RHEL5.4系统中要实现openLDAP的功能必须要安装openldap,openldap-servers,openldap-cLients三个软件包。
其中openldap包已经默认安装,用来提供LDAP服务的基本文件目录。Openldap-servers提供服务端功能,openldap-clients提供客户端的搜索工具,这两个包必须手动安装。
一服务器端配置:
#rpm –ivh openldap-servers-2.3.27-8.e15-1.3.i386.rpm
或者
#yum install openldap* -y
[root@station3 Server]# rpm -vih openldap-servers-2.3.43-3.el5.i386.rpm
Preparing... ########################################### [100%]
1:openldap-servers ########################################### [100%]
[root@station3 Server]# rpm -vih openldap-servers-overlays-2.3.43-3.el5.i386.rpm
Preparing... ########################################### [100%]
1:openldap-servers-overla########################################### [100%]
[root@station3 Server]# rpm -vih openldap-servers-sql-2.3.43-3.el5.i386.rpm
Preparing... ########################################### [100%]
1:openldap-servers-sql ########################################### [100%]
[root@station3 Server]# cd /var/lib/ldap/ (现在安装完成-目录只有一个文件)
openldap-severs-update.log
下面的这一步非常重要 ( 必须要第一步就执行这个 slapd 命令)
[root@station3 ldap]# slapd (会生成一些库文件)
[root@station3 ldap]# ls
alock __db.003 __db.006 log.0000000001
__db.001 __db.004 dn2id.bdb openldap-severs-update.log
__db.002 __db.005 id2entry.bdb
查看服务器进程:
#ps aux | grep ldap
查看端口:
[root@station3 ldap]# netstat -ntlp | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 3782/slapd
tcp 0 0 :::389 :::* LISTEN 3782/slapd
问题一:
[root@station3 ldap]# service ldap restart
停止 slapd: [确定]
/var/lib/ldap/id2entry.bdb is not owned by "ldap" [警告]
/var/lib/ldap/__db.002 is not owned by "ldap" [警告]
/var/lib/ldap/__db.001 is not owned by "ldap" [警告]
/var/lib/ldap/dn2id.bdb is not owned by "ldap" [警告]
/var/lib/ldap/__db.005 is not owned by "ldap" [警告]
/var/lib/ldap/__db.006 is not owned by "ldap" [警告]
/var/lib/ldap/__db.003 is not owned by "ldap" [警告]
/var/lib/ldap/__db.004 is not owned by "ldap" [警告]
正在检查 slapd 的配置文件: bdb_db_open: alock package is unstable
backend_startup_one: bi_db_open failed! (-1)
slap_startup failed (test would succeed using the -u switch)
[失败]
/var/lib/ldap 中可能存在无效的锁文件 [警告]
[root@station3 ldap]# service ldap status
slapd 已停
解决方法:
[root@station3 ldap]# pwd
/var/lib/ldap
[root@station3 ldap]# chown ldap:ldap *
[root@station3 ldap]# service ldap restart
停止 slapd: [失败]
正在检查 slapd 的配置文件: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=my-domain,dc=com.
config file testing succeeded
[确定]
启动 slapd: [确定]
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) 也是一个问题
解决方法:
[root@station3 ldap]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@station3 ldap]# ll
总计 756
-rw-r--r-- 1 ldap ldap 2048 04-23 15:32 alock
-rw------- 1 ldap ldap 24576 04-23 15:23 __db.001
-rw------- 1 ldap ldap 278528 04-23 15:23 __db.002
-rw------- 1 ldap ldap 270336 04-23 15:23 __db.003
-rw------- 1 ldap ldap 98304 04-23 15:23 __db.004
-rw------- 1 ldap ldap 352256 04-23 15:23 __db.005
-rw------- 1 ldap ldap 24576 04-23 15:23 __db.006
-rw-r----- 1 root root 921 04-23 15:35 DB_CONFIG
-rw------- 1 ldap ldap 8192 04-23 15:23 dn2id.bdb
-rw------- 1 ldap ldap 32768 04-23 15:23 id2entry.bdb
-rw------- 1 ldap ldap 10485760 04-23 15:29 log.0000000001
-rw-r--r-- 1 ldap ldap 37 04-23 15:19 openldap-severs-update.log
[root@station3 ldap]# chown ldap:ldap *
[root@station3 ldap]# service ldap restart
停止 slapd: [确定]
正在检查 slapd 的配置文件: bdb_db_open: DB_CONFIG for suffix dc=my-domain,dc=com has changed. Performing database recovery to activate new settings. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered.
config file testing succeeded
[确定]
启动 slapd: [确定]
[root@station3 ldap]# chmod 600 *
[root@station3 ldap]# service ldap restart
停止 slapd: [确定]
正在检查 slapd 的配置文件: config file testing succeeded [确定]
启动 slapd: [确定]
OK!