日期:2014-05-17  浏览次数:20760 次

如何在Windows下安装IBM所用的UD
IBM的大多Web项目都是使用LDAP来做用户认证,而其中很多又是使用一种名叫UD(Unify Directory)的LDAP服务器。我初到IBM工作时,我所在项目开发所用的测试服务器都是用美国的,感觉很不方便,心里想,为什么不可以直接在本地安装一个LDAP服务器呢?带这个疑问,我在这个项目组工作了一年多。终于有一天我成功地在我本地电脑上安装了一个和美国完全一样的LDAP测试服务器。从此,我再不需要连到美国去才能起动我的WAS或WPS了。感觉真好啊!

以下便是我在本地安装这个UD的全过程,希望对大家有所帮助:

首先列一下安装UD所需的全部文件:

所需软件:

1. openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe

2. LDAP-Browser-2.8.2.zip

这两个软件都是属于开源软件,不涉及版权问题,可以自由使用。

配置文件:

1. [open_ladp_root]/slapd.conf

2. [open_ladp_root]/schema/ud.schema

3. [ldap_browser_root]/localhost.cfg

LDAP测试用户数据:[ldap_browser_root]/ibm.ldif

以上文件均包含在本文的附件中。
请点击:
下载。

Pathes中包含所需的配置文件1和2。
而配置文件3和测试用户数据文件则已包含在了LDAP-Browser-2.8.2.zip中。

下面让我们来开始安装:

第一步:运行openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe,按照默认选项完成openldap服务器的安装。

第二步:编辑slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path	./ucdata
include		./schema/core.schema
include     ./schema/cosine.schema
include     ./schema/misc.schema
include     ./schema/inetorgperson.schema
include     ./schema/ud.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap:/root.openldap.org

pidfile		./run/slapd.pid
argsfile	./run/slapd.args

# Load dynamic backend modules:
# modulepath	./libexec/openldap
# moduleload	back_bdb.la
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"o=ibm.com"
rootdn		"cn=Manager,o=ibm.com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	./data
# Indices to maintain
index	objectClass	eq



第三步:创建ud.schema


# Unify Directory schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.68.2.6 2005/01/20 17:01:18 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDA