Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

Table of Contents

Installing OpenLDAP Software

...

Code Block
slapdconf set-server-prop olcTLSCACertificateFile:/etc/ldap/tls/cacert.pem
slapdconf set-server-prop olcTLSCertificateFile:/etc/ldap/tls/triglav.nlight.eu-cert.pem
slapdconf set-server-prop olcTLSCertificateKeyFile:/etc/ldap/tls/triglav.nlight.eu-privkey.pem
slapdconf set-server-prop olcTLSCipherSuite:NORMAL

 


Initializing OpenLDAP

The database and suffix might have been created during software installation. To check if that is the case use the following command:

...

Code Block
title/etc/default/slapd
 SLAPD_SERVICES="ldap://0.0.0.0:1389/ ldapi:///"

 


Symas OpenLDAP has the specification of ports in /opt/symas/etc/openldap/symas-openldap.conf

Code Block
title/opt/symas/etc/openldap/symas-openldap.conf
 HOST_LIST="ldap://0.0.0.0:1389/"

 


Creating the Database and Suffix

...

This command creates a directory for the new database and sets correct permissions. The last line creates the database and suffix in the server.

You may need to set maximum database size:

Code Block
$ slapdconf set-suffix-prop dc=example,dc=com olcDbMaxSize:100000000


Setting up Overlays

Code Block
slapdconf add-module sssvlv
slapdconf add-overlay dc=example,dc=com sssvlv

...

Code Block
slapdconf add-module refint
slapdconf  add-overlay dc=example,dc=com refint olcRefintConfig 'olcRefintAttribute:memberof member manager owner'

 


Populating the Suffix

When the suffix is created it is completely empty. Not even the base object is there. The following command creates the basic objects of the suffix:

...

Note

Make sure that the empty line is really empty and that it does not contains spaces or any white characters.

 


Use the following command (as root):

...

Code Block
slapdconf edit-suffix-acis dc=example,dc=com

 


Setting Up Limits

Code Block
titlelimits.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcLimits
olcLimits: dn.exact="cn=idm,ou=Administrators,dc=example,dc=com" size.prtotal=unlimited

...

Code Block
slapdconf set-suffix-prop dc=example,dc=com 'olcLimits:dn.exact="cn=idm,ou=Administrators,dc=example,dc=com" size.prtotal=unlimited'

 


Setting up password policy

...

Code Block
ldapadd -Y EXTERNAL -H ldapi:/// -f pwpolicy.ldif
slapdconf set-overlay-prop dc=example,dc=com ppolicy olcPPolicyDefault:cn=pwpolicy,dc=example,dc=com

 


How to install both Ubuntu OpenLDAP and Symas OpenLDAP

...