openldap 使用 mysql 存储

orrn
504 阅读1分钟

准备资源

系统版本: ubuntu 22.04
mysql 版本: 8.0.35
IP: 192.168.0.100

下载编译openldap

本文将跳过mysql安装部分,请另寻安装方式。

apt-get install gcc make libssl-dev libdb-dev unixodbc-dev time
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.6.6.tgz
tar xvfz openldap-*.tgz
cd openldap-*
./configure --enable-sql
make depend
make
make install

创建数据库

CREATE USER 'openldap'@'%' IDENTIFIED BY 'dbpassword';
CREATE DATABASE IF NOT EXISTS openldap;
GRANT ALL PRIVILEGES ON openldap.* TO 'openldap'@'%';
FLUSH PRIVILEGES;

配置文件

/etc/odbc.ini

[openldap]
Description         = Example for OpenLDAP's back-sql
Driver              = MySQL
Trace               = No
Database            = openldap
Servername          = 192.168.0.100 #mysql host
UserName            = openldap
Password            = dbpassword
ReadOnly            = No
RowVersioning       = No
ShowSystemTables    = No
ShowOidColumn       = No
FakeOidIndex        = No
ConnSettings        =

/etc/odbcinst.ini

下载odbc文件:cdn.mysql.com//Downloads/…
解压至:/usr/lib/x86_64-linux-gnu/odbc/

[MySQL]
Description=ODBC for MySQL
Driver=/usr/lib/x86_64-linux-gnu/odbc/libmyodbc8a.so
FileUsage=1

[MySQL ODBC 8.2 Unicode Driver]
DRIVER=/usr/lib/x86_64-linux-gnu/odbc/libmyodbc8w.so
UsageCount=1

[MySQL ODBC 8.2 ANSI Driver]
DRIVER=/usr/lib/x86_64-linux-gnu/odbc/libmyodbc8a.so
UsageCount=1

执行sql

cd servers/slapd/back-sql/rdbms_depend/mysql/
# 此为表结构
mysql -h 192.168.0.100 -u openldap -p openldap < backsql_create.sql

# 以下为测试数据
mysql -h 192.168.0.100 -u openldap -p openldap < testdb_create.sql
mysql -h 192.168.0.100 -u openldap -p openldap < testdb_data.sql
mysql -h 192.168.0.100 -u openldap -p openldap < testdb_metadata.sql

/usr/local/etc/openldap/slapd.conf

# $OpenLDAP$
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

#######################################################################
# sql database definitions
#######################################################################

database        sql
suffix          "dc=example,dc=com"
rootdn          "cn=root,dc=example,dc=com"
rootpw          ldappassword
dbname          openldap
dbuser          openldap
dbpasswd        dbpassword
subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"
insentry_stmt   "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
has_ldapinfo_dn_ru      no

启动命令

/usr/local/libexec/slapd -d 1

测试

ldapsearch -x -D cn=root,dc=example,dc=com -w ldappassword -s sub -b "dc=example,dc=com" "(objectClass=*)"
avatar
文章
阅读
粉丝