doc:appunti:linux:sa:sldap_2_5
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
doc:appunti:linux:sa:sldap_2_5 [2023/12/02 11:15] – [Adding a second (new) database] niccolo | doc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:29] – [Enable SSL] niccolo | ||
---|---|---|---|
Line 14: | Line 14: | ||
FIXME La **[[https:// | FIXME La **[[https:// | ||
+ | |||
+ | Per ripristinare il servizio si sono eseguite ex-nove tutte le operazoni necessarie, in particolare: | ||
+ | |||
+ | * Caricato lo schema **mozillaAbPersonAlpha**. | ||
+ | * Creato il database #2 per gestire il suffisso **ou=Addressbook, | ||
+ | * Creata la organizationalUnit **Addressbook**. | ||
+ | * Creata la inetOrgPerson **cn=guest**. | ||
+ | * Caricate tutte le entry objectClass **mozillaAbPersonAlpha**. | ||
===== (Re)installation from scratch ===== | ===== (Re)installation from scratch ===== | ||
Line 34: | Line 42: | ||
Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: | Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: | ||
+ | |||
+ | ===== Enable SSL ===== | ||
+ | |||
+ | Create a self signed certificate or get it from some provider, like **[[https:// | ||
+ | |||
+ | Create the following file **config-ssl.ldif**: | ||
+ | |||
+ | < | ||
+ | dn: cn=config | ||
+ | changetype: modify | ||
+ | replace: olcTLSCertificateFile | ||
+ | olcTLSCertificateFile: | ||
+ | - | ||
+ | replace: olcTLSCertificateKeyFile | ||
+ | olcTLSCertificateKeyFile: | ||
+ | - | ||
+ | replace: olcTLSCACertificatePath | ||
+ | olcTLSCACertificatePath: | ||
+ | </ | ||
+ | |||
+ | and load it into the slapd 2.5 configuration: | ||
+ | |||
+ | < | ||
+ | ldapmodify -Y EXTERNAL -H ldapi:/// -f config-ssl.ldif | ||
+ | </ | ||
===== Adding a second (new) database ===== | ===== Adding a second (new) database ===== | ||
Line 155: | Line 188: | ||
The upgrade process created a backup of the existing LDAP database into the **/ | The upgrade process created a backup of the existing LDAP database into the **/ | ||
- | Beware that the restore will be not a perfect copy of the previous database. Several | + | Beware that the restore will be not a perfect copy of the previous database. Several |
* structuralObjectClass | * structuralObjectClass | ||
Line 170: | Line 203: | ||
ldapadd -x -W -D " | ldapadd -x -W -D " | ||
</ | </ | ||
+ | |||
+ | In the following three paragraphs we will see what is needed for a full restore. | ||
+ | |||
==== Create the Addressbook organizationalUnit ==== | ==== Create the Addressbook organizationalUnit ==== | ||
Line 215: | Line 251: | ||
</ | </ | ||
+ | ==== Testing an ldapsearch ==== | ||
+ | |||
+ | Finally you can test if the LDAP database is working doing a full search with **ldapsearch**: | ||
+ | |||
+ | <code bash> | ||
+ | ldapsearch -W \ | ||
+ | -H ldap:// | ||
+ | -D " | ||
+ | -b ' | ||
+ | </ | ||
+ | |||
+ | The **ldap** protocol is on port **389/ | ||
===== Web References ===== | ===== Web References ===== | ||
doc/appunti/linux/sa/sldap_2_5.txt · Last modified: 2023/12/02 12:31 by niccolo