rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:sldap_2_5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
doc:appunti:linux:sa:sldap_2_5 [2023/12/02 11:11] niccolodoc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:13] – [Testing an ldapsearch] niccolo
Line 14: Line 14:
  
 FIXME La **[[https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807|Service - Migrating from OpenLDAP 2.4.x to 2.5.x]]** non ha funzionato; fallisce quando si tenta di ricaricare il database **dc=rigacci,dc=org.ldif** con il comando **slapadd**. FIXME La **[[https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807|Service - Migrating from OpenLDAP 2.4.x to 2.5.x]]** non ha funzionato; fallisce quando si tenta di ricaricare il database **dc=rigacci,dc=org.ldif** con il comando **slapadd**.
 +
 +Per ripristinare il servizio si sono eseguite ex-nove tutte le operazoni necessarie, in particolare:
 +
 +  * Caricato lo schema **mozillaAbPersonAlpha**.
 +  * Creato il database #2 per gestire il suffisso **ou=Addressbook,dc=rigacci,dc=org**.
 +  * Creata la organizationalUnit **Addressbook**.
 +  * Creata la inetOrgPerson **cn=guest**.
 +  * Caricate tutte le entry objectClass **mozillaAbPersonAlpha**.
  
 ===== (Re)installation from scratch ===== ===== (Re)installation from scratch =====
Line 43: Line 51:
 Using ''ldapadd'' to create a new database, requires the privilege to modify the ''cn=config'' database. The default Debian installation does not assign a password to the ''cn=admin,cn=config'' entry, so you cannot use a standard TCP connection to the server, you must use the **EXTERNAL SASL mechanism**. Using ''ldapadd'' to create a new database, requires the privilege to modify the ''cn=config'' database. The default Debian installation does not assign a password to the ''cn=admin,cn=config'' entry, so you cannot use a standard TCP connection to the server, you must use the **EXTERNAL SASL mechanism**.
  
-Here it is the example of an LDIF file to create a new DIT database, supposed to contain an addressbook. We will use the MDB backend and the ''/var/lib/ldap/abook/'' directory will contain the data. The database will be populated later; we will add at least the ''cn=admin,ou=Addressbook,dc=rigacci,dc=org'' item to be used as an administrator account with full privileges on the database itself. Beware that the **olcSuffix** must not be a child of an already existing database suffix (notice that we used the ''org'' top level domain instead of ''net'' used in the previous examples).+Here it is the example of an LDIF file to create a new DIT database, supposed to contain an addressbook. We will use the MDB backend and the ''/var/lib/ldap/abook/'' directory will contain the data. The database will be populated later. The item ''cn=admin,ou=Addressbook,dc=rigacci,dc=org'' is defined here and it will be used as an administrator account with full privileges on the database itself. Beware that the **olcSuffix** must not be a child of an already existing database suffix (notice that we used the ''org'' top level domain instead of ''net'' used in the previous examples).
  
 The file was named **abook-db.ldif**: The file was named **abook-db.ldif**:
Line 65: Line 73:
 </file> </file>
  
-Notice we will grant read-only privileges to an item **cn=guest** in the same LDAP tree. Before creating the database we create the destination directory and assign the required permissions:+Notice we will grant read-only privileges to an item **cn=guest** in the same LDAP tree; that item will be added into the database later. Before creating the database we create the destination directory and assign the required permissions:
  
 <code> <code>
Line 155: Line 163:
 The upgrade process created a backup of the existing LDAP database into the **/var/backups/slapd-2.4.57+dfsg-3+deb11u1/** directory. In our case there is a single file **dc=rigacci,dc=org.ldif** containing all the required entries. In the following examples we extracted from the file the logically different items to be restored. The upgrade process created a backup of the existing LDAP database into the **/var/backups/slapd-2.4.57+dfsg-3+deb11u1/** directory. In our case there is a single file **dc=rigacci,dc=org.ldif** containing all the required entries. In the following examples we extracted from the file the logically different items to be restored.
  
-Beware that the restore will be not a perfect copy of the previous database. Several items must be purged from the backup file before feeding it back to the LDAP server because they are not allowed to be set directly. They are:+Beware that the restore will be not a perfect copy of the previous database. Several tags must be purged from the backup file before feeding it back to the LDAP server because they are not allowed to be set directly. They are:
  
   * structuralObjectClass   * structuralObjectClass
Line 170: Line 178:
 ldapadd -x -W -D "cn=admin,ou=Addressbook,dc=rigacci,dc=org" -f file.ldif ldapadd -x -W -D "cn=admin,ou=Addressbook,dc=rigacci,dc=org" -f file.ldif
 </code> </code>
 +
 +In the following three paragraphs we will see what is needed for a full restore.
 +
  
 ==== Create the Addressbook organizationalUnit ==== ==== Create the Addressbook organizationalUnit ====
Line 215: Line 226:
 </file> </file>
  
 +==== Testing an ldapsearch ====
 +
 +Finally you can test if the LDAP database is working doing a full search with **ldapsearch**:
 +
 +<code bash>
 +ldapsearch -W \
 +    -H ldap://127.0.0.1/ \
 +    -D "cn=guest,ou=Addressbook,dc=rigacci,dc=org" \
 +    -b 'ou=Addressbook,dc=rigacci,dc=org'
 +</code>
 +
 +The **ldap** protocol is on port **389/tcp**, **ldaps** is on **636/tcp**.
 ===== Web References ===== ===== Web References =====
  
doc/appunti/linux/sa/sldap_2_5.txt · Last modified: 2023/12/02 12:31 by niccolo