ldap server主配置文件: /usr/local/etc/openldap/slapd.conf
添加allow bind_v2 这样允许简单方式来验证ldap用户(不安全)
默认路径: /usr/local/libexec/slapd
scheme file格式
以下是一个创建数据库的示例
## DEFINE DIT ROOT/BASE/SUFFIX ####
## uses RFC 2377 format
## replace example and com as necessary below
## or for experimentation leave as is
## dcObject is an AUXILLIARY objectclass and MUST
## have a STRUCTURAL objectclass (organization in this case)
# this is an ENTRY sequence and is preceded by a BLANK line
dn: dc=example,dc=com
dc: example
description: My wonderful company as much text as you want to place
in this line up to 32K continuation data for the line above must
have <CR> or <CR><LF> i.e. ENTER works
on both Windows and *nix system - new line MUST begin with ONE SPACE
objectClass: dcObject
objectClass: organization
o: Example, Inc.
## FIRST Level hierarchy - people
## uses mixed upper and lower case for objectclass
# this is an ENTRY sequence and is preceded by a BLANK line
dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit
## SECOND Level hierarchy
## ADD a single entry under FIRST (people) level
# this is an ENTRY sequence and is preceded by a BLANK line
# the ou: Human Resources is the department name
dn: cn=Robert Smith,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Robert Smith
cn: Robert J Smith
cn: bob smith
sn: smith
uid: rjsmith
userpassword: rJsmitH
carlicense: HISCAR 123
homephone: 555-111-2222
mail: r.smith@example.com
mail: rsmith@example.com
mail: bob.smith@example.com
description: swell guy
ou: Human Resources
示例程序
#include <stdio.h>
#include <ldap.h>
main()
{
LDAP *ld;
LDAPMessage *res, *e;
int i, rc;
char *a, *dn;
BerElement *ptr;
char **vals;
BerValue credential;
credential.bv_val = "secret";
credential.bv_len = strlen(credential.bv_val);
/* open an LDAP session */
if ( (ld = ldap_init( "localhost", LDAP_PORT )) == NULL )
return 1;
/* authenticate as nobody */
if (( rc = ldap_sasl_bind_s( ld, "cn=Manager,dc=my-domain,dc=com", NULL , &credential, NULL, NULL, NULL)) != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_sasl_bind_s: %s/n",
ldap_err2string( rc ));
ldap_unbind( ld );
return 1;
}
/*
if (( rc = ldap_simple_bind_s( ld, "cn=Manager,dc=my-domain,dc=com", "secret" )) != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_simple_bind_s: %s/n",
ldap_err2string( rc ));
ldap_unbind( ld );
return 1;
}
*/
/* search for entries with cn of "Manager", return all attrs */
if (( rc = ldap_search_s( ld, "ou=people,dc=my-domain,dc=com",
LDAP_SCOPE_SUBTREE, "(cn=linan)", NULL, 0, &res ))
!= LDAP_SUCCESS ) {
fprintf( stderr, "ldap_search_s: %s/n",
ldap_err2string( rc ));
if ( res == NULL ) {
ldap_unbind( ld );
return 1;
}
}
/* step through each entry returned */
for ( e = ldap_first_entry( ld, res ); e != NULL;
e = ldap_next_entry( ld, e ) ) {
/* print its name */
dn = ldap_get_dn( ld, e );
printf( "dn: %s/n", dn );
ldap_memfree( dn );
/* print each attribute */
for ( a = ldap_first_attribute( ld, e, &ptr ); a != NULL;
a = ldap_next_attribute( ld, e, ptr ) ) {
printf( "/tattribute: %s/n", a );
/* print each value */
vals = ldap_get_values( ld, e, a );
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "/t/tvalue: %s/n", vals[i] );
}
ldap_value_free( vals );
ldap_memfree( a );
}
if ( ptr != NULL ) {
ber_free( ptr, 0 );
}
}
/* free the search results */
ldap_msgfree( res );
/* close and free connection resources */
ldap_unbind( ld );
return 0;
}