Global user management
6.2
Configuring an openLDAP server
Configuring an openLDAP server
6.2.1 Base configuration of openLDAP
A RedHat Enterprise Linux Server is taken as a basis. The services required were selected during system installation (openLDAP Server packages).
Set up openLDAP as a system service.
After installation is complete the configuration files are located at /etc/openldap .
Open the file slapd.conf
and edit the following entries to create the base structure of the domain: database bdb suffix "dc=<MY-DOMAIN>,dc=<COM>" rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" rootpw secret directory /usr/local/var/openldap-data
For example edit the lines to: database bdb suffix "dc=testdomain2,dc=local" rootdn "cn=Manager,dc=testdomain2,dc=local" rootpw testen directory /usr/local/var/openldap-data
To apply the changes just restart LDAP using the command:
# service ldap restart
In order to connect to the domain it is necessary to set up a base structure. This is done by using the ldapadd command and an ldif configuration file. Because there is no sample configuration file in /etc/openldap / you must create one from scratch.
Create a new file named <my-name>.ldif
, e.g. in this example testdomain2.ldif
, open it with an editor of your choice and create the following content: dn: dc=<MY-DOMAIN>,dc=<COM> objectclass: dcObject objectclass: organization o: <EXAMPLE ORGANISATION> dc: <MY-DOMAIN> dn: cn=<ACCOUNTNAME>,dc=<MY-DOMAIN>,dc=<COM> objectclass: organizationalRole cn: <ACCOUNTNAME>
Or as in the example: dn: dc=testdomain2,dc=local objectclass: dcObject objectclass: organization o: TestOrganization dc: testdomain2 dn: cn=Manager,dc=testdomain2,dc=local objectclass: organizationalRole cn: Manager
The first part will create the base domain structure and the second part an administrator account.
After the file is saved the structure can be created by ldapadd using the following command:
# ldapadd -x -D "cn=<ACCOUNTNAME>,dc=<MY-DOMAIN>,dc=<COM>" -W -f example.ldif
ServerView BX400 Management Blade 77