Differences

This shows you the differences between two versions of the page.

--- informatica:linux:ldap [2010/11/24 18:22] – 95.20.4.69
+++ informatica:linux:ldap [2010/11/26 18:44] – 95.20.4.69
@@ Line 2: / Line 2: @@
 open-ldap slapd ldap
+http://www.zytrax.com/books/ldap/
 ===== Instalación =====
   sudo aptitude install slapd ldap-utils
@@ Line 23: / Line 26: @@
 # NB: RH Linux schemas in /etc/openldap
 #
-include     /etc/ldap/schema/core.schema
+include         /etc/ldap/schema/core.schema
-include     /etc/ldap/schema/cosine.schema
+include         /etc/ldap/schema/cosine.schema
-include     /etc/ldap/schema/inetorgperson.schema
+include         /etc/ldap/schema/inetorgperson.schema
 # NO SECURITY - no access clause
@@ Line 40: / Line 42: @@
 # enable a lot of logging - we might need it
 # but generates huge logs
-loglevel    -1
+loglevel        255
 # MODULELOAD definitions
@@ Line 52: / Line 54: @@
 #######################################################################
 # bdb database definitions
 #
 # replace example and com below with a suitable domain
 #
 # If you don't have a domain you can leave it since example.com
 # is reserved for experimentation or change them to my and inc
@@ Line 66: / Line 68: @@
 rootdn "cn=jimbob, dc=example, dc=com"
 rootpw dirtysecret
-# The database directory MUST exist prior to running slapd AND
+# The database directory MUST exist prior to running slapd AND
 # change path as necessary
-directory   /srv/ldapdb
+directory       /srv/ldapdb
 # Indices to maintain for this directory
 # unique id so equality match only
-index   uid eq
+index   uid     eq
 # allows general searching on commonname, givenname and email
 index   cn,gn,mail eq,sub
 # allows multiple variants on surname searching
 index sn eq,sub
 # sub above includes subintial,subany,subfinal
 # optimise department searches
 index ou eq
 # if searches will include objectClass uncomment following
 # index objectClass eq
 # shows use of default index parameter
 index default eq,sub
 # indices missing - uses default eq,sub
 index telephonenumber
@@ Line 91: / Line 99: @@
 cachesize 10000
 checkpoint 128 15
 </code>
 ===== Arrancar ldap =====
-Para arrancar ldap con ese archivo de configuracion:
+No se por que demonios el '/etc/init.d/slpad start' me arranca malamente el demonio. Mejor hacerlo a mano (con mucho debug, con la opcion -d):
-  sudo /usr/sbin/slapd -h ldap://192.168.1.17/ -g openldap -u openldap -f /etc/ldap/ldap.conf -d 255&
+  sudo /usr/sbin/slapd -f /etc/ldap/ldap.conf -g openldap -u openldap -h ldap://192.168.1.17 &
 Comprobar que ha arrancado:
   ps ax | grep ldap
-pts/0    S      0:00 sudo /usr/sbin/slapd -h ldap://192.168.1.17/ -g openldap -u openldap -f /etc/ldap/ldap.conf -d 255
+?        Ssl    0:00 /usr/sbin/slapd -f /etc/ldap/ldap.conf -g openldap -u openldap -h ldap://192.168.1.17
-pts/0    Sl     0:00 /usr/sbin/slapd -h ldap://192.168.1.17/ -g openldap -u openldap -f /etc/ldap/ldap.conf -d 255
+Para pararlo matar el proceso con kill
+===== Insertar registro =====
+. Crear un archivo .ldif:
+  sudo vim /tmp/ejemplo1.ldif
+Con el siguiente contenido:
+<code>
+## DEFINE DIT ROOT/BASE/SUFFIX ####
+## uses RFC 2377 format
+## replace example and com as necessary below
+## or for experimentation leave as is
+## dcObject is an AUXILLIARY objectclass and MUST
+## have a STRUCTURAL objectclass (organization in this case)
+# this is an ENTRY sequence and is preceded by a BLANK line
+dn: dc=example,dc=com
+dc: example
+description: My wonderful company as much text as you want to place
+ in this line up to 32K continuation data for the line above must
+ have <CR> or <CR><LF> i.e. ENTER works
+ on both Windows and *nix system - new line MUST begin with ONE SPACE
+objectClass: dcObject
+objectClass: organization
+o: Example, Inc.
+## FIRST Level hierarchy - people
+## uses mixed upper and lower case for objectclass
+# this is an ENTRY sequence and is preceded by a BLANK line
+dn: ou=people, dc=example,dc=com
+ou: people
+description: All people in organisation
+objectclass: organizationalunit
+## SECOND Level hierarchy
+## ADD a single entry under FIRST (people) level
+# this is an ENTRY sequence and is preceded by a BLANK line
+# the ou: Human Resources is the department name
+dn: cn=Robert Smith,ou=people,dc=example,dc=com
+objectclass: inetOrgPerson
+cn: Robert Smith
+cn: Robert J Smith
+cn: bob  smith
+sn: smith
+uid: rjsmith
+userpassword: rJsmitH
+carlicense: HISCAR 123
+homephone: 555-111-2222
+mail: r.smith@example.com
+mail: rsmith@example.com
+mail: bob.smith@example.com
+description: swell guy
+ou: Human Resources
+</code>
+. Insertar el registro:
+  ldapadd -H ldap://192.168.1.17 -x -D "cn=jimbob,dc=example,dc=com" -f /srv/example.ldif -w dirtysecret
+===== Buscar registro =====
+  ldapsearch -H ldap://192.168.1.17 -LL -b ou=people,dc=example,dc=com "{mail=*smith*)" sn cn mail
+Me ha salido bien antes, ahora no me furrula (quiza porque borre el registro
+  ldapsearch -xh 192.168.1.17 -b '' -s base subschemaSubentry