E文水平有限翻译不是很到位。请原谅。 

 Setting up OpenLDAP with MySQL backend 

 用mysql作后台数据库安装openldap 


 author: TBONIUS 

 OpenLDAP is an X.500 Lightweight Directory Access Server used for 

 centralized authentication and directory lookups. This article covers configuring this service to utilize SQL services in order to store its data object. Having these objects stored in a SQL database allow for third party applications access to manage these objects. 

 openldap是一个基于x.500协议用来集中认证和目录搜索的级目录访问服务器。这篇文章包含的内容是:利用sql服务来配置这个服务器 ,用来保存对象和数据。允许第三方应用访问、管理这些保存在SQL数据库里的对象。 

 Ports that are needed: 

 需要的ports有: 

 MySQL 4.x server : /usr/ports/databases/mysql41-server 

 MySQL 4.x client : /usr/ports/databases/mysql41-client 

 LibIODBC 3.x : /usr/ports/databases/libiodbc 

 MyODBC 3.x : /usr/ports/databases/myodbc 

 OpenLDAP 2.x : /usr/ports/databases/openldap21-server WITH_ODBC="YES" 

 Configuring the MySQL server 

 配置mysql服务器 

 OpenLDAP has the option to use many different kinds of databases, in this case we will use MySQL. The first step in setting this up is to create a MySQL database for which OpenLDAP will use. 

 openldap可选很多不同种类的数据库。在这种情况下,我将使用mysql。要完成这个任务的第一步是建立一个openldap将要使用的mysql数据库 

 root@host # mysqladmin create ldap 

 Next we will create a MySQL account that OpenLDAP will use for our newly created ldap database 

 下面我将建立一个openldap会用的mysql帐号,对应我们新建立的ldap数据库。 


 root@host # mysql 


 Welcome to the MySQL monitor. Commands end with ; or \g. 

 Your MySQL connection id is 10 to server version: 4.0.18 


 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. 


 mysql>;grant all privileges on ldap.* to 'ldap'@'localhost' 

 ->;identified by 'password' with grant option; 


 Query OK, 0 rows affected (0.13 sec) 


 We of course want to substitute 'password' with the actual password we wish to use for this particular user account 

 对特定的用户帐号,我们当然想用我们真正想用的密码替换'password'。 

 Configuring LibIODBC to use the MyODBC driver 

 配置LibODBC使用MyODBC驱动。 

 Quite simply we need to edit two file here to get LibODBC to use the MyODBC driver in accessing the MySQL server. 

 事实上我们只需要简单得修改这里的两个文件就可让LibODBC使用MyODBC驱动来访问MySQL服务器。 

 Take a look at the /usr/local/etc/libiodbc/odbcinst.ini file and make the following changes 

 看看这个文件/usr/local/etc/libiodbc/odbcinst.ini并修改内容: 


 [ODBC Drivers] 

 MySQL = Installed 


 [MySQL] 

 Description=ODBC for MySQL 

 Driver=/usr/local/lib/libmyodbc3.so 


 Take a look at the /usr/local/etc/libiodbc/odbc.ini and make the following changes 

 看看这个文件/usr/local/etc/libiodbc/odbc.ini并作如下修改: 


 [ODBC Data Sources] 

 ldap = MySQL LDAP DSN 


 [ldap] 

 Driver = /usr/local/lib/libmyodbc3.so 

 Description = OpenLDAP Database 

 Host = localhost 

 ServerType = MySQL 

 Port = 3306 

 FetchBufferSize = 99 

 User = ldap 

 Password = password 

 Database = ldap 

 ReadOnly = no 

 Socket = /tmp/mysql.sock 


 [ODBC] 

 InstallDir=/usr/local/lib 


 Again, substitute password for the actual password we created for the ldap user of the MySQL database. 

 再次,为我们在mysql数据库建立的ldap用户的密码。 


 We can test our current configuration before installing and configuring OpenLDAP. LibIODBC provides a test utility to check DSN configurations. 

 在安装配置openldap以前,我们可以测试我们当前的配置。LibIODBC提供了检测DSN配置的测试工具。 


 Note from darxpryte: Upon following this tutorial I've found that iodbctest was not built automatically. This may be fixed later but if you find this to be the case you'll need to do the following: 

 darxpryte提示:在这篇指南的下面,我发现iodbctest没有自动建立,以后或许会修正这个问题,不过如果你需要如此的话,按照修面的操作: 


 cd /usr/ports/databases/libiodbc/ 

 make extract 

 cd work/libiodbc-3.52.2/samples 

 make install 


 This will install iodbctest into /usr/local/bin/ 

 这将把iodbctest安装到/usr/local/bin/ 


 Once you install iodbctest, you can do the following to test your connection: 

 一旦你安装了iodbctest,你就可以安装下面的方法来测试你的连接: 


 root@host # iodbctest 

 iODBC Demonstration program 

 This program shows an interactive SQL processor 

 Driver Manager: 03.51.0001.0908 


 Enter ODBC connect string (? shows list): ? 


 DSN | Description 

 --------------------------------------------------------------- 

 ldap | MySQL LDAP DSN 


 Enter ODBC connect string (? shows list):DSN=ldap 

 Driver: 03.51.06 


 SQL>;show tables; 


 Tables_in_ldap 

 --------------------- 

 authors_docs 

 documents 

 institutes 

 ldap_attr_mappings 

 ldap_entries 

 ldap_entry_objclasses 

 ldap_oc_mappings 

 ldap_referrals 

 persons 

 phones 


 result set 1 returned 10 rows. 


 This shows us that the DSN is configured correctly for LibIODBC to use the MyODBC driver in order to connect to our ldap database we set up on our MySQL Server 

 这表示,DSN已经为LibIODBC配置好使用MyODBC驱动,好用来连接到我们在mysql服务器上安装的ldap数据库。 


 If you have problems displaying the DSN names defined in the odbc.ini file via the test program, try exporting the following shell environmental variable: 

 如果你通过测试程序时有问题(显示定义在odbc.ini里面的DSN名字),尝试输入下面的shell环境变量: 


 For csh or tcsh: 

 对于csh或者tcsh: 


 setenv ODBCINI /usr/local/etc/libiodbc/odbc.ini 


 For sh or bash: 

 对于sh或者bash: 


 export ODBCINI=/usr/local/etc/libiodbc/odbc.ini 


 Configuring OpenLDAP to use MySQL 

 配置openldap使用mysql 


 During the build of OpenLDAP, we need to pass the WITH_ODBC="YES" option so that the server build the appropriate SQL configurations 

 在编译openldap的时候,我们需要跳过 WITH_ODBC="YES"选项,这样,服务器编译专用的sql配置。 

 After the make install process, we will copy over the slapd.conf file that is configured to use a SQL backend. This file is buried under the OpenLDAP ports directory in the following path: 

 在安装过程完毕后,我们将复制使用SQL作后台的slapd.conf文件,这个文件在openldap的ports目录的下面的路径中生成: 


 work/openldap-2.1.30/servers/slapd/back-sql/rdbms_depend/mysql 

 Change to this directory, from the ports directory of OpenLDAP, and copy the configuration file over 


 >; cp slapd.conf /usr/local/etc/openldap 

 Then we can import the back SQL file from this directory into our running MySQL server database 


 root@host # mysql < backsql_create.sql ldap 

 root@host # mysql < testdb_create.sql ldap 


 Optionally we can import the testdb_data and testdb_metadata files into the database so that we can have example data with which to work 


 Next we need to edit the /usr/local/etc/openldap/slapd.conf file and make the protper adjustments. We need to setup the slapd service to use a SQL backend under the "SQL database definitions" section 


 database sql 

 suffix "o=sql,c=RU" 

 rootdn "cn=root,o=sql,c=RU" 

 rootpw secret 

 dbname ldap 

 dbuser ldap 

 dbpasswd password 

 subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" 

 insentry_query "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" 


 Go ahead and comment out or delete any other example configurations for alternate SQL connectors such as Postgres and/or MsSQL settings. (Unless of course you are using a Postgres or MsSQL server as your backend 


 Post installation configuration 

 Next, we need to edit the /etc/rc.conf and configure the OpenLDAP server to star on boot by making the following changes 


 slapd_enable="YES" 

 slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"' 

 slapd_sockets="/var/run/openldap/ldapi" 


 And finally we need to edit the OpenLDAP startup script and setup the ODBC path for the server to use. Edit /etc/rc.d/slapd file and add the following line: 


 export ODBCINI=/usr/local/etc/libiodbc/odbc.ini 

 Just as we performed the iodbctest, this variable is essential for OpenLDAP to know where the configuration file to use for ODBC connectivity 


 Now we are ready to try and bring up our OpenLDAP server. Let us start by running slapd manually in debug mode to see the output of startup: 


 root@host # /usr/local/libexec/slapd -d 1 

 We should see the following at the end of the debug output: 


 <==load_schema_map() 

 <==backsql_get_db_conn() 

 ==>;backsql_free_db_conn() 

 backsql_free_db_conn(): closing db connection 

 ==>;backsql_close_db_conn() 

 <==backsql_close_db_conn() 

 <==backsql_free_db_conn() 

 <==backsql_db_open(): test succeeded, schema map loaded 

 slapd starting 


 If this is the given output then it looks like our configuration is correct and we are ready to start up OpenLDAP normally for operation. 


 /etc/rc.d/slapd start 

 This will startup the OpenLDAP server and we can verify it is running with the following command: 


 root@host # sockstat |grep slapd 

 ldap slapd 71838 5 dgram -< /var/run/log 

 ldap slapd 71838 8 stream /var/run/openldap/ldapi 

 ldap slapd 71838 9 tcp4 *:389 *:* 


 From here, use any OpenLDAP Administration tool of your choice to add, edit and remove data