<b>LDAP</b><b>目錄服務的安裝和配置</b>
一、安裝
軟體包:
java-1.5.0-ibm-1.5.0.5-1jpp.5.el5.i386.rpm
jss-4.2.4-41.el5idm.i386.rpm
adminutil-1.1.5-1.el5dsrv.i386.rpm
adminutil-devel-1.1.5-1.el5dsrv.i386.rpm
idm-console-framework-1.1.0-7.el5idm.noarch.rpm
redhat-ds-admin-8.0.0-4.el5dsrv.i386.rpm
redhat-ds-base-8.0.0-12.el5dsrv.i386.rpm
redhat-ds-base-devel-8.0.0-12.el5dsrv.i386.rpm
redhat-ds-console-8.0.0-11.el5dsrv.noarch.rpm
redhat-idm-console-1.0.0-16.el5idm.i386.rpm
redhat-admin-console-8.0.0-11.el5dsrv.noarch.rpm
redhat-ds-8.0.0-1.4.el5dsrv.i386.rpm
2. 配置好軟體倉庫,使用yum安裝java-1.5.0-ibm,redhat-ds
[root@station2 ~]# yum -y install java-1.5.0-ibm
#一定要安裝此軟體包,要不然在利用redhat-idm-console管理時會出現各種問題
[root@station2 ~]# yum -y install redhat-ds
[root@station2 ~]# yum -y install openldap-clients,openldap-servers
#最好也将openldap-clients,openldap-servers也安裝上去,因為在配置的時候會出現用到的地方。
二、配置
1. 配置(同時生成配置腳本)
[root@station2 ~]# setup-ds-admin.pl -k
#這裡最好加上k的參數,這樣會在(/tmp下)配置完成後生成一個配置的腳本
==============================================================================
This program will set up the Red Hat Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]:
#詢問要不要遵循這個協定什麼的,回車就可以
BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY
AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE
LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS
OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE.
Do you agree to the license terms? [no]:yes
#這是對版權的聲明,則輸入yes
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
Red Hat Directory Server system tuning analysis version 10-AUGUST-2007.
NOTICE : System is i686-unknown-linux2.6.18-164.el5PAE (1 processor).
WARNING: 364MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system.
NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes). This may cause temporary server congestion from lost
client connections.
WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.
WARNING: There are only 1024 file descriptors (soft limit) available, which
Would you like to continue? [no]: yes
#這是顯示你安裝的環境簡介,這裡是無所謂的,在調優中進行參考,如果不想修改,直接yes就可了
Choose a setup type:
1. Express.
2. Typical
3. Custom
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]: 2
#這裡是說,你要用什麼樣的安裝方法進行安裝呢?選擇2,預設即可
Enter the fully qualified domain name of the computer
Computer name [station2.example.com]:
#這裡提示說:你的計算機名叫什麼,這裡預設就可以了,回車
The servers must run as a specific user in a specific group.
system utilities.
System User [nobody]:ldap
System Group [nobody]: ldap
#這裡說,你管理這個服務的使用者叫什麼,因為我們前面已經裝過openldap-servers了 是以這裡有ldap這個使用者,當然也可以使用nobody這個預設使用者
Server information is stored in the configuration directory server.
Do you want to register this software with an existing
configuration directory server? [no]: no
#這裡提示是否作為另外一個目錄服務的子域麼,這裡因為我們沒有是以輸入no ,如果有一個想要加入的目錄服務,那麼就寫入yes,然後再填入所要加入的目錄服務就可以了。
Please enter the administrator ID for the configuration directory
server.
administrator ID [admin]: admin
#這裡是輸入控制台管理者的ID名
Password: redhat
Password (confirm):redhat #輸入密碼
The information stored in the configuration directory server can be
separated into different Administration Domains.
Administration Domain [example.com]:
#寫入管理域的名字,回車就可以
Directory server network port [389]:
#使用目錄服務的什麼端口呢?回車
Directory server identifier [station2]:
#目錄服務的名字叫什麼呢? 回車就可以了
The suffix is the root of your directory tree. The suffix must be a valid DN.
Suffix [dc=example,dc=com]: dc=station2,dc=example,dc=com
#寫入Suffix的名稱,這裡一定要注意,(整個域的字尾)
Certain directory server operations require an administrative user.
Directory Manager DN [cn=Directory Manager]:
#這裡是控制台的使用者,這裡的權限是最大的,可以異地進行管理,而前面的admin隻能是本地管理,直接回車就用這個使用者名
Password:redhat123
Password (confirm):redhat123
==============================================================================
The Administration Server is separate from any of your web or application
Administration port [9830]: 8888
#這裡是遠端管理的端口,而上面的端口是本地的管理的端口,我們設定成為8888
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: yes #完成配置
2. 看一看到之前配置的資訊:
[root@station2 ~]# cat /tmp/setuprOksA8.log
3. 啟動服務
[root@station2 ~]# service dirsrv restart #這個是之前的389這個端口的服務
[root@station2 ~]# service dirsrv-admin restart #這個是8888端口的那個服務
4. 開啟服務配置界面
[root@localhost tmp]# redhat-idm-console #登陸紅帽的設定台
三、相關檔案
1. Configuration files – /etc/dirsrv/slapd-instance
#這是配置檔案(包括系統的配置,也要備份dse.ldif檔案,因為這個裡面記錄的就是station2裡面的資訊instance是identifier,這裡為station2。
2. Useful scripts – /usr/lib/dirsrv/slapd-instance #使用的腳本
3. Database files – /var/lib/dirsrv/slapd-instance
#要進行LDAP的備份,則隻要将資料備份就可以了,恢複的時候隻要再次導入就可以了。
例如:
[root@station2 ~]# cd /var/lib/dirsrv/
[root@station2 dirsrv]# ls
slapd-station2
那麼備份slapd-station2就可以了
4. Log files – /var/log/dirsrv/slapd-instance #出現錯誤了 ,在這裡看日志
5. Lock files – /var/lock/dirsrv/slapd-instance #鎖檔案
三、目錄資料庫的備份與恢複
1. 備份
l Directory Server Console #目錄服務處于線上
l db2bak腳本
[root@station2 ~]# /usr/lib/slapd-station2/db2bak
Back up directory: /var/lib/dirsrv/slapd-station2/bak/station2-2011_04_09_00_50_11
# 目錄服務處于線上,備份檔案被存放在/var/lib/dirsrv/slapd-station2/bak目錄下
l dse.ldif和schema必須手動備份,無工具可用
2. 恢複
l Directory Server Console #線上恢複
l bak2db.pl腳本(perl) #線上恢複
[root@station2 ~]# /usr/lib/dirsrv/slapd-station2/bak2db.pl -a /var/lib/dirsrv/slapd-station2/bak/station2-2011_04_09_00_50_11 -D 'cn=Directory Manager' -w directory #導入資料
adding new entry cn=restore_2011_4_9_1_1_29, cn=restore, cn=tasks, cn=config
l bak2db腳本 #離線恢複
[root@station2 bak]# /usr/lib/dirsrv/slapd-station2/bak2db /var/lib/dirsrv/slapd-station2/bak/station2-2011_04_09_00_50_11
l dse.ldif和schema必須離線手動恢複 #離線恢複
3. 從資料庫中導入導出ldif檔案:
l 導出:directory server console(線上)、db2ldif(線上)
[root@station2 ~]# /usr/lib/dirsrv/slapd-station2/db2ldif -s dc=example.com,dc=com -s o=NetscapeRoot -a /tmp/example.ldif
l 導入:directory server console(線上)、ldif2db.pl(線上)、ldif2db(離線)
本文轉自netsword 51CTO部落格,原文連結:http://blog.51cto.com/netsword/538569
![【MySQL資料庫】資料庫索引事務1.索引2.事務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)