OpenLDAP installation and configuration: Difference between revisions
Jump to navigation
Jump to search
m (using an external editor) |
m (using an external editor) |
||
| Line 28: | Line 28: | ||
slappasswd -> ../libexec/slapd | slappasswd -> ../libexec/slapd | ||
slaptest -> ../libexec/slapd | slaptest -> ../libexec/slapd | ||
=== The configuration file === | |||
Location: | |||
/opt/sfw/etc/openldap/sladpd.conf | |||
You will have to define | |||
* What schemas to load in | |||
* Where datafiles and pidfile etc. go | |||
* What users are allowed to do | |||
Here is a fictional example (comments taken away from the original): | |||
<pre> | |||
include /opt/sfw/etc/openldap/schema/core.schema | |||
include /opt/sfw/etc/openldap/schema/cosine.schema | |||
include /opt/sfw/etc/openldap/schema/inetorgperson.schema | |||
include /opt/sfw/etc/openldap/schema/nis.schema | |||
# Add your own | |||
include /opt/sfw/etc/openldap/schema/tecfa.schema | |||
pidfile /opt/sfw/var/run/slapd.pid | |||
argsfile /opt/sfw/var/run/slapd.args | |||
security ssf=1 update_ssf=112 simple_bind=64 | |||
access to attr=userpassword | |||
by self write | |||
by anonymous auth | |||
access to * | |||
by self write | |||
by users read | |||
by anonymous read | |||
database bdb | |||
# Suffix and root dn, adjust to your own organization | |||
suffix "o=tecfa.unige.ch" | |||
rootdn "uid=root, o=tecfa.unige.ch" | |||
rootpw secret | |||
directory /opt/sfw/var/openldap-data | |||
index objectClass eq | |||
</pre> | |||
You may want to put the data and schema files in some other place than the default, since you may by mistake kill them after an upgrade of the system. e.g. I used /var/openldap instead of /open/sfw/var/ | |||
=== Importing an LDIF file === | === Importing an LDIF file === | ||
Revision as of 15:12, 9 January 2008
Introduction
OpenLDAP is the most popular free LDAP server.
Configuration notes for solaris 10
There is an OpenLDAP version included in a typical installation. You can find it here:
/opt/sfw /opt/sfw/sbin - links to binaries /opt/sfw/libexec - binaries /opt/sfw/etc/openldap - configuration files /opt/sfw/var/openldap-data - default data /opt/sfw/var/run - PID of the server
- Binaires in /opt/sfw/sbin
slapadd -> ../libexec/slapd slapcat -> ../libexec/slapd slapdn -> ../libexec/slapd slapindex -> ../libexec/slapd slappasswd -> ../libexec/slapd slaptest -> ../libexec/slapd slapcat -> ../libexec/slapd slapdn -> ../libexec/slapd slapindex -> ../libexec/slapd slappasswd -> ../libexec/slapd slaptest -> ../libexec/slapd
The configuration file
Location:
/opt/sfw/etc/openldap/sladpd.conf
You will have to define
- What schemas to load in
- Where datafiles and pidfile etc. go
- What users are allowed to do
Here is a fictional example (comments taken away from the original):
include /opt/sfw/etc/openldap/schema/core.schema
include /opt/sfw/etc/openldap/schema/cosine.schema
include /opt/sfw/etc/openldap/schema/inetorgperson.schema
include /opt/sfw/etc/openldap/schema/nis.schema
# Add your own
include /opt/sfw/etc/openldap/schema/tecfa.schema
pidfile /opt/sfw/var/run/slapd.pid
argsfile /opt/sfw/var/run/slapd.args
security ssf=1 update_ssf=112 simple_bind=64
access to attr=userpassword
by self write
by anonymous auth
access to *
by self write
by users read
by anonymous read
database bdb
# Suffix and root dn, adjust to your own organization
suffix "o=tecfa.unige.ch"
rootdn "uid=root, o=tecfa.unige.ch"
rootpw secret
directory /opt/sfw/var/openldap-data
index objectClass eq
You may want to put the data and schema files in some other place than the default, since you may by mistake kill them after an upgrade of the system. e.g. I used /var/openldap instead of /open/sfw/var/
Importing an LDIF file
/opt/sfw/sbin/slapadd
The startup script
To start/stop automatically the server you can write a script like this, put it in /etc/init.d and then make links from /etc/rc3.d, /etc/rc0.d etc.