原创 2011年01月10日 13:32:00

A Quick-Start Guide(快速入门指南)

The following is a quick start guide to OpenLDAP Software 2.3, including the stand-alone LDAP daemon, slapd(8).
以下是 OpenLDAP2.3 的一个快速入门指南,包括独立的LDAP 守护程序,slapd(8)。

It is meant to walk you through the basic steps needed to install and configure OpenLDAP Software. It should be used in conjunction with the other chapters of this document, manual pages, and other materials provided with the distribution (e.g. the INSTALL document) or on the OpenLDAP web site (in particular, the OpenLDAP Software FAQ).
这就意味着你可以通过一些必要的基本步骤来安装和配置 OpenLDAP 软件。它应该同本文档的其他章节、手册页以及随各发行版提供的其他材料(如安装文档)或在 OpenLDAP 网站上(尤其是 OpenLDAP 软件 FAQ)。

If you intend to run OpenLDAP Software seriously, you should review all of this document before attempting to install the software.
如果您打算认真运行 OpenLDAP 软件的话,那么您应该在尝试安装该软件前读完本文档。

Note: This quick start guide does not use strong authentication nor any integrity or confidential protection services. These services are described in other chapters of the OpenLDAP Administrator's Guide.
注意:本快速入门指南即不能使用高强度认证也不能提供完整性或隐私保护服务。这些服务将在 OpenLDAP 管理员指南的其它章节中介绍。

  • Unpack the distribution(解压发行包)
    • Pick a directory for the source to live under, change directory to there, and unpack the distribution using the following commands:
gunzip -c openldap-VERSION.tgz | tar xvfB -
    • then relocate yourself into the distribution directory:
cd openldap-VERSION
    • You'll have to replace VERSION with the version name of the release.
      您必须用发行版本号来替换 VERSION。
  • Review documentation(查看文档)
    • You should now review the COPYRIGHT, LICENSE, README and INSTALL documents provided with the distribution. The COPYRIGHT and LICENSE provide information on acceptable use, copying, and limitation of warranty of OpenLDAP software.
      您现在应该查看随版本发行的版权、许可证、README以及安装文档。版权和许可证提供了 OpenLDAP 软件使用,拷贝和限制方面的警告信息。
    • You should also review other chapters of this document. In particular, the Building and Installing OpenLDAP Software chapter of this document provides detailed information on prerequisite software and installation procedures.
      您也应该看看本文档的其他章节。特别是本文档的编译和安装 OpenLDAP 软件章节提供了所需软件及安装步骤的详细信息。
  • Run configure(运行 configure 脚本)
    • You will need to run the provided configure script to configure the distribution for building on your system. The configure script accepts many command line options that enable or disable optional software features. Usually the defaults are okay, but you may want to change them. To get a complete list of options that configure accepts, use the --help option:
      在您系统编译之前您需要运行系统提供 configure 脚本来配置您的发行版。configure 脚本接受许多命令行选项,它们允许或禁用软件的某些可选特性。通常情况下,默认的选项就可以的,但您也许需要改变它们。要得到 configure 脚本接受的命令行参数的列表,使用—-help选项:
./configure --help
    • However, given that you are using this guide, we'll assume you are brave enough to just let configure determine what's best:
      然而,既然您使用了本指南,我们将假设您有足够的勇气来让 configure 决定什么是最好的:
    • Assuming configure doesn't dislike your system, you can proceed with building the software. If configure did complain, well, you'll likely need to go to the FAQ Installation Section ( and/or actually read the Building and Installing OpenLDAP Software chapter of this document.
      假设 configure 并不讨厌您的系统,您将可以继续编译软件。如果 configure 在抱怨,那么好吧,现在您需要查看 FAQ 的安装部分( ),并且/或者阅读本文档的“编译和安装 OpenLDAP 软件”部分。
  • Build the software.(编译软件)
    • The next step is to build the software. This step has two parts, first we construct dependencies and then we compile the software:
make depend
    • Both makes should complete without error.
      两次 make 都应该没有错误。
  • Test the build.(测试编译)
    • To ensure a correct build, you should run the test suite (it only takes a few minutes):
make test
    • Tests which apply to your configuration will run and they should pass. Some tests, such as the replication test, may be skipped.
  • Install the software.(安装软件)
    • You are now ready to install the software; this usually requires super-user privileges:
su root -c 'make install'
    • Everything should now be installed under /usr/local (or whatever installation prefix was used by configure).
      现在所有东西都应该被安装到 /usr/local 中(或是 configure 时所指定的安装目录)
  • Edit the configuration file.(编辑配置文件)
    • Use your favorite editor to edit the provided slapd.conf(5) example (usually installed as /usr/local/etc/openldap/slapd.conf) to contain a BDB database definition of the form:
      使用您喜爱的编辑器来编辑系统提供的 slapd.conf(5)示例(通常安装在/usr/local/etc/openldap/slapd.conf )用以包含一个如下所示的 BDB 数据库定义:
database bdb
suffix "dc=<MY-DOMAIN>,dc=<COM>"
rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"
rootpw secret
directory /usr/local/var/openldap-data
    • Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. For example, for, use:
      请确保记住使用正确的域名替换 <MY-DOMAIN> 和 <COM>。如对于,可用:
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
    • If your domain contains additional components, such as, use:
database bdb
suffix "dc=eng,dc=uni,dc=edu,dc=eu"
rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"
rootpw secret
directory /usr/local/var/openldap-data
    • Details regarding configuring slapd(8) can be found in the slapd.conf(5) manual page and the The slapd Configuration File chapter of this document. Note that the specified directory must exist prior to starting slapd(8).
      配置 slapd(8) 的相关细节可以在 slapd.conf(5) 的手册页中以及在本文档的“slapd 配置文件”一章中找到。注意在启动 slapd 之前指定的目录必须已经存在。
  • Start SLAPD.(启动 SLAPD)
    • You are now ready to start the stand-alone LDAP server, slapd(8), by running the command:
      您现在已经为启动独立的 LDAP 服务器,slapd(8) 做好准备了。运行命令:
su root -c /usr/local/libexec/slapd
    • To check to see if the server is running and configured correctly, you can run a search against it with ldapsearch(1). By default, ldapsearch is installed as /usr/local/bin/ldapsearch:
      要检查服务是否正在运行并且配置正确,您可以使用 ldapsearch(1) 来对服务器执行一个搜索。缺省情况下,ldapsearch 安装在 /usr/local/bin/ldapsearch :
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
    • Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:
namingContexts: dc=example,dc=com
    • Details regarding running slapd(8) can be found in the slapd(8) manual page and the Running slapd chapter of this document.
      运行 slapd(8) 的相关细节可以在 slapd(8) 的手册页或者本文档的“运行 SLAPD”章节中找到。
  • Add initial entries to your directory.(向您目录中增加初始化条目)
    • You can use ldapadd(1) to add entries to your LDAP directory. ldapadd expects input in LDIF form. We'll do it in two steps:
      您可以使用 ldapadd(1) 来向 LDAP 目录中增加条目。ldapadd 需要用 LDIF 格式输入。我们可以通过两个步骤来完成它:
    • create an LDIF file (创建一个 LDIF 文件)
    • run ldapadd (运行 ldapadd)
    • Use your favorite editor and create an LDIF file that contains:
      使用您喜爱的编辑器来创建一个 LDIF 文件,其内容如下:
dn: dc=<MY-DOMAIN>,dc=<COM>
objectclass: dcObject
objectclass: organization

dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
objectclass: organizationalRole
cn: Manager
    • Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. <MY ORGANIZATION> should be replaced with the name of your organization. When you cut and paste, be sure to trim any leading and trailing whitespace from the example.
      确保使用正确的域名部分来替换 <MY-DOMAIN> 和 <COM>,并使用您组织的名称来替换 <MY ORGANIZATION>。如果您使用拷贝和粘贴,请确保将开始和结束处的空格从下面的例子中去掉。
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager
    • Now, you may run ldapadd(1) to insert these entries into your directory.
      现在,您可以运行 ldapadd(8) 来将这些条目插入到您的目录中了
ldapadd -x -D "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" -W -f example.ldif
    • Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. You will be prompted for the "secret" specified in slapd.conf. For example, for, use:
      确保使用正确的域名部分来替换 <MY-DOMAIN> 和 <COM>,您将会被提示输入 slapd.conf 中指定的“secret”部分):
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
    • where example.ldif is the file you created above.
      其中,example.ldif 是上面您创建的文件。
    • Additional information regarding directory creation can be found in the Database Creation and Maintenance Tools chapter of this document.
  • See if it works.(查看它是否正常工作)
    • Now we're ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example uses the ldapsearch(1) tool. Remember to replace dc=example,dc=com with the correct values for your site:
      现在我们来准备确认新增的条目确实在数据库中。您可以使用任何 LDAP 客户端来验证这一点。不过我们的例子是使用 ldapsearch(1) 工具。记住,使用您站点的正确值来替换 dc=example,dc=com :
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
    • This command will search for and retrieve every entry in the database.

You are now ready to add more entries using ldapadd(1) or another LDAP client, experiment with various configuration options, backend arrangements, etc..
您现在可以使用 ldapadd(1) 或者其他的 LDAP 客户端来对不同配置选项和后台配置等做试验了。

Note that by default, the slapd(8) database grants read access to everybody excepting the super-user (as specified by the rootdn configuration directive). It is highly recommended that you establish controls to restrict access to authorized users. Access controls are discussed in the Access Control section of The slapd Configuration File chapter. You are also encouraged to read the Security Considerations, Using SASL and Using TLS sections.
注意在缺省状态下,slapd(8) 数据库会给除了超级用户(被 rootdn 配置指令指定)之外的每一个人的读权限。强烈建议您对认证用户设置严格的访问控制权限。访问控制将在“SLAPD 配置文件”章节中的“访问控制”部分中讨论。也建议您出于安全考虑阅读“使用SASL”和“使用TLS”部分。

The following chapters provide more detailed information on making, installing, and running slapd(8).
接下来的章节提供了有关编译,安装和运行 slapd(8) 的详细信息。