LDAP目录服务的安装和配置
一、安装
- 软件包:
java-1.5.0-ibm-1.5.0.5-1jpp.5.el5.i386.rpm
jss-4.2.4-41.el5idm.i386.rpm
adminutil-1.1.5-1.el5dsrv.i386.rpm
adminutil-devel-1.1.5-1.el5dsrv.i386.rpm
idm-console-framework-1.1.0-7.el5idm.noarch.rpm
redhat-ds-admin-8.0.0-4.el5dsrv.i386.rpm
redhat-ds-base-8.0.0-12.el5dsrv.i386.rpm
redhat-ds-base-devel-8.0.0-12.el5dsrv.i386.rpm
redhat-ds-console-8.0.0-11.el5dsrv.noarch.rpm
redhat-idm-console-1.0.0-16.el5idm.i386.rpm
redhat-admin-console-8.0.0-11.el5dsrv.noarch.rpm
redhat-ds-8.0.0-1.4.el5dsrv.i386.rpm
2. 配置好软件仓库,使用yum安装java-1.5.0-ibm,redhat-ds
[root@station2 ~]# yum -y install java-1.5.0-ibm
#一定要安装此软件包,要不然在利用redhat-idm-console管理时会出现各种问题
[root@station2 ~]# yum -y install redhat-ds
[root@station2 ~]# yum -y install openldap-clients,openldap-servers
#最好也将openldap-clients,openldap-servers也安装上去,因为在配置的时候会出现用到的地方。
二、配置
1. 配置(同时生成配置脚本)
[root@station2 ~]# setup-ds-admin.pl -k
#这里最好加上k的参数,这样会在(/tmp下)配置完成后生成一个配置的脚本
==============================================================================
This program will set up the Red Hat Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]:
#询问要不要遵循这个协议什么的,回车就可以
==============================================================================
BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY
AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE
LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS
OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE.
Do you agree to the license terms? [no]:yes
#这是对版权的声明,则输入yes
==============================================================================
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
Red Hat Directory Server system tuning analysis version 10-AUGUST-2007.
NOTICE : System is i686-unknown-linux2.6.18-164.el5PAE (1 processor).
WARNING: 364MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system.
NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes). This may cause temporary server congestion from lost
client connections.
WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.
WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.
Would you like to continue? [no]: yes
#这是显示你安装的环境简介,这里是无所谓的,在调优中进行参考,如果不想修改,直接yes就可了
==============================================================================
Choose a setup type:
1. Express.
2. Typical
3. Custom
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]: 2
#这里是说,你要用什么样的安装方法进行安装呢?选择2,默认即可
==============================================================================
Enter the fully qualified domain name of the computer
To accept the default shown in brackets, press the Enter key.
Computer name [station2.example.com]:
#这里提示说:你的计算机名叫什么,这里默认就可以了,回车
==============================================================================
The servers must run as a specific user in a specific group.
system utilities.
System User [nobody]:ldap
System Group [nobody]: ldap
#这里说,你管理这个服务的用户叫什么,因为我们前面已经装过openldap-servers了 所以这里有ldap这个用户,当然也可以使用nobody这个默认用户
==============================================================================
Server information is stored in the configuration directory server.
Do you want to register this software with an existing
configuration directory server? [no]: no
#这里提示是否作为另外一个目录服务的子域么,这里因为我们没有所以输入no ,如果有一个想要加入的目录服务,那么就写入yes,然后再填入所要加入的目录服务就可以了。
==============================================================================
Please enter the administrator ID for the configuration directory
server.
administrator ID [admin]: admin
#这里是输入控制台管理员的ID名
Password: redhat
Password (confirm):redhat #输入密码
==============================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains.
Administration Domain [example.com]:
#写入管理域的名字,回车就可以
==============================================================================
Directory server network port [389]:
#使用目录服务的什么端口呢?回车
==============================================================================
Directory server identifier [station2]:
#目录服务的名字叫什么呢? 回车就可以了
==============================================================================
The suffix is the root of your directory tree. The suffix must be a valid DN.
Suffix [dc=example,dc=com]: dc=station2,dc=example,dc=com
#写入Suffix的名称,这里一定要注意,(整个域的后缀)
==============================================================================
Certain directory server operations require an administrative user.
Directory Manager DN [cn=Directory Manager]:
#这里是控制台的用户,这里的权限是最大的,可以异地进行管理,而前面的admin只能是本地管理,直接回车就用这个用户名
Password:redhat123
Password (confirm):redhat123
==============================================================================
The Administration Server is separate from any of your web or application
Administration port [9830]: 8888
#这里是远程管理的端口,而上面的端口是本地的管理的端口,我们设置成为8888
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: yes #完成配置
2. 看一看到之前配置的信息:
[root@station2 ~]# cat /tmp/setuprOksA8.log
3. 启动服务
[root@station2 ~]# service dirsrv restart #这个是之前的389这个端口的服务
[root@station2 ~]# service dirsrv-admin restart #这个是8888端口的那个服务
4. 开启服务配置界面
[root@localhost tmp]# redhat-idm-console #登陆红帽的设置台
三、相关文件
1. Configuration files – /etc/dirsrv/slapd-instance
#这是配置文件(包括系统的配置,也要备份dse.ldif文件,因为这个里面记录的就是station2里面的信息instance是identifier,这里为station2。
2. Useful scripts – /usr/lib/dirsrv/slapd-instance #使用的脚本
3. Database files – /var/lib/dirsrv/slapd-instance
#要进行LDAP的备份,则只要将数据备份就可以了,恢复的时候只要再次导入就可以了。
例如:
[root@station2 ~]# cd /var/lib/dirsrv/
[root@station2 dirsrv]# ls
slapd-station2
那么备份slapd-station2就可以了
4. Log files – /var/log/dirsrv/slapd-instance #出现错误了 ,在这里看日志
5. Lock files – /var/lock/dirsrv/slapd-instance #锁文件
三、目录数据库的备份与恢复
1. 备份
l Directory Server Console #目录服务处于在线
l db2bak脚本
[root@station2 ~]# /usr/lib/slapd-station2/db2bak
Back up directory: /var/lib/dirsrv/slapd-station2/bak/station2-2011_04_09_00_50_11
# 目录服务处于在线,备份文件被存放在/var/lib/dirsrv/slapd-station2/bak目录下
l dse.ldif和schema必须手动备份,无工具可用
2. 恢复
l Directory Server Console #在线恢复
l bak2db.pl脚本(perl) #在线恢复
[root@station2 ~]# /usr/lib/dirsrv/slapd-station2/bak2db.pl -a /var/lib/dirsrv/slapd-station2/bak/station2-2011_04_09_00_50_11 -D 'cn=Directory Manager' -w directory #导入数据
adding new entry cn=restore_2011_4_9_1_1_29, cn=restore, cn=tasks, cn=config
l bak2db脚本 #离线恢复
[root@station2 bak]# /usr/lib/dirsrv/slapd-station2/bak2db /var/lib/dirsrv/slapd-station2/bak/station2-2011_04_09_00_50_11
l dse.ldif和schema必须离线手动恢复 #离线恢复
3. 从数据库中导入导出ldif文件:
l 导出:directory server console(在线)、db2ldif(在线)
[root@station2 ~]# /usr/lib/dirsrv/slapd-station2/db2ldif -s dc=example.com,dc=com -s o=NetscapeRoot -a /tmp/example.ldif
l 导入:directory server console(在线)、ldif2db.pl(在线)、ldif2db(离线)
本文转自netsword 51CTO博客,原文链接:http://blog.51cto.com/netsword/538569
