|
第一步,在 AIX 5.2上的初始安装
建立用户认证所需要的所有代码都位于AIX系统安装光盘里,要求AIX的文件集bos.rte.security的版本必须是 AIX 5.2.0.2以上。首先要用AIX操作系统光盘来安装LDAP,同时也安装了DB2。需要安装的文件集如下所示:
# lslpp -l | grep ldap
cifs.base.ldap 3.1.2.0 COMMITTED Fast Connect Ldap Client
http_server.modules.ldap 1.3.19.3 COMMITTED HTTP Server LDAP Module
http_server.modules.ldap.128
ldap.client.adt 4.1.0.0 COMMITTED IBM Directory Client SDK
ldap.client.dmt 4.1.0.0 COMMITTED IBM Directory Client DMT
ldap.client.java 4.1.0.0 COMMITTED IBM Directory Client Java
ldap.client.rte 4.1.0.0 COMMITTED IBM Directory Client Runtime
ldap.html.en_US.config 4.1.0.0 COMMITTED IBM Directory Install/Config
ldap.html.en_US.man 4.1.0.0 COMMITTED IBM Directory Man Pages - U.S.
ldap.max_crypto_client.adt
ldap.max_crypto_client.java
ldap.max_crypto_client.rte
ldap.max_crypto_server.admin
ldap.max_crypto_server.com
ldap.msg.en_US 4.1.0.0 COMMITTED IBM Directory Messages - U.S.
ldap.server.admin 4.1.0.0 COMMITTED IBM Directory Server
ldap.server.cfg 4.1.0.0 COMMITTED IBM Directory Server Config
ldap.server.com 4.1.0.0 COMMITTED IBM Directory Server Framework
ldap.server.rte 4.1.0.0 COMMITTED IBM Directory Server Runtime
ldap.client.rte 4.1.0.0 COMMITTED IBM Directory Client Runtime
ldap.server.admin 4.1.0.0 COMMITTED IBM Directory Server
ldap.server.cfg 4.1.0.0 COMMITTED IBM Directory Server Config
ldap.server.com 4.1.0.0 COMMITTED IBM Directory Server Framework
#
# lslpp -l | grep db2
db2_07_01.client 7.1.0.40 COMMITTED Client Application Enabler
db2_07_01.cnvucs 7.1.0.40 COMMITTED Code Page Conversion Tables -
db2_07_01.conn 7.1.0.40 COMMITTED Connect
db2_07_01.conv.jp 7.1.0.40 COMMITTED Code Page Conversion Tables -
db2_07_01.conv.kr 7.1.0.40 COMMITTED Code Page Conversion Tables -
db2_07_01.conv.sch 7.1.0.40 COMMITTED Code Page Conversion Tables -
db2_07_01.conv.tch 7.1.0.40 COMMITTED Code Page Conversion Tables -
db2_07_01.cs.drda 7.1.0.40 COMMITTED Communication Support - DRDA
db2_07_01.cs.ipx 7.1.0.40 COMMITTED Communication Support - IPX
db2_07_01.cs.rte 7.1.0.40 COMMITTED Communication Support - TCP/IP
db2_07_01.cs.sna 7.1.0.40 COMMITTED Communication Support - SNA
db2_07_01.das 7.1.0.40 COMMITTED Administration Server
db2_07_01.db2.engn 7.1.0.40 COMMITTED Engine
db2_07_01.db2.rte 7.1.0.40 COMMITTED Run-time Environment
db2_07_01.db2.samples 7.1.0.40 COMMITTED Sample Database Source
db2_07_01.elic 7.1.0.40 COMMITTED Product Signature for UDB
db2_07_01.jdbc 7.1.0.40 COMMITTED Java Support
db2_07_01.tspf 7.1.0.40 COMMITTED Transformer Stored Procedure
From August 2003 code:
# lslpp -l bos.rte.security
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
bos.rte.security 5.2.0.10 COMMITTED Base Security Function
Path: /etc/objrepos
bos.rte.security 5.2.0.0 COMMITTED Base Security Function
第二步,在AIX5.2系统上配置服务器
注意:1.环境变量LANG是很重要的,使用不同于en_US的LANG变量可能会发生很多问题,建议执行如下命令:
# export LANG=en_US
2.要保证/home文件系统有至少35MB的空闲空间
按照下面的步骤来配置服务器和客户机
1. 运行mksecldap命令来建立服务器
这将开始给LDAP目录树分派一个密码,启动slapd子系统并且从本地的/etc/security/passwd文件里调用AIX用户,这些也能在后面手动添加。这下面的例子里我们选择使用RFC2307认证协议。
root@regatta01
[/tmp]# mksecldap -s -a cn=admin -p just4ldap -S rfc2307aix
File System size changed to 262144
Creating the directory DB2 default database.
This operation may take a few minutes.
Cannot open message catalog file ldapadm.cat.
Configuring the database.
Creating database instance: ldapdb2.
Created database instance: ldapdb2.
Starting database manager for instance: ldapdb2.
Started database manager for instance: ldapdb2.
Creating database: ldapdb2.
Created database: ldapdb2.
Updating configuration for database: ldapdb2.
Updated configuration for database: ldapdb2.
Completed configuration of the database.
IBM Directory Server Configuration complete.
Password for administrator DN cn=admin has been set.
IBM Directory Server Configuration complete.
Cannot open message catalog file slapd.cat.
Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.a.
Plugin of type PREOPERATION is successfully loaded from libDSP.a.
Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.a.
Plugin of type AUDIT is successfully loaded from /lib/libldapaudit.a.
Plugin of type AUDIT is successfully loaded from /usr/ccs/lib/libsecldapaudit.a(
shr.o).
Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
Plugin of type EXTENDEDOP is successfully loaded from libtranext.a.
Plugin of type DATABASE is successfully loaded from /lib/libback-rdbm.a.
modifying entry cn=schema
modifying entry cn=schema
migrating users/groups to LDAP server.
[1] [2] 下一页
|
