用mysql作openldap的后台数据库

  Setting up OpenLDAP with MySQL backend

  用mysql作后台数据库安装openldap

  author: TBONIUS

  OpenLDAP is an X.500 Lightweight Directory Access Server used for

  centralized authentication and directory lookups. This article covers configuring this service to utilize SQL services in order to store its data object. Having these objects stored in a SQL database allow for third party applications access to manage these objects.

  openldap是一个基于x.500协议用来集中认证和目录搜索的级目录访问服务器。这篇文章包含的内容是:利用sql服务来配置这个服务器 ,用来保存对象和数据。允许第三方应用访问、管理这些保存在SQL数据库里的对象。

  Ports that are needed:

  需要的ports有:

  MySQL 4.x server : /usr/ports/databases/mysql41-server

  MySQL 4.x client : /usr/ports/databases/mysql41-client

  LibIODBC 3.x : /usr/ports/databases/libiodbc

  MyODBC 3.x : /usr/ports/databases/myodbc

  OpenLDAP 2.x : /usr/ports/databases/openldap21-server WITH_ODBC="YES"

  Configuring the MySQL server

  配置mysql服务器

  OpenLDAP has the option to use many different kinds of databases, in this case we will use MySQL. The first step in setting this up is to create a MySQL database for which OpenLDAP will use.

  openldap可选很多不同种类的数据库。在这种情况下,我将使用mysql。要完成这个任务的第一步是建立一个openldap将要使用的mysql数据库

  root@host # mysqladmin create ldap

  Next we will create a MySQL account that OpenLDAP will use for our newly created ldap database

  下面我将建立一个openldap会用的mysql帐号,对应我们新建立的ldap数据库。

  root@host # mysql

  Welcome to the MySQL monitor. Commands end with ; or g.

  Your MySQL connection id is 10 to server version: 4.0.18

  Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

  mysql>;grant all privileges on ldap.* to 'ldap'@'localhost'

  ->;identified by 'password' with grant option;

  Query OK, 0 rows affected (0.13 sec)

  We of course want to substitute 'password' with the actual password we wish to use for this particular user account

  对特定的用户帐号,我们当然想用我们真正想用的密码替换'password'。

  Configuring LibIODBC to use the MyODBC driver

  配置LibODBC使用MyODBC驱动。

  Quite simply we need to edit two file here to get LibODBC to use the MyODBC driver in accessing the MySQL server.

  事实上我们只需要简单得修改这里的两个文件就可让LibODBC使用MyODBC驱动来访问MySQL服务器。

  Take a look at the /usr/local/etc/libiodbc/odbcinst.ini file and make the following changes

  看看这个文件/usr/local/etc/libiodbc/odbcinst.ini并修改内容:

  [ODBC Drivers]

  MySQL = Installed

  [MySQL]

  Description=ODBC for MySQL

  Driver=/usr/local/lib/libmyodbc3.so

  Take a look at the /usr/local/etc/libiodbc/odbc.ini and make the following changes

  看看这个文件/usr/local/etc/libiodbc/odbc.ini并作如下修改:

  [ODBC Data Sources]

  ldap = MySQL LDAP DSN

  [ldap]

  Driver = /usr/local/lib/libmyodbc3.so

  Description = OpenLDAP Database

  Host = localhost

  ServerType = MySQL

  Port = 3306

  FetchBufferSize = 99

  User = ldap

  Password = password

  Database = ldap

  ReadOnly = no

  Socket = /tmp/mysql.sock

  [ODBC]

  InstallDir=/usr/local/lib

  Again, substitute password for the actual password we created for the ldap user of the MySQL database.

  再次,为我们在mysql数据库建立的ldap用户的密码。

  We can test our current configuration before installing and configuring OpenLDAP. LibIODBC provides a test utility to check DSN configurations.

  在安装配置openldap以前,我们可以测试我们当前的配置。LibIODBC提供了检测DSN配置的测试工具。

  Note from darxpryte: Upon following this tutorial I've found that iodbctest was not built automatically. This may be fixed later but if you find this to be the case you'll need to do the following:

  darxpryte提示:在这篇指南的下面,我发现iodbctest没有自动建立,以后或许会修正这个问题,不过如果你需要如此的话,按照修面的操作:

  cd /usr/ports/databases/libiodbc/

  make extract

  cd work/libiodbc-3.52.2/samples

  make install

  This will install iodbctest into /usr/local/bin/

  这将把iodbctest安装到/usr/local/bin/

  Once you install iodbctest, you can do the following to test your connection:

  一旦你安装了iodbctest,你就可以安装下面的方法来测试你的连接:

  root@host # iodbctest

  iODBC Demonstration program

  This program shows an interactive SQL processor

  Driver Manager: 03.51.0001.0908

  Enter ODBC connect string (? shows list): ?

  DSN | Description

  ---------------------------------------------------------------

  ldap | MySQL LDAP DSN

  Enter ODBC connect string (? shows list):DSN=ldap

  Driver: 03.51.06

  SQL>;show tables;

  Tables_in_ldap

  ---------------------

  authors_docs

  documents

  institutes

  ldap_attr_mappings

  ldap_entries

  ldap_entry_objclasses

  ldap_oc_mappings

  ldap_referrals

  persons

  phones

  result set 1 returned 10 rows.

  This shows us that the DSN is configured correctly for LibIODBC to use the MyODBC driver in order to connect to our ldap database we set up on our MySQL Server

  这表示,DSN已经为LibIODBC配置好使用MyODBC驱动,好用来连接到我们在mysql服务器上安装的ldap数据库。

  If you have problems displaying the DSN names defined in the odbc.ini file via the test program, try exporting the following shell environmental variable:

  如果你通过测试程序时有问题(显示定义在odbc.ini里面的DSN名字),尝试输入下面的shell环境变量:

  For csh or tcsh:

  对于csh或者tcsh:

  setenv ODBCINI /usr/local/etc/libiodbc/odbc.ini

  For sh or bash:

  对于sh或者bash:

  export ODBCINI=/usr/local/etc/libiodbc/odbc.ini

  Configuring OpenLDAP to use MySQL

  配置openldap使用mysql

  During the build of OpenLDAP, we need to pass the WITH_ODBC="YES" option so that the server build the appropriate SQL configurations

  在编译openldap的时候,我们需要跳过 WITH_ODBC="YES"选项,这样,服务器编译专用的sql配置。

  After the make install process, we will copy over the slapd.conf file that is configured to use a SQL backend. This file is buried under the OpenLDAP ports directory in the following path:

  在安装过程完毕后,我们将复制使用SQL作后台的slapd.conf文件,这个文件在openldap的ports目录的下面的路径中生成:

  work/openldap-2.1.30/servers/slapd/back-sql/rdbms_depend/mysql

  Change to this directory, from the ports directory of OpenLDAP, and copy the configuration file over

  >; cp slapd.conf /usr/local/etc/openldap

  Then we can import the back SQL file from this directory into our running MySQL server database

  root@host # mysql < backsql_create.sql ldap

  root@host # mysql < testdb_create.sql ldap

  Optionally we can import the testdb_data and testdb_metadata files into the database so that we can have example data with which to work

  Next we need to edit the /usr/local/etc/openldap/slapd.conf file and make the protper adjustments. We need to setup the slapd service to use a SQL backend under the "SQL database definitions" section

  database sql

  suffix "o=sql,c=RU"

  rootdn "cn=root,o=sql,c=RU"

  rootpw secret

  dbname ldap

  dbuser ldap

  dbpasswd password

  subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"

  insentry_query "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"

  Go ahead and comment out or delete any other example configurations for alternate SQL connectors such as Postgres and/or MsSQL settings. (Unless of course you are using a Postgres or MsSQL server as your backend

  Post installation configuration

  Next, we need to edit the /etc/rc.conf and configure the OpenLDAP server to star on boot by making the following changes

  slapd_enable="YES"

  slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'

  slapd_sockets="/var/run/openldap/ldapi"

  And finally we need to edit the OpenLDAP startup script and setup the ODBC path for the server to use. Edit /etc/rc.d/slapd file and add the following line:

  export ODBCINI=/usr/local/etc/libiodbc/odbc.ini

  Just as we performed the iodbctest, this variable is essential for OpenLDAP to know where the configuration file to use for ODBC connectivity

  Now we are ready to try and bring up our OpenLDAP server. Let us start by running slapd manually in debug mode to see the output of startup:

  root@host # /usr/local/libexec/slapd -d 1

  We should see the following at the end of the debug output:

  <==load_schema_map()

  <==backsql_get_db_conn()

  ==>;backsql_free_db_conn()

  backsql_free_db_conn(): closing db connection

  ==>;backsql_close_db_conn()

  <==backsql_close_db_conn()

  <==backsql_free_db_conn()

  <==backsql_db_open(): test succeeded, schema map loaded

  slapd starting

  If this is the given output then it looks like our configuration is correct and we are ready to start up OpenLDAP normally for operation.

  /etc/rc.d/slapd start

  This will startup the OpenLDAP server and we can verify it is running with the following command:

  root@host # sockstat |grep slapd

  ldap slapd 71838 5 dgram -< /var/run/log

  ldap slapd 71838 8 stream /var/run/openldap/ldapi

  ldap slapd 71838 9 tcp4 *:389 *:*

  From here, use any OpenLDAP Administration tool of your choice to add, edit and remove data

时间: 2024-12-22 15:47:04

用mysql作openldap的后台数据库的相关文章

openldap sqlite-做openldap移植,把sqlite3作为后台数据库的修改问题

问题描述 做openldap移植,把sqlite3作为后台数据库的修改问题 做openldap移植,把sqlite3作为后台数据库,如何修改相关的配置文件,比如slapd.conf.odbc.ini等

加密后台数据库的方法

地球人都知道,MDB文件很不安全,破解MDB文件密码的软件层出不穷,那是否如果我们MDB作后台数据库,是不是就等于任人宰割了呢?我觉得未必是这样的. 我用过不少Access密码破解器,大多数都只能处理英文密码,因此我们可以针对这一特点,把MDB文件的数据库密码设置为中文的,这样就可以抵挡大部份破解器的攻击了. 一定有人会说,既然人家能写出破解英文密码娜砑欢ㄒ部梢孕闯銎平庵形拿苈氲娜砑U饩浠耙坏愣济淮恚还颐腔褂械诙校焊奈募贰?MDB的头16个字节保存着文件类型.版本等诸如此类的重要

PHP-Nuke存在远程SQL注入漏洞 后台数据库堪忧

描述: PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL.PostgreSQL.mSQL.Interbase.Sybase等. PHP-Nuke的Your_Account模块实现上存在输入验证漏洞,远程攻击者可能利用此漏洞对服务器程序执行SQL注入攻击. PHP-Nuke的Your_Account模块没有对username参数做充分的过滤检查,远程攻击者可能在此参数中插入恶意的SQL命令,从而非授权获取对后台数据库的操作. 受影响系统: PHP

jsp页面获取系统时间写入后台数据库

问题描述 jsp页面获取系统时间写入后台数据库 我使用的是ssh框架,在user表中有个user_registertime是Date类型,想从jsp中获取系统时间写入到user中作为user_registertime,求教各位大神该怎么处理? 解决方案 为什么要从jsp获取时间,直接在sql中调用date函数就可以得到时间了. 解决方案二: 如果你用的是mysql 直接写 now() 就把当前时间加入数据库了 解决方案三: <%=new SimpleDateFormat(""yy

测试工具-后台数据库入侵|后台数据库渗透测试。后台数据库导入!!

问题描述 后台数据库入侵|后台数据库渗透测试.后台数据库导入!! QQ200832005渗透测试方面的单子(可兼职也可接私活) 技能要求 具有至少1年以上的职业黑客攻击经验,并实际操作过各类项目,拒绝理论派.熟悉渗透测试服务器提权方面. 1.掌握MySQL.MSSQL.Oracle.PostgreSQL等一种或多种主流数据库结构以及特殊性. 2.熟悉渗透测试的步骤.方法.流程.熟练掌握各种渗透测试工具. 3.有主机.网络或Web安全渗透测试相关项目实施经验&. 4.对网站/服务器的结构有敏锐的洞

【双11背后的技术】AliCloudDB——双11商家后台数据库的基石

选自<不一样的技术创新--阿里巴巴2016双11背后的技术>,全书目录:https://yq.aliyun.com/articles/68637 本文作者:玄惭 前言 2016年天猫双11购物狂欢节已经完美落下帷幕,千亿成交的背后,作为整个天猫商家后台数据库的基石,AliCloudDB是如何保障在零点洪峰来临时候稳定.安全和顺畅?如此庞大规模的数据库实例集群又是怎样一步步成长起来的?AliCloudDB团队核心老司机玄惭,为你带来,双11是这样用云的姿势....  1. 弹性扩容 多数用户在双

同时支持三个MySQL+SQLite+PDO的PHP数据库类

  PHP学习教程文章简介: 同时支持三个MySQL+SQLite+PDO的PHP数据库类使用方法: // mysql connect $db = new SQL(mysql:host=localhost;database=21andy_blog;, 21andy.com_user, 21andy.com_password); // PDO SQLite3 connect $db = new SQL(pdo:database=/21andy.com/21andy.s 同时支持三个MySQL+SQ

MySQL八月结束旧版数据库 免费更新大餐

据国外媒体报道,本周,开源数据库老大MySQL公布了产品生命周期计划.今后,每一个版本的MySQL"寿命"将为五年.该公司还表示,将对旧版数据库的安全更新服务收费. 在旧版产品的维护上,MySQL在过去几年中实际上比较"慷慨".公司高层本周在博客上表示,同时针对多个版本进行安全更新消耗了大量成本,因此,针对这些服务,公司将收取一定的费用. 据悉,MySQL 3.23和4.0版本的用户如果要继续获得安全更新服务,则必须购买"MySQL网络支持"服务

在线编辑公文并保存到后台数据库

后台|数据|数据库|在线 在线编辑公文并保存到后台数据库--------------------------------------------------------------------------------http://www.standsoft.com (2004.1.14) 文章来源:智岛软件 在线演示http://www.oapro.com/ostarocx/sample/savefilepro/default.asp源代码http://www.oapro.com/ostaroc