从IQ 16版本开始，客户端登陆IQ Server时除了能够使用IQ自己的用户认证机制（这种机制叫做Standard方式）外还可以使用外部的LDAP Server进行身份认证（这种机制叫做LDAPUA）。为了实现LDAPUA这种认证方式，需要有一个外部的LDAP Server，IQ 16数据库，然后需要进行配置。  
    在这篇文章中，首先向大家介绍LDAP Server的安装和配置方法。在后续的两篇文章中向大家介绍构建一个IQ 16示例数据库的方法，这个数据库将采用LDAPUA用户认证方式；最后介绍LDAPUA的配置方法。
    考虑到商业LDAP Server的License问题，本文将使用开源的LDAP Server OpenDJ。

1. OpenDJ简介
    OpenDJ是一个使用Java开发的支持LDAP V3的开源LDAP Server。其主页为：
            
  
    在其网站中有各种文档和相关LDAP Server软件的下载等。

2. OpenDJ安装 

    环境要求：
       (1) Linux 操作系统，内核2.6 以上
       (2) Java运行时环境：Java 6(Update 10以上) 或 Java 7

    安装步骤如下：
       (1) 从OpenDJ网站下载zip形式的LDAP Server软件包，这里使用的是OpenDJ-2.7.0-20130814.zip
       (2) 创建OS账号opendj和用户组ldap
            groupadd ldap
            useradd -m -g ldap opendj
            修改.bash_profile，使得PATH环境变量指向符合要求的java环境（这里我使用的是SAP SYBASE IQ 15.4带的Java 6 Update 24版本）
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=/opt/sybiq/15.4/shared/JRE-6_0_24_64BIT/bin:$PATH:$HOME/bin

export PATH

        (3) 使用opendj用户登陆，解压软件：
             su - opendj
            unzip OpenDJ-2.7.0-20130814.zip    #把zip包放用户的home目录中(即/home/opendj)
       (4) 以root用户登陆，修改 /etc/security/limits.conf文件，增加如下两行：
             opendj          soft    nofile 65536
             opendj          hard    nofile 131072
       (5) 命令行方式安装opendj LDAP Server
             su - opendj
             cd opendj
            启动命令行安装：  ./setup --cli    
            按照提示进行安装，下面是我安装时的交互过程信息输出：

[opendj@DBNode1 opendj]$ ./setup --cli

What would you like to use as the initial root user DN for the Directory
Server? [cn=Directory Manager]:

Please provide the password to use for the initial root user:
Please re-enter the password for confirmation:

Provide the fully-qualified directory server host name that will be used when
generating self-signed certificates for LDAP SSL/StartTLS, the administration
connector, and replication [DBNode1]:

On which port would you like the Directory Server to accept connections from
LDAP clients? [1389]:

On which port would you like the Administration Connector to accept
connections? [4444]:

Do you want to create base DNs in the server? (yes / no) [yes]:

Provide the base DN for the directory data: dc=example,dc=com
Options for populating the database:

    1)  Only create the base entry
    2)  Leave the database empty
    3)  Import data from an LDIF file
    4)  Load automatically-generated sample data

Enter choice [1]: 4
Please specify the number of user entries to generate: [2000]: 100

Do you want to enable SSL? (yes / no) [no]: no

Do you want to enable Start TLS? (yes / no) [no]: no

Do you want to start the server when the configuration is completed? (yes /
no) [yes]: yes

Setup Summary
=============
LDAP Listener Port:            1389
Administration Connector Port: 4444
LDAP Secure Access:            disabled
Root User DN:                  cn=Directory Manager
Directory Data:                Create New Base DN dc=example,dc=com.
Base DN Data: Import Automatically-Generated Data (100 Entries)

Start Server when the configuration is completed

What would you like to do?

    1)  Set up the server with the parameters above
    2)  Provide the setup parameters again
    3)  Print equivalent non-interactive command-line
    4)  Cancel and exit

Enter choice [1]: 1

See /tmp/opendj-setup-7027073622889236502.log for a detailed log of this operation.

Configuring Directory Server ..... Done.
Importing Automatically-Generated Data (100 Entries) ..................................... Done.
Starting Directory Server ............... Done.

To see basic server configuration status and configuration you can launch /home/opendj/opendj/bin/status

     (6)到此，我们完成了opendj LDAP Server的安装。下面我们执行status校验opendj的状态：
         su - opendj
         cd opendj/bin
         ./status
         输入安装时指定的管理员用户及口令，status输出opendj的状态信息，例如：

          --- Server Status ---
Server Run Status:        Started
Open Connections:         1

          --- Server Details ---
Host Name:                DBNode1
Administrative Users:     cn=Directory Manager
Installation Path:        /home/opendj/opendj
Version:                  OpenDJ 2.7.0-20130814
Java Version:             1.6.0_24
Administration Connector: Port 4444 (LDAPS)

          --- Connection Handlers ---
Address:Port : Protocol : State
-------------:----------:---------
--           : LDIF     : Disabled
0.0.0.0:161  : SNMP     : Disabled
0.0.0.0:636  : LDAPS    : Disabled
0.0.0.0:1389 : LDAP     : Enabled
0.0.0.0:1689 : JMX      : Disabled
0.0.0.0:8080 : HTTP     : Disabled

          --- Data Sources ---
Base DN:     dc=example,dc=com
Backend ID:  userRoot
Entries:     102
Replication:

 3. 使用OpenDJ管理工具control-panel创建示例用户 
     在本示例中需要创建两个用户，一个是iqadmin，另一个是iquser1用户。使用opendj提供的图形化工具control-panel创建他们。
     (1) 启动control-panel

          su - opendj
          cd opendj/bin
          ./control-panel   #需要有x-window环境
     (2) 创建两个用户iqadmin和iquser1，他们的dn为:
cn=iqadmin,ou=People,dc=example,dc=com
cn=iquser1,ou=People,dc=example,dc=com
          uid分别为：iqadmin和iquser1，口令分别为：123456和111111