OpenLDAP 使用MySQL作为数据库

一、安装依赖包

yum -y install unixODBC.x86_64 unixODBC-devel.x86_64 libdbi-devel.x86_64 libdbi.x86_64 libdbi-dbd-mysql.x86_64 openssl openssl-devel

二、安装mysql

yum -y install mysql-server mysql mysql-connector-odbc.x86_64

   1、启动MySQL服务

/etc/init.d/mysqld start

  2、配置开机自启动

chkconfig mysqld on

3、初始化MySQL密码

mysql_secure_installation

4、创建openldap所需要的数据库

mysql> create database sso;
mysql> grant all privileges on sso.* to openldap@'localhost' identified by 'openldap'; mysql> grant all privileges on sso.* to openldap@'127.0.0.1' identified by 'openldap'; mysql> flush privileges;

5、依次导入范例数据库

cd /usr/share/doc/openldap-servers-sql-2.4.40/rdbms_depend/mysql
mysql -uopenldap -popenldap sso< backsql_create.sql mysql -uopenldap -popenldap sso< testdb_create.sql mysql -uopenldap -popenldap sso< testdb_data.sql mysql -uopenldap -popenldap sso< testdb_metadata.sql

6、配置ODBC

此处我测试使用的远程主机上的数据库
vim /etc/odbc.ini [ldap] Description = The Database for mysql Trace = On TraceFile = stderr Driver = MySQL SERVER = 192.168.1.254 USER = ssoadmin PASSWORD = ssoadmin PORT = 3306 DATABASE = sso charset = UTF8 option = 3

vim /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL Driver64 = /usr/lib64/libmyodbc5.so Setup64 = /usr/lib64/libodbcmyS.so FileUsage = 1

7、测试ODBC驱动连接

isql ldap_mysql [openldap账号] [openldap密码]

三、安装openldap

yum -y install openldap-servers openldap-servers-sql openldap-clients openldap openldap-devel

1、slapd配置文件

# $OpenLDAP$
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema

modulepath /usr/lib64/openldap
moduleload back_sql

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

logfile /var/log/slapd/slapd.log
loglevel -1

#######################################################################

# sql database definitions
#######################################################################
backend sql
database sql
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
rootpw {CRYPT}crv/NUk0P.UHI
dbname ldap
dbuser ssoadmin
dbpasswd ssoadmin
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"

2、测试并生成配置文件

cd /etc/openldap/
rm -rf slapd.d/*
slaptest -f slapd.conf -F slapd.d/
chown ldap. slapd.d/ -R

3、测试openldap链接MySQL链接数据库

运行：slapd -d 1

启动后注意观察报错，如果出现如下的状态，则表示OK：
<==backsql_load_schema_map() ==>backsql_free_db_conn() ==>backsql_close_db_handle(0x1602840) <==backsql_close_db_handle(0x1602840) <==backsql_free_db_conn() <==backsql_db_open(): test succeeded, schema map loaded slapd starting 这个状态会持续，除非你强制停止！

 

这个时候，打开另外一个窗口，执行：
ldapsearch -x -D cn=root,dc=example,dc=com -w openldap -s sub -b "dc=example,dc=com" "(objectClass=*)"

如果获得如下的返回结果，则表示正常：
# numResponses: 8
# numEntries: 6
# numReferences: 1

此处说明LDAP已经能正确读取到数据库。注意默认数据库使用的是example，ldapsearch 的时候也要查询example否则无法查询到数据。后面会更新此文章