mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-27 18:02:12 +08:00
87cb494586
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2131 af4574ff-66df-0310-9fd7-8a98e5e911e0
80 lines
2.8 KiB
XML
80 lines
2.8 KiB
XML
<sect2>
|
|
<title>Configuring Open<acronym>LDAP</acronym></title>
|
|
|
|
<sect3><title>Config files</title>
|
|
<para><filename>/etc/openldap/*</filename></para>
|
|
</sect3>
|
|
|
|
<sect3><title>Configuration Information</title>
|
|
|
|
<para>The only configuration needed for
|
|
<application>Open<acronym>LDAP</acronym></application> is
|
|
to run <command>ldconfig</command>. The <acronym>LDAP</acronym> server
|
|
can be started by <command>/usr/sbin/slapd</command> as described in
|
|
the man page slapd(8). You can verify that <acronym>LDAP</acronym> is
|
|
running with <command>ps aux</command> and you can verify access to the
|
|
<acronym>LDAP</acronym> server with the following command:</para>
|
|
<screen><userinput><command>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</command></userinput></screen>
|
|
|
|
<para>The correct result is:</para>
|
|
<screen><computeroutput># extended LDIF
|
|
#
|
|
# LDAPv3
|
|
# base <> with scope base
|
|
# filter: (objectclass=*)
|
|
# requesting: namingContexts
|
|
#
|
|
|
|
#
|
|
dn:
|
|
namingContexts: dc=my-domain,dc=com
|
|
|
|
# search result
|
|
search: 2
|
|
result: 0 Success
|
|
|
|
# numResponses: 2
|
|
# numEntries: 1</computeroutput></screen>
|
|
|
|
<para>Kill the server with this command:</para>
|
|
<screen><userinput><command>kill -INT `cat /var/lib/slapd.pid`</command></userinput></screen>
|
|
|
|
<para>You are now ready to modify the
|
|
<filename>/etc/openldap/slapd.conf</filename> to be specific to your
|
|
installation.</para>
|
|
|
|
<para><emphasis>Utilizing <application>GDBM</application></emphasis></para>
|
|
|
|
<para>To utilize <application>GDBM</application> as the database
|
|
backend, the "database" entry in <filename>/etc/openldap/slapd.conf</filename>
|
|
must be changed from "bdb" to "ldbm". You can use both by creating an
|
|
additional database section in <filename>/etc/openldap/slapd.conf</filename>.</para>
|
|
|
|
<para><emphasis>Securing your <acronym>LDAP</acronym> server</emphasis></para>
|
|
|
|
<para>Significant configuration is needed for
|
|
<application>Open<acronym>LDAP</acronym></application> to utilize
|
|
security features. The <ulink
|
|
url="http://www.openldap.org/doc/admin21/">OpenLDAP 2.1 Administrator's
|
|
Guide</ulink> is a good place to start for access control settings,
|
|
running as a user other than root and setting a chroot environment.</para>
|
|
|
|
<para><emphasis>User Tools</emphasis></para>
|
|
|
|
<para>Data can be added to the <acronym>LDAP</acronym> database via
|
|
<command>ldapadd</command>. There are other programs that can use
|
|
the database. For more information see the appropriate man page.</para>
|
|
|
|
<para><emphasis><application>Mozilla</application> Address Directory</emphasis></para>
|
|
|
|
<para>By default, LDAPv2 support is disabled in the
|
|
<filename>slapd.conf</filename> file. Once the database is properly
|
|
setup and <application>Mozilla</application> is configured to use the
|
|
directory, you must add <option>allow bind_v2</option> to the
|
|
<filename>slapd.conf</filename> file.</para>
|
|
|
|
|
|
</sect3>
|
|
|
|
</sect2>
|