DN: [cn=Directory Manager] <回车>
Enter passwd for cn=Directory Manager : password
Enter the domainname to be served (h=help): [local.com] <回车>
Enter LDAP Base DN (h=help): [dc=local,dc=com] <回车>
  Checking LDAP Base DN ...
  Validating LDAP Base DN and Suffix ...
  sasl/GSSAPI is not supported by this LDAP server
Enter the profile name (h=help): [default] <回车>
Default server list (h=help): [10.0.22.20] <回车>
Preferred server list (h=help): <回车>
Choose desired search scope (one, sub, h=help):  [one] <回车>
The following are the supported credential levels:
  1  anonymous
  2  proxy
  3  proxy anonymous
  4  self
  5  self proxy
  6  self proxy anonymous
Choose Credential level [h=help]: [1] 2
The following are the supported Authentication Methods:
  1  none
  2  simple
  3  sasl/DIGEST-MD5
  4  tls:simple
  5  tls:sasl/DIGEST-MD5
  6  sasl/GSSAPI
Choose Authentication Method (h=help): [1] 2
 
Current authenticationMethod: simple
 
Do you want to add another Authentication Method? n
Do you want the clients to follow referrals (y/n/h)? [n] <回车>
Do you want to modify the server timelimit value (y/n/h)? [n] <回车>
Do you want to modify the server sizelimit value (y/n/h)? [n] <回车>
Do you want to store passwords in "crypt" format (y/n/h)? [n] y
Do you want to setup a Service Authentication Methods (y/n/h)? [n] <回车>
Client search time limit in seconds (h=help): [30] <回车>
Profile Time To Live in seconds (h=help): [43200] <回车>
Bind time limit in seconds (h=help): [10] <回车>
Do you want to enable shadow update (y/n/h)? [n] <回车>
Do you wish to setup Service Search Descriptors (y/n/h)? [n] <回车> 
 
              Summary of Configuration
 
  1  Domain to serve               : local.com
  2  Base DN to setup              : dc=local,dc=com
  3  Profile name to create        : default
  4  Default Server List           : 10.0.22.20
  5  Preferred Server List         :
  6  Default Search Scope          : one
  7  Credential Level              : proxy
  8  Authentication Method         : simple
  9  Enable Follow Referrals       : FALSE
 10  DSEE Time Limit               :
 11  DSEE Size Limit               :
 12  Enable crypt password storage : TRUE
 13  Service Auth Method pam_ldap  :
 14  Service Auth Method keyserv   :
 15  Service Auth Method passwd-cmd:
 16  Search Time Limit             : 30
 17  Profile Time to Live          : 43200
 18  Bind Limit                    : 10
 19  Enable shadow update          : FALSE
 20  Service Search Descriptors Menu
 
Enter config value to change: (1-20 0=commit changes) [0] <回车>
Enter DN for proxy agent: [cn=proxyagent,ou=profile,dc=local,dc=com] <回车>
Enter passwd for proxyagent: password
Re-enter passwd: password
 
WARNING: About to start committing changes. (y=continue, n=EXIT) y
  1. Changed passwordstoragescheme to "crypt" in cn=config.
  2. Schema attributes have been updated.
  3. Schema objectclass definitions have been added.
  4. NisDomainObject added to dc=local,dc=com.
  5. Top level "ou" containers complete.
  6. automount maps: auto_home auto_direct auto_master auto_shared processed.
  7. ACI for dc=local,dc=com modified to disable self modify.
  8. Add of VLV Access Control Information (ACI).
  9. Proxy Agent cn=proxyagent,ou=profile,dc=local,dc=com added.
  10. Give cn=proxyagent,ou=profile,dc=local,dc=com read permission for password.
  11. Generated client profile and loaded on server.
  12. Processing eq,pres indexes:
      uidNumber (eq,pres)   Finished indexing.
      ipNetworkNumber (eq,pres)   Finished indexing.
      gidnumber (eq,pres)   Finished indexing.
      oncrpcnumber (eq,pres)   Finished indexing.
      automountKey (eq,pres)   Finished indexing.
  13. Processing eq,pres,sub indexes:
      ipHostNumber (eq,pres,sub)   Finished indexing.
      membernisnetgroup (eq,pres,sub)   Finished indexing.
      nisnetgrouptriple (eq,pres,sub)   Finished indexing.
  14. Processing VLV indexes:
      local.com.getgrent vlv_index   Entry created
      local.com.gethostent vlv_index   Entry created
      local.com.getnetent vlv_index   Entry created
      local.com.getpwent vlv_index   Entry created
      local.com.getrpcent vlv_index   Entry created
      local.com.getspent vlv_index   Entry created
      local.com.getauhoent vlv_index   Entry created
      local.com.getsoluent vlv_index   Entry created
      local.com.getauduent vlv_index   Entry created
      local.com.getauthent vlv_index   Entry created
      local.com.getexecent vlv_index   Entry created
      local.com.getprofent vlv_index   Entry created
      local.com.getmailent vlv_index   Entry created
      local.com.getbootent vlv_index   Entry created
      local.com.getethent vlv_index   Entry created
      local.com.getngrpent vlv_index   Entry created
      local.com.getipnent vlv_index   Entry created
      local.com.getmaskent vlv_index   Entry created
      local.com.getprent vlv_index   Entry created
      local.com.getip4ent vlv_index   Entry created
      local.com.getip6ent vlv_index   Entry created
 
idsconfig: Setup of DSEE server ldapsrv is complete.
 
Note: idsconfig has created entries for VLV indexes.
 
      For DS5.x, use the directoryserver(1m) script on ldapsrv
      to stop the server.  Then, using directoryserver, follow the
      directoryserver examples below to create the actual VLV indexes.
 
      For DSEE6.x or later, use dsadm command delivered with DS on ldapsrv
      to stop the server.  Then, using dsadm, follow the
      dsadm examples below to create the actual VLV indexes.
 
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getgrent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.gethostent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getnetent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getpwent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getrpcent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getspent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getauhoent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getsoluent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getauduent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getauthent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getexecent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getprofent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getmailent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getbootent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getethent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getngrpent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getipnent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getmaskent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getprent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getip4ent
  directoryserver -s ldapsrv vlvindex -n userRoot -T local.com.getip6ent
 
  <install-path>/bin/dsadm reindex -l -t local.com.getgrent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.gethostent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getnetent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getpwent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getrpcent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getspent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getauhoent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getsoluent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getauduent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getauthent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getexecent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getprofent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getmailent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getbootent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getethent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getngrpent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getipnent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getmaskent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getprent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getip4ent <directory-instance-path> dc=local,dc=com
  <install-path>/bin/dsadm reindex -l -t local.com.getip6ent <directory-instance-path> dc=local,dc=com
root@ldapsrv #

2. 配置LDAP Client

2.1 在LDAP服务器上创建Client System Description文件

root@ldapsrv # more /tmp/ldapclt.ldif
dn: cn=ldapclt,ou=hosts,dc=local,dc=com
changetype: add
cn: ldapclt
iphostnumber: 10.0.22.30
objectclass: top
objectclass: device
objectclass: ipHost

2.2 将Client entry加入LDAP Server

root@ldapsrv # ldapmodify -c -D "cn=directory manager" -w password -f /tmp/ldapclt.ldif
adding new entry cn=ldapclt,ou=hosts,dc=local,dc=com

2.3 设置Client缺省域名，并将LDAP Server IP加入/etc/hosts

root@ldapclt # domainname local.com
root@ldapclt # domainname > /etc/defaultdomain
root@ldapclt # more /etc/defaultdomain
local.com
 
root@ldapclt # more /etc/hosts
#
# Internet host table
#
::1     localhost
127.0.0.1       localhost
10.0.22.30      ldapclt ldapclt.local.com       loghost

2.4 配置LDAP Client

root@ldapclt # ldapclient -v init -a proxypassword=password -a proxydn=cn=proxyagent,ou=profile,dc=local,dc=com -a domainname=local.com 10.0.22.20
Parsing proxypassword=password
Parsing proxydn=cn=proxyagent,ou=profile,dc=local,dc=com
Parsing domainname=local.com
Arguments parsed:
        domainName: local.com
        proxyDN: cn=proxyagent,ou=profile,dc=local,dc=com
        proxyPassword: password
        defaultServerList: 10.0.22.20
Handling init option
About to configure machine by downloading a profile
No profile specified. Using "default"
Proxy DN: cn=proxyagent,ou=profile,dc=local,dc=com
Proxy password: {NS1}ecfa88f3a945c411
Credential level: 1
Authentication method: 1
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "local.com"
file_backup: stat(/var/yp/binding/local.com)=-1
file_backup: No /var/yp/binding/local.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname local.com... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured

2.5 向LDAP Server导入相关信息

导入hosts信息：
root@ldapclt # ldapaddent -D "cn=directory manager" -w password -a simple -f /etc/hosts hosts
3 entries added
导入passwd信息：
root@ldapclt # ldapaddent -D "cn=directory manager" -w password -a simple -f /etc/passwd passwd
17 entries added
导入shadow信息：
root@ldapclt # ldapaddent -D "cn=directory manager" -w password -a simple -f /etc/shadow shadow
17 entries added

2.6 检查导入的LDAP Client信息

hosts信息：
root@ldapclt # ldaplist hosts
dn: cn=ldapclt,ou=hosts,dc=local,dc=com
 
dn: cn=ldapclt+ipHostNumber=10.0.22.30,ou=Hosts,dc=local,dc=com
 
dn: cn=localhost+ipHostNumber=::1,ou=Hosts,dc=local,dc=com
 
dn: cn=localhost+ipHostNumber=127.0.0.1,ou=Hosts,dc=local,dc=com
 
passwd信息：
root@ldapclt # ldaplist passwd
dn: uid=adm,ou=people,dc=local,dc=com
 
dn: uid=bin,ou=people,dc=local,dc=com
 
dn: uid=daemon,ou=people,dc=local,dc=com
 
dn: uid=gdm,ou=people,dc=local,dc=com
 
dn: uid=listen,ou=people,dc=local,dc=com
 
dn: uid=lp,ou=people,dc=local,dc=com
 
dn: uid=noaccess,ou=people,dc=local,dc=com
 
dn: uid=nobody,ou=people,dc=local,dc=com
 
dn: uid=nobody4,ou=people,dc=local,dc=com
 
dn: uid=nuucp,ou=people,dc=local,dc=com
 
dn: uid=postgres,ou=people,dc=local,dc=com
 
dn: uid=root,ou=people,dc=local,dc=com
 
dn: uid=smmsp,ou=people,dc=local,dc=com
 
dn: uid=svctag,ou=people,dc=local,dc=com
 
dn: uid=sys,ou=people,dc=local,dc=com
 
dn: uid=uucp,ou=people,dc=local,dc=com
 
dn: uid=webservd,ou=people,dc=local,dc=com

3. LDAP测试

在LDAP Server上新增加一个用户，测试新加用户能否登录LDAP Client。

3.1 LDAP Server上增加一个用户

创建LDIF文件：
root@ldapsrv # more /tmp/adduser.ldif
dn: uid=jyu,ou=people,dc=local,dc=com
changetype: add
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: top
uid: jyu
cn: jyu
uidNumber: 1004
gidNumber: 10
homeDirectory: /home/jyu
userpassword: jyu
 
将用户信息加入LDAP：
root@ldapsrv # ldapmodify -D "cn=directory manager" -w password -f /tmp/adduser.ldif
adding new entry uid=jyu,ou=people,dc=local,dc=com

3.2 用新建用户在LDAP Client上登录

以jyu/jyu在ldap client上进行登录测试，并更改用户密码。

Solaris10安装配置LDAP(iPlanet Directory Server )的更多相关文章

CentOS 6.4安装配置ldap
CentOS 6.5安装配置ldap 时间:2015-07-14 00:54来源:blog.51cto.com 作者:"ly36843运维" 博客举报点击:274次一.安装l ...
centos6.5安装配置LDAP服务[转]
安装之前查一下 1 find / -name openldap* centos6.4默认安装了LDAP,但没有装ldap-server和ldap-client 于是yum安装 1 su root 2 ...
安装配置LDAP遇到的问题
问题1:安装完启动ldap服务报错: ldap: unrecognized service? 原因在于新版的openldap将服务名改为了slapd,使用service slapd start即可启动 ...
gitlab docker安装配置ldap
镜像下载直接从dockerhub 下载官方镜像即可 docker pull gitlab/gitlab-ce 首次运行在某个位置创建一个文件夹并运行如下命令: docker run --hostn ...
2.Bacula Server端安装配置
1. Bacula Server端安装配置 1.1. Bacula Server端安装 1.1.1. 安装bacula依赖包 For Centos6: yum install -y mysql ...
Azkaban2.5安装部署（系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装）（博主推荐）（五）
Azkaban是什么?(一) Azkaban的功能特点(二) Azkaban的架构(三) Hadoop工作流引擎之Azkaban与Oozie对比(四) 不多说,直接上干货! http://www.cn ...
centos directory server
http://www.aliyun.com/zixun/content/3_12_517262.html CentOS系统安装Directory Server 8.1操作方法发布时间:2014-12 ...
RHEL7-openldap安装配置一（服务器端安装配置）
LDAP的术语:entry:一个单独的单元,使用DN(distinguish name)区别attribute:entry的属性,比如,如果entry是组织机构的话,那么它的属性包括地址,电话,传真号 ...
nfs原理及安装配置
一.简介二.工作原理三.安装配置一.简介 NFS(Network File System)即网络文件系统,它允许网络中的计算机之间通过网络共享资源.将NFS主机分享的目录,挂载到本地客户端当中, ...

随机推荐

HDFS存档
Hadoop存档每个文件均按块方式存储,每个块的元数据存储在namenode的内存中,因此Hadoop存储小文件会非常低效.因为大量的小文件会耗尽namenode中的大部分内存.存储小文件所需的磁盘 ...
ViewPagerAdapter 示例
package com.ali.fridge.supermarket.module; /** * Created by xiaomin.wxm on 2016/3/7. */ import and ...
BZOJ3242/UOJ126 [Noi2013]快餐店
本文版权归ljh2000和博客园共有,欢迎转载,但须保留此声明,并给出原文链接,谢谢合作. 本文作者:ljh2000 作者博客:http://www.cnblogs.com/ljh2000-jump/ ...
tp5定时器
# 定时器 * * * * * cd /home/wwwroot/default/dexin/dragon && /usr/bin/php think order --option 1 ...
Python 正则表达式匹配小数
不废话,直接上表达式 (\d+(\.\d+)?) 如: import re find_float = lambda x: re.search("\d+(\.\d+)?",x) .g ...
review01
.java叫源文件,java编译器编译源文件后会产生字节码文件,java解释器将字节码文件加载进内存,java虚拟机来执行字节码文件. 如下列文件名为“String01.java” public cl ...
ajax_基础
ajax 请求过程 1.准备发送请求 2.填写请求地址和数据 3.请请求到服务器 4.等待服务器处理数据. 5.接受服务器返回信息 --------------------------------- ...
mysql： instr 多个字段 like数据
你是否一直在寻找比MySQL的LIKE语句更高效的方法的,下面我就为你介绍几种. SELECT * FROM `order_shop` where instr(uuid, 'b') > 0 g ...
SpringBoot使用devtools导致的类型转换异常
遇到的问题:SpringBoot项目中的热部署引发的血的教训,报错代码位置: XStream xStream1 = new XStream(); xStream1.autodetectAnnotati ...
有些事情不要强求 PS:日常收集语录
有些事情不要强求 1.有些事,我们明知道是错的,也要去坚持,因为不甘心:有些人,我们明知道是爱的,也要去放弃,因为没结局:有时候,我们明知道没路了,却还在前行,因为习惯了. 2.以为蒙上了眼睛,就可以 ...