[97c2592] | 1 | <sect2>
|
---|
[9a9a0fec] | 2 | <title>Configuring Open<acronym>LDAP</acronym></title>
|
---|
[97c2592] | 3 |
|
---|
[178f7b4] | 4 | <sect3><title>Config files</title>
|
---|
| 5 | <para><filename>/etc/openldap/*</filename></para>
|
---|
| 6 | </sect3>
|
---|
| 7 |
|
---|
| 8 | <sect3><title>Configuration Information</title>
|
---|
| 9 |
|
---|
[52c43b42] | 10 | <para>The only configuration needed for
|
---|
| 11 | <application>Open<acronym>LDAP</acronym></application> is
|
---|
[9a9a0fec] | 12 | to run <command>ldconfig</command>. The <acronym>LDAP</acronym> server
|
---|
| 13 | can be started by <command>/usr/sbin/slapd</command> as described in
|
---|
[44a3b4f] | 14 | the man page slapd(8). You can verify that <acronym>LDAP</acronym> is
|
---|
| 15 | running with <command>ps aux</command> and you can verify access to the
|
---|
| 16 | <acronym>LDAP</acronym> server with the following command:</para>
|
---|
| 17 | <screen><userinput><command>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</command></userinput></screen>
|
---|
| 18 |
|
---|
| 19 | <para>The correct result is:</para>
|
---|
| 20 | <screen><computeroutput># extended LDIF
|
---|
| 21 | #
|
---|
| 22 | # LDAPv3
|
---|
[3539dab] | 23 | # base <> with scope base
|
---|
[44a3b4f] | 24 | # filter: (objectclass=*)
|
---|
| 25 | # requesting: namingContexts
|
---|
| 26 | #
|
---|
| 27 |
|
---|
| 28 | #
|
---|
| 29 | dn:
|
---|
| 30 | namingContexts: dc=my-domain,dc=com
|
---|
| 31 |
|
---|
| 32 | # search result
|
---|
| 33 | search: 2
|
---|
| 34 | result: 0 Success
|
---|
| 35 |
|
---|
| 36 | # numResponses: 2
|
---|
| 37 | # numEntries: 1</computeroutput></screen>
|
---|
| 38 |
|
---|
| 39 | <para>Kill the server with this command:</para>
|
---|
| 40 | <screen><userinput><command>kill -INT `cat /var/lib/slapd.pid`</command></userinput></screen>
|
---|
| 41 |
|
---|
| 42 | <para>You are now ready to modify the
|
---|
| 43 | <filename>/etc/openldap/slapd.conf</filename> to be specific to your
|
---|
| 44 | installation.</para>
|
---|
| 45 |
|
---|
| 46 | <para><emphasis>Utilizing <application>GDBM</application></emphasis></para>
|
---|
[9a9a0fec] | 47 |
|
---|
[52c43b42] | 48 | <para>To utilize <application>GDBM</application> as the database
|
---|
[44a3b4f] | 49 | backend, the "database" entry in <filename>/etc/openldap/slapd.conf</filename>
|
---|
[52c43b42] | 50 | must be changed from "bdb" to "ldbm". You can use both by creating an
|
---|
[44a3b4f] | 51 | additional database section in <filename>/etc/openldap/slapd.conf</filename>.</para>
|
---|
| 52 |
|
---|
| 53 | <para><emphasis>Securing your <acronym>LDAP</acronym> server</emphasis></para>
|
---|
[52c43b42] | 54 |
|
---|
| 55 | <para>Significant configuration is needed for
|
---|
| 56 | <application>Open<acronym>LDAP</acronym></application> to utilized
|
---|
| 57 | security features. The <ulink
|
---|
| 58 | url="http://www.openldap.org/doc/admin21/">OpenLDAP 2.1 Administrator's
|
---|
[44a3b4f] | 59 | Guide</ulink> is a good place to start for access control settings,
|
---|
| 60 | running as a user other than root and setting a chroot environment.</para>
|
---|
| 61 |
|
---|
| 62 | <para><emphasis>User Tools</emphasis></para>
|
---|
[52c43b42] | 63 |
|
---|
[9a9a0fec] | 64 | <para>Data can be added to the <acronym>LDAP</acronym> database via
|
---|
| 65 | <command>ldapadd</command>. There are other programs that can use
|
---|
| 66 | the database. For more information see the appropriate man page.</para>
|
---|
[97c2592] | 67 |
|
---|
[44a3b4f] | 68 | <para><emphasis><application>Mozilla</application> Address Directory</emphasis></para>
|
---|
| 69 |
|
---|
| 70 | <para>By default, LDAPv2 support is disabled in the
|
---|
| 71 | <filename>slapd.conf</filename> file. Once the database is properly
|
---|
| 72 | setup and <application>Mozilla</application> is configured to use the
|
---|
| 73 | directory, you must add <option>allow bind_v2</option> to the
|
---|
| 74 | <filename>slapd.conf</filename> file.</para>
|
---|
| 75 |
|
---|
| 76 |
|
---|
[178f7b4] | 77 | </sect3>
|
---|
| 78 |
|
---|
[9a9a0fec] | 79 | </sect2>
|
---|