OpenLDAP installation and configuration

The educational technology and digital learning wiki
Jump to navigation Jump to search

Draft

Introduction

OpenLDAP is the most popular free LDAP server.

Configuration notes for solaris 10

There is an OpenLDAP version included in a typical installation. You can find it here: 

/opt/sfw
/opt/sfw/sbin  - links to binaries
/opt/sfw/libexec - binaries
/opt/sfw/etc/openldap - configuration files
/opt/sfw/var/openldap-data - default data 
/opt/sfw/var/run - PID of the server
Binaires in /opt/sfw/sbin
slapadd -> ../libexec/slapd
slapcat -> ../libexec/slapd
slapdn -> ../libexec/slapd
slapindex -> ../libexec/slapd
slappasswd -> ../libexec/slapd
slaptest -> ../libexec/slapd
slapcat -> ../libexec/slapd
slapdn -> ../libexec/slapd
slapindex -> ../libexec/slapd
slappasswd -> ../libexec/slapd
slaptest -> ../libexec/slapd

The configuration file

Location: 

/opt/sfw/etc/openldap/sladpd.conf

You will have to define

  • What schemas to load in
  • Where datafiles and pidfile etc. go
  • What users are allowed to do

Here is a fictional example (comments taken away from the original): 

include		/opt/sfw/etc/openldap/schema/core.schema
include		/opt/sfw/etc/openldap/schema/cosine.schema
include		/opt/sfw/etc/openldap/schema/inetorgperson.schema
include		/opt/sfw/etc/openldap/schema/nis.schema
# Add your own
include		/opt/sfw/etc/openldap/schema/tecfa.schema

pidfile		/opt/sfw/var/run/slapd.pid
argsfile	/opt/sfw/var/run/slapd.args

security ssf=1 update_ssf=112 simple_bind=64

access to attr=userpassword
            by self write
            by anonymous auth
access to *
            by self write
            by users read
	    by anonymous read
database	bdb
# Suffix and root dn, adjust to your own organization
suffix		"o=tecfa.unige.ch"
rootdn		"uid=root, o=tecfa.unige.ch"
rootpw		secret
directory	/opt/sfw/var/openldap-data
index	objectClass	eq

You may want to put the data and schema files in some other place than the default, since you may by mistake kill them after an upgrade of the system. e.g. I used /var/openldap instead of /open/sfw/var/

Importing an LDIF file

/opt/sfw/sbin/slapadd

The startup script

To start/stop automatically the server you can write a script like this, put it in /etc/init.d and then make links from /etc/rc3.d, /etc/rc0.d etc.
Retrieved from "https://edutechwiki.unige.ch/mediawiki/index.php?title=OpenLDAP_installation_and_configuration&oldid=16821"