====== OpenLDAP auf Ubuntu 16.04 ======
<wrap center round important>
OpenLDAP muss getrennt von untermStrich installiert und konfiguriert werden. Dieses Serverprogramm steht nicht unter der Kontrolle der untermStrich Software GmbH. Die untermStrich Software GmbH kann daher auch __keine Gewähr__ und __keinen Support__ dazu anbieten.
</wrap>

===== Installieren =====
<code bash>
apt-get install slapd ldap-utils
</code>

===== Einrichten =====
==== Passwort erstellen ====
<code bash>
slappasswd
</code>
<wrap round info 60%>
Kopieren Sie sich die Ausgabe!
</wrap>

<code ini>
New password: 
Re-enter new password: 
....
</code>

==== slapd Konfigurieren ====
<code bash>
cd /etc/ldap/
vi slapd.conf
</code>
<code ini>
# This is the main slapd configuration file. See slapd.conf for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
# allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/mozillaorgperson.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        none

# Where the dynamically loaded modules are stored
modulepath    /usr/lib/ldap
moduleload    back_hdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpus that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend        hdb

#######################################################################
database        hdb

# The base of your directory in database #1
suffix          "dc=usdemo,dc=local"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn          "cn=root,dc=usdemo,dc=local"
rootpw          ####INSERT OUTPUT OF slappasswd HERE###
# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts.  They do NOT override existing an existing DB_CONFIG
# file.  You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index           objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint      512 30

dbnosync
</code>

==== slapd Neu starten ====
<code bash>
service slapd stop
 
# Das bestehende LDAP Verzeichnis /etc/ldap/slapd.d umbenennen
mv /etc/ldap/slapd.d /etc/ldap/slapd.d.orig

# Das Verzeichnis wieder anlegen
mkdir /etc/ldap/slapd.d
 
# Über slaptest kann man das neue Verzeichnis mit allem Notwendigen befüllen lassen
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d

# Bei Problemen
slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d

# Noch die Rechte anpassen
chown openldap:openldap -R slapd.d
chown openldap:openldap -R /var/run/slapd/

# Dann kann man das Service wieder starten
service slapd start
</code>
 



==== Anpassung der ldap.conf ====
<code bash>
vi ldap.conf
</code>
<code ini>
ldap_version 3
URI ldap://usdemo.local
SIZELIMIT 0
TIMELIMIT 0
DEREF never
BASE dc=usdemo, dc=local
</code>

:!: Achten Sie darauf, dass der Rechner wirklich usdemo.local heißt.

===== Wenn noch Problem auftreten =====
Zum testen:
<code bash>
service slapd stop
slapd -u openldap -g openldap -F /etc/ldap/slapd.d -f /etc/ldap/slapd.conf -d -1
# Abbruch
service slapd start
</code>