Active Directory 到 LDIF OpenLDAP
如何创建模仿典型 Active Directory 结构的 LDAP?
我需要将以下值包含在每个用户中: 这不是正确的语法,但我想添加一个具有特定用户名和密码的用户
dn: dc=users
userlogin: USERNAME
userPassword: PASSWORD
objectclass: person
userPrincipalName: [email protected]
sAMAccountName: USERNAME
,我尝试使用 tldif,但我不确定如何创建一个适当的专有名称,允许我添加像上面的语法这样的用户,或者与之等同的东西。
最终,多个远程服务器使用此 sql 查询来查询 OpenLDAP 服务器。
select sAMAccountName FROM '" + ConnectionPath + "' where objectclass='person' and userPrincipalName='"+ UserName + "'
谢谢! :)
How would I create an LDAP that mimics the structure of a typical Active Directory?
I need the following values to be included in each user:
This isn't the right syntax but I want to add a user with a specific user name and password
dn: dc=users
userlogin: USERNAME
userPassword: PASSWORD
objectclass: person
userPrincipalName: [email protected]
sAMAccountName: USERNAME
I tried using a tldif, but I'm unsure how to create an appropriate Distinguished Name that allows for me to add users like the above syntax, or what equates to it.
Ultimately several remote servers queries the OpenLDAP server with this sql query.
select sAMAccountName FROM '" + ConnectionPath + "' where objectclass='person' and userPrincipalName='"+ UserName + "'
Thanks! :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您想将 OpenLDAP 与 Active-Directory 属性一起使用,您需要做的第一件事就是修改 OpenLDAP 架构。有一个“faq-O-Matic”解释了 OpenLDAP 上的情况地点。
目录的架构定义了一组规则,这些规则指定目录可能包含的对象类型以及不同类型条目应具有的必需和可选属性。 LDAP 模式还可以指定命名空间结构以及不同类型对象之间的关系。
为了保持简单,只需修改位于
/etc/openldap/schema/中的架构,不要尝试实现动态架构。还有第二种解决方案,如果您的网络中有 Windows 服务器,则就 Active Directory 而言,该解决方案并不昂贵,而且可能更简单。该解决方案在 W2K3 上称为 ADAM(Active Directory 应用程序模式)或在 W2K8 上称为 LDS(Lightweigh Directory Server)。这两种产品都是免费的。 ADAM 和 LDS 是 Active Directory 的二进制文件,可用于构建应用程序目录,只需单击几下即可准备就绪并能够使用。在它们上实现 AD 模式很容易。您甚至可以将它们与现有的 AD 同步并将它们用作代理。
If you want to use OpenLDAP with Active-Directory attributes, the first thing you need to do is to modify the OpenLDAP schema. There is a "faq-O-Matic" which explain that on OpenLDAP site.
The schema of your Directory defines a set of rules, which specify types of objects a directory may contain and the required and optional attributes entries of different types should have. A LDAP schema may also specify the namespace structure and the relationship between different types of objects.
To stay simple just modify the Schema which is located in
/etc/openldap/schema/and do not try to implement a dynamic schema.There is a second solution, which is not expensive and perhaps more simple as far as Active directory is concerned, if you have Windows servers in your network. This solution is called ADAM (Active Directory Application Mode) on W2K3 or LDS (Lightweigh Directory Server) on W2K8. These two products are free. ADAM and LDS are the binary of Active Directory you can use to build application directories, and they are ready and able in a few clicks. It's easy to implement AD schema on them. You can even synchronize them with an existing AD and use them as proxy.