在ubuntu openldap中新建root dit

Ubuntu使用ldif文件代替conf文件配置sldap，所以没有sldap.conf，要想新建一个域，需要新建一个database然后添加DN

数据库配置模板：

dn: olcDatabase={2}hdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {2}hdbolcDbDirectory: /var/lib/ldap/foo.barolcSuffix: dc=devit,dc=cnolcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="cn=admin,dc=foo,dc=bar" write by * noneolcAccess: {1}to dn.base="" by * readolcAccess: {2}to * by self write by dn="cn=admin,dc=foo,dc=bar" write by  * readolcLastMod: TRUEolcRootDN: cn=admin,dc=foo,dc=barolcRootPW:: e1NTSEF9UXpjR2V3M2dnUVkwd21zV2xoaVQ0WkprSUNCWFgyUjM=olcDbCheckpoint: 512 30olcDbConfig: {0}set_cachesize 0 2097152 0olcDbConfig: {1}set_lk_max_objects 1500olcDbConfig: {2}set_lk_max_locks 1500olcDbConfig: {3}set_lk_max_lockers 1500olcDbIndex: objectClass eq

执行，以创建数据库

ldapadd -Q -Y EXTERNAL -H ldapi:// -f 1.ldifmkdir：sudo -u openldap mkdir /var/lib/ldap/foo.barcp config： sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/foo.bar/vim /etc/apparmor.d/local/usr.sbin.slapd/var/lib/ldap/foo.bar/ r,/var/lib/ldap/foo.bar/** rwk,service apparmor reloadservice sldap restartvim 2.ldif# Create top-level object in domaindn: dc=devit,dc=cnobjectClass: topobjectClass: dcObjectobjectclass: organizationo: Example Organizationdc: devitdescription: LDAP Example# Admin user.dn: cn=admin,dc=devit,dc=cnobjectClass: simpleSecurityObjectobjectClass: organizationalRolecn: admindescription: LDAP administratoruserPassword: 1234#ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldifldapadd -x -D cn=admin,dc=foo,dc=bar -W -f 2.ldif