平台及相关软件:
OS:CentOS5.5
axigen-8.0.1.i386.rpm.run
db-4.8.30.tar.gz
openldap-2.4.28.tgz
ejabberd-2.1.11-linux-installer.bin
插件(可到axigen官网去下载):
axigen.schema
webmail-8.0.1-im.tar.gz
服务器主机名及IP:
hostname:linuxidc.com
IP:192.168.0.11
域名1:88181.com
域名2:Ubuntuone.cn
域名3:Fedora.cc
一、首先安装Axigen Mail Server
sh axigen-8.0.1.i386.rpm.run
二、安装配置openldap
1、先安装支持编译软件gcc
yum -y install gcc
2、安装BerkeleyDB数据库
[root@localhost BerkeleyDB]# tar -zxvf db-4.8.30.tar.gz
[root@localhost BerkeleyDB]# cd db-4.8.30
[root@localhost db-4.8.24]# cd build_unix/
[root@localhost db-4.8.24]# ../dist/configure
[root@localhost db-4.8.24]# make
[root@localhost db-4.8.24]# make install
3、安装openldap
增加库路径:
# vi /etc/ld.so.conf
/usr/local/BerkeleyDB.4.8/lib
设置环境变量编译:
先安装openssl
yum install openssl*
[root@linuxidc opt]# tar -zxvf openldap-2.4.28.tgz
[root@linuxidc opt]# cd openldap-2.4.28
#ln -s /usr/local/ssl/lib/* /lib/
#ln -s /usr/local/ssl/lib/* /usr/local/lib/
[root@linuxidc openldap-2.4.28]# env CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.8/lib" ./configure --prefix=/usr/local/openldap --enable-ldbm --enable-syncprov --enable-memberof --with-tls=openssl --enable-dynamic --enable-overlays --enable-accesslog
[root@linuxidc openldap-2.4.28]# make depend
[root@linuxidc openldap-2.4.28]# make
[root@linuxidc openldap-2.4.28]# make test
[root@linuxidc openldap-2.4.28]# make install
4、配置openldap
[root@linuxidc /]# cd /usr/local/openldap/etc/openldap/
[root@linuxidc openldap]# vi slapd.conf
#slapd.conf至少要包含下面这些配置(具体可参见附件slapd.conf配置模板):
- include /usr/local/openldap/etc/openldap/schema/core.schema
- include /usr/local/openldap/etc/openldap/schema/cosine.schema
- include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
- include /usr/local/openldap/etc/openldap/schema/misc.schema
- include /usr/local/openldap/etc/openldap/schema/axigen.schema
- pidfile /usr/local/openldap/var/run/slapd.pid
- argsfile /usr/local/openldap/var/run/slapd.args
- modulepath /usr/local/openldap/libexec/openldap
- moduleload memberof.la
- moduleload syncprov.la
- serverID 1
- database bdb
- suffix "dc=base"
- rootdn "cn=admin,dc=base"
- rootpw 123456
- directory /usr/local/openldap/var/openldap-data
- index objectClass eq
- index ou,cn,mail,surname,givenname eq,pres,sub
- index entryUUID,entryCSN eq
- overlay syncprov
- syncprov-checkpoint 100 30
- syncprov-sessionlog 100
- overlay memberof
- memberof-refint true
配置完成,需要把axigen.schema复制到/usr/local/openldap/etc/openldap/schema/目录下:
最后启动openldap服务:
[root@linuxidc /]# cd /usr/local/openldap/libexec/
[root@linuxidc libexec]# ./slapd
5、初始化openldap,简单的说,就像DNS,就是先定义一个根(base),然后再定义二级域(com.base/cn.base/net.base),再定义三级域(88181.com.base/ubuntuone.cn.base/fedora.cc.base):
[root@linuxidc bin]# cd /usr/local/openldap/bin/
[root@linuxidc bin]#vi users.ldif
#下面文件中后边一定不要有空格,
- dn: dc=base
- objectClass: dcObject
- objectClass: organization
- dc: base
- o: base
- dn: dc=com,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: com
- o: com
- dn: dc=cn,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: cn
- o: cn
- dn: dc=net,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: net
- o: net
- dn: dc=88181,dc=com,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: 88181
- o: 88181
- dn: dc=ubuntuone,dc=cn,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: ubuntuone
- o: ubuntuone
- dn: dc=fedora,dc=net,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: fedora
- o: fedora
- dn: ou=users,dc=88181,dc=com,dc=base
- objectClass: organizationalUnit
- ou: users
- dn: ou=groups,dc=88181,dc=com,dc=base
- objectClass: organizationalUnit
- ou: groups
- dn: ou=users,dc=ubuntuone,dc=cn,dc=base
- objectClass: organizationalUnit
- ou: users
- dn: ou=groups,dc=ubuntuone,dc=cn,dc=base
- objectClass: organizationalUnit
- ou: groups
- dn: ou=users,dc=fedora,dc=net,dc=base
- objectClass: organizationalUnit
- ou: users
- dn: ou=groups,dc=fedora,dc=net,dc=base
- objectClass: organizationalUnit
- ou: groups
wq!进行保存,最后需要导入到openldap
[root@linuxidc bin]# ./ldapadd -x -D "cn=admin,dc=base" -W -f users.ldif
Enter LDAP Password: 123456
导入成功后,可以根据下面命令进行查询(如导入出错,请核对users.ldif文件,90%原因是ldif文件有误):
./ldapsearch -b "dc=base" -x (查询所有)
./ldapsearch -b "dc=com,dc=base" -x (查询所有.com结尾)
./ldapsearch -b "dc=88181,dc=com,dc=base" -x (查询88181.com域)
6、停止openldap服务方法:
先查询openldap进程号,再进行kill进程号,来到达停止服务的目的:
[root@linuxidc bin]# netstat -tunlp | grep :389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 4200/slapd
tcp 0 0 :::389 :::* LISTEN 4200/slapd
[root@linuxidc bin]# kill 4200
三、在Axigen上配置opneldap
1、登陆到webadmin,在左侧依次选择"Clustering"--"Clustering Setup",在"Connector List"点击"Add Connector"来增加一个ldap连接,具体主要设置参数:
LDAP Connector name: im-ldap
IP / Hostname:127.0.0.1
Port:389
Synchronization direction:Axigen to Ldap
选中Use Administrative DN
Admin DN:cn=admin,dc=base
Admin DN Password:123456
Account base DN:ou=Users,%x,dc=base
Group base DN:ou=Groups,%x,dc=base
最后点击"Update"完成添加。
2、到相应域名下开启openldap服务,并选择刚才添加的"im-ldap"连接。