====== OpenLDAP auf Ubuntu 16.04 ======
OpenLDAP muss getrennt von untermStrich installiert und konfiguriert werden. Dieses Serverprogramm steht nicht unter der Kontrolle der untermStrich Software GmbH. Die untermStrich Software GmbH kann daher auch __keine Gewähr__ und __keinen Support__ dazu anbieten.
===== Installieren =====
apt-get install slapd ldap-utils
===== Einrichten =====
==== Passwort erstellen ====
slappasswd
Kopieren Sie sich die Ausgabe!
New password:
Re-enter new password:
....
==== slapd Konfigurieren ====
cd /etc/ldap/
vi slapd.conf
# This is the main slapd configuration file. See slapd.conf for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
# allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/mozillaorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpus that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
#######################################################################
database hdb
# The base of your directory in database #1
suffix "dc=usdemo,dc=local"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=root,dc=usdemo,dc=local"
rootpw ####INSERT OUTPUT OF slappasswd HERE###
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
dbnosync
==== slapd Neu starten ====
service slapd stop
# Das bestehende LDAP Verzeichnis /etc/ldap/slapd.d umbenennen
mv /etc/ldap/slapd.d /etc/ldap/slapd.d.orig
# Das Verzeichnis wieder anlegen
mkdir /etc/ldap/slapd.d
# Über slaptest kann man das neue Verzeichnis mit allem Notwendigen befüllen lassen
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
# Bei Problemen
slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
# Noch die Rechte anpassen
chown openldap:openldap -R slapd.d
chown openldap:openldap -R /var/run/slapd/
# Dann kann man das Service wieder starten
service slapd start
==== Anpassung der ldap.conf ====
vi ldap.conf
ldap_version 3
URI ldap://usdemo.local
SIZELIMIT 0
TIMELIMIT 0
DEREF never
BASE dc=usdemo, dc=local
:!: Achten Sie darauf, dass der Rechner wirklich usdemo.local heißt.
===== Wenn noch Problem auftreten =====
Zum testen:
service slapd stop
slapd -u openldap -g openldap -F /etc/ldap/slapd.d -f /etc/ldap/slapd.conf -d -1
# Abbruch
service slapd start