OpenLDAP 使用MySQL作為數據庫

一、安裝依賴包

yum -y install unixODBC.x86_64 unixODBC-devel.x86_64 libdbi-devel.x86_64 libdbi.x86_64 libdbi-dbd-mysql.x86_64 openssl openssl-devel

二、安裝mysql

yum -y install mysql-server mysql mysql-connector-odbc.x86_64

   1、啟動MySQL服務

/etc/init.d/mysqld start

  2、配置開機自啟動

chkconfig mysqld on

3、初始化MySQL密碼

mysql_secure_installation

4、創建openldap所需要的數據庫

mysql> create database sso;
mysql> grant all privileges on sso.* to openldap@'localhost' identified by 'openldap'; mysql> grant all privileges on sso.* to openldap@'127.0.0.1' identified by 'openldap'; mysql> flush privileges;

5、依次導入范例數據庫

cd /usr/share/doc/openldap-servers-sql-2.4.40/rdbms_depend/mysql
mysql -uopenldap -popenldap sso< backsql_create.sql mysql -uopenldap -popenldap sso< testdb_create.sql mysql -uopenldap -popenldap sso< testdb_data.sql mysql -uopenldap -popenldap sso< testdb_metadata.sql

6、配置ODBC

此處我測試使用的遠程主機上的數據庫
vim /etc/odbc.ini [ldap] Description = The Database for mysql Trace = On TraceFile = stderr Driver = MySQL SERVER = 192.168.1.254 USER = ssoadmin PASSWORD = ssoadmin PORT = 3306 DATABASE = sso charset = UTF8 option = 3

vim /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL Driver64 = /usr/lib64/libmyodbc5.so Setup64 = /usr/lib64/libodbcmyS.so FileUsage = 1

7、測試ODBC驅動連接

isql ldap_mysql [openldap賬號] [openldap密碼]

三、安裝openldap

yum -y install openldap-servers openldap-servers-sql openldap-clients openldap openldap-devel

1、slapd配置文件

# $OpenLDAP$
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema

modulepath /usr/lib64/openldap
moduleload back_sql

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

logfile /var/log/slapd/slapd.log
loglevel -1

#######################################################################

# sql database definitions
#######################################################################
backend sql
database sql
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
rootpw {CRYPT}crv/NUk0P.UHI
dbname ldap
dbuser ssoadmin
dbpasswd ssoadmin
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"

2、測試並生成配置文件

cd /etc/openldap/
rm -rf slapd.d/*
slaptest -f slapd.conf -F slapd.d/
chown ldap. slapd.d/ -R

3、測試openldap鏈接MySQL鏈接數據庫

運行：slapd -d 1

啟動后注意觀察報錯，如果出現如下的狀態，則表示OK：
<==backsql_load_schema_map() ==>backsql_free_db_conn() ==>backsql_close_db_handle(0x1602840) <==backsql_close_db_handle(0x1602840) <==backsql_free_db_conn() <==backsql_db_open(): test succeeded, schema map loaded slapd starting 這個狀態會持續，除非你強制停止！

 

這個時候，打開另外一個窗口，執行：
ldapsearch -x -D cn=root,dc=example,dc=com -w openldap -s sub -b "dc=example,dc=com" "(objectClass=*)"

如果獲得如下的返回結果，則表示正常：
# numResponses: 8
# numEntries: 6
# numReferences: 1

此處說明LDAP已經能正確讀取到數據庫。注意默認數據庫使用的是example，ldapsearch 的時候也要查詢example否則無法查詢到數據。后面會更新此文章