zoukankan      html  css  js  c++  java
  • LDAP客户端在Windows环境的部署及配置

    ldap客户端配置
    安装目录的子目录C:OpenLDAPetcopenldap,编辑slapd.conf,修改密码,保存并关闭文件。
    rootdn           "cn=Manager,dc=my-domain,dc=com"(在111行,管理员账号)
    rootpw          123456(在115行,管理员密码)
    进入安装目录的子目录C:OpenLDAPlibexec,编辑StartLDAP.cmd,将FQDN的值设置为本机ip地址,这样才可以访问到远端的远端,原本设置为localhost是无法访问到远端的,保存并关闭文件。
    以上步骤完成后,启动LDAPServer应用程序,启动后如下图。
    安装LdapBrowser282
    将LdapBrowser282.rar解压,进入文件夹,双击lbe,即可运行。(需要java环境)
    连接配置
    Host填入本机ip地址,端口号389,点击Fetch DNs按钮,Base DN会自动搜索填充,User Info中填写slapd.conf配置的管理员用户名和密码,点击Save按钮进行保存。
    点击Connect按钮进行连接。

    导入以下文件:C:OpenLDAPetcldifase.ldif和users.ldif
    选中左侧根节点,点击导入按钮,选择Update/Add,在LDIF File中依次C:OpenLDAPetcldifase.ldif和users.ldif,注意按顺序导入,一次只能导入一个文件。
    导入成功base.ldif成功,此时导入的是分组,还未导入具体用户。
    继续选择左侧根节点,相同方法导入users.ldif.。
    导入成功后,ou=People节点下面会新增一个安装时默认的用户hacker。
    如需新增用户,则修改user.ldif,以默认用户为模板,复制粘贴后更改属性dn和userPassword,粘贴时注意:请将新加用户粘贴在默认用户hacker上部,使hacker为最后一个用户,ldap校验不识别最后一个用户。
    在此,我们可以认为uid是用户名,ou是用户的属组,导入的base.ldif中已经预先设置了三种属组:Group、People、Manager,选用People;dc=my-domain代表域为my-domain,dc=com为固定格式

    openldap编出来几个工具,其中使用到ldapsearch工具,具体参数如下:

    ldapsearch -h IP -p 389 -x -D "uid=zhangsan,ou=People,dc=Baidu,dc=com"  -w "password" -b "dc=Baidu,dc=com" -s base -LLL PLAIN
    ldapsearch --help
    ldapsearch: invalid option -- '-'
    ldapsearch: unrecognized option --
    usage: ldapsearch [options] [filter [attributes...]]
    where:
      filter    RFC 4515 compliant LDAP search filter
      attributes    whitespace-separated list of attribute descriptions
        which may include:
          1.1   no attributes
          *     all user attributes
          +     all operational attributes
    Search options:
      -a deref   one of never (default), always, search, or find
      -A         retrieve attribute names only (no values)
      -b basedn  base dn for search
      -c         continuous operation mode (do not stop on errors)
      -E [!]<ext>[=<extparam>] search extensions (! indicates criticality)
                 [!]domainScope              (domain scope)
                 !dontUseCopy                (Don't Use Copy)
                 [!]mv=<filter>              (RFC 3876 matched values filter)
                 [!]pr=<size>[/prompt|noprompt] (RFC 2696 paged results/prompt)
                 [!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...]
                                             (RFC 2891 server side sorting)
                 [!]subentries[=true|false]  (RFC 3672 subentries)
                 [!]sync=ro[/<cookie>]       (RFC 4533 LDAP Sync refreshOnly)
                         rp[/<cookie>][/<slimit>] (refreshAndPersist)
                 [!]vlv=<before>/<after>(/<offset>/<count>|:<value>)
                                             (ldapv3-vlv-09 virtual list views)
                 [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]
                 [!]<oid>[=:<b64value>] (generic control; no response handling)
      -f file    read operations from `file'
      -F prefix  URL prefix for files (default: file:///tmp/)
      -l limit   time limit (in seconds, or "none" or "max") for search
      -L         print responses in LDIFv1 format
      -LL        print responses in LDIF format without comments
      -LLL       print responses in LDIF format without comments
                 and version
      -M         enable Manage DSA IT control (-MM to make critical)
      -P version protocol version (default: 3)
      -s scope   one of base, one, sub or children (search scope)
      -S attr    sort the results by attribute `attr'
      -t         write binary values to files in temporary directory
      -tt        write all values to files in temporary directory
      -T path    write files to directory specified by path (default: /tmp)
      -u         include User Friendly entry names in the output
      -z limit   size limit (in entries, or "none" or "max") for search
    Common options:
      -d level   set LDAP debugging level to `level'
      -D binddn  bind DN
      -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
                 [!]assert=<filter>     (RFC 4528; a RFC 4515 Filter string)
                 [!]authzid=<authzid>   (RFC 4370; "dn:<dn>" or "u:<user>")
                 [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
                         one of "chainingPreferred", "chainingRequired",
                         "referralsPreferred", "referralsRequired"
                 [!]manageDSAit         (RFC 3296)
                 [!]noop
                 ppolicy
                 [!]postread[=<attrs>]  (RFC 4527; comma-separated attr list)
                 [!]preread[=<attrs>]   (RFC 4527; comma-separated attr list)
                 [!]relax
                 abandon, cancel, ignore (SIGINT sends abandon/cancel,
                 or ignores response; if critical, doesn't wait for SIGINT.
                 not really controls)
      -h host    LDAP server
      -H URI     LDAP Uniform Resource Identifier(s)
      -I         use SASL Interactive mode
      -n         show what would be done but don't actually do it
      -N         do not use reverse DNS to canonicalize SASL host name
      -O props   SASL security properties
      -o <opt>[=<optparam] general options
                 nettimeout=<timeout> (in seconds, or "none" or "max")
                 ldif-wrap=<width> (in columns, or "no" for no wrapping)
      -p port    port on LDAP server
      -Q         use SASL Quiet mode
      -R realm   SASL realm
      -U authcid SASL authentication identity
      -v         run in verbose mode (diagnostics to standard output)
      -V         print version info (-VV only)
      -w passwd  bind password (for simple authentication)
      -W         prompt for bind password
      -x         Simple authentication
      -X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
      -y file    Read password from file
      -Y mech    SASL mechanism
      -Z         Start TLS request (-ZZ to require successful response)
  • 相关阅读:
    C++中使用多线程
    hdu 4223 dp 求连续子序列的和的绝对值最小值
    hdu 1372 bfs 计算起点到终点的距离
    hdu 4217 线段树 依次取第几个最小值,求其sum
    心得
    hdu 1175 bfs 按要求进行搜索,是否能到达,抵消两个(相同)棋子
    hdu 4221 greed 注意范围 工作延期,使整个工作时间罚时最少的单个罚时最长的值
    hdu 2844 多重背包 多种硬币,每一种硬币有一点数量,看他能组成多少种钱
    uva LCDDisplay
    hdu 4218 模拟 根据一个圆点和半径画一个圆 注意半径要求
  • 原文地址:https://www.cnblogs.com/lonelamb/p/10355392.html
Copyright © 2011-2022 走看看