1 | <sect2>
|
---|
2 | <title>Configuring Open<acronym>LDAP</acronym></title>
|
---|
3 |
|
---|
4 | <sect3><title>Config files</title>
|
---|
5 | <para><filename>/etc/openldap/*</filename></para>
|
---|
6 | </sect3>
|
---|
7 |
|
---|
8 | <sect3><title>Configuration Information</title>
|
---|
9 |
|
---|
10 | <para>The only configuration needed for
|
---|
11 | <application>Open<acronym>LDAP</acronym></application> is
|
---|
12 | to run <command>ldconfig</command>. The <acronym>LDAP</acronym> server
|
---|
13 | can be started by <command>/usr/sbin/slapd</command> as described in
|
---|
14 | the man page slapd(8). You can verify that <acronym>LDAP</acronym> is
|
---|
15 | running with <command>ps aux</command> and you can verify access to the
|
---|
16 | <acronym>LDAP</acronym> server with the following command:</para>
|
---|
17 | <screen><userinput><command>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</command></userinput></screen>
|
---|
18 |
|
---|
19 | <para>The correct result is:</para>
|
---|
20 | <screen><computeroutput># extended LDIF
|
---|
21 | #
|
---|
22 | # LDAPv3
|
---|
23 | # base <> with scope base
|
---|
24 | # filter: (objectclass=*)
|
---|
25 | # requesting: namingContexts
|
---|
26 | #
|
---|
27 |
|
---|
28 | #
|
---|
29 | dn:
|
---|
30 | namingContexts: dc=my-domain,dc=com
|
---|
31 |
|
---|
32 | # search result
|
---|
33 | search: 2
|
---|
34 | result: 0 Success
|
---|
35 |
|
---|
36 | # numResponses: 2
|
---|
37 | # numEntries: 1</computeroutput></screen>
|
---|
38 |
|
---|
39 | <para>Kill the server with this command:</para>
|
---|
40 | <screen><userinput><command>kill -INT `cat /var/lib/slapd.pid`</command></userinput></screen>
|
---|
41 |
|
---|
42 | <para>You are now ready to modify the
|
---|
43 | <filename>/etc/openldap/slapd.conf</filename> to be specific to your
|
---|
44 | installation.</para>
|
---|
45 |
|
---|
46 | <para><emphasis>Utilizing <application>GDBM</application></emphasis></para>
|
---|
47 |
|
---|
48 | <para>To utilize <application>GDBM</application> as the database
|
---|
49 | backend, the "database" entry in <filename>/etc/openldap/slapd.conf</filename>
|
---|
50 | must be changed from "bdb" to "ldbm". You can use both by creating an
|
---|
51 | additional database section in <filename>/etc/openldap/slapd.conf</filename>.</para>
|
---|
52 |
|
---|
53 | <para><emphasis>Securing your <acronym>LDAP</acronym> server</emphasis></para>
|
---|
54 |
|
---|
55 | <para>Significant configuration is needed for
|
---|
56 | <application>Open<acronym>LDAP</acronym></application> to utilized
|
---|
57 | security features. The <ulink
|
---|
58 | url="http://www.openldap.org/doc/admin21/">OpenLDAP 2.1 Administrator's
|
---|
59 | Guide</ulink> is a good place to start for access control settings,
|
---|
60 | running as a user other than root and setting a chroot environment.</para>
|
---|
61 |
|
---|
62 | <para><emphasis>User Tools</emphasis></para>
|
---|
63 |
|
---|
64 | <para>Data can be added to the <acronym>LDAP</acronym> database via
|
---|
65 | <command>ldapadd</command>. There are other programs that can use
|
---|
66 | the database. For more information see the appropriate man page.</para>
|
---|
67 |
|
---|
68 | <para><emphasis><application>Mozilla</application> Address Directory</emphasis></para>
|
---|
69 |
|
---|
70 | <para>By default, LDAPv2 support is disabled in the
|
---|
71 | <filename>slapd.conf</filename> file. Once the database is properly
|
---|
72 | setup and <application>Mozilla</application> is configured to use the
|
---|
73 | directory, you must add <option>allow bind_v2</option> to the
|
---|
74 | <filename>slapd.conf</filename> file.</para>
|
---|
75 |
|
---|
76 |
|
---|
77 | </sect3>
|
---|
78 |
|
---|
79 | </sect2>
|
---|