rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:sldap_2_5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
doc:appunti:linux:sa:sldap_2_5 [2023/12/02 11:45] – [Migrazione da HDB a MDB] niccolodoc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:29] – [Enable SSL] niccolo
Line 15: Line 15:
 FIXME La **[[https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807|Service - Migrating from OpenLDAP 2.4.x to 2.5.x]]** non ha funzionato; fallisce quando si tenta di ricaricare il database **dc=rigacci,dc=org.ldif** con il comando **slapadd**. FIXME La **[[https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807|Service - Migrating from OpenLDAP 2.4.x to 2.5.x]]** non ha funzionato; fallisce quando si tenta di ricaricare il database **dc=rigacci,dc=org.ldif** con il comando **slapadd**.
  
-Per ripristinare il servizio si sono ripetute tutte le operazoni necessarie, in particolare:+Per ripristinare il servizio si sono eseguite ex-nove tutte le operazoni necessarie, in particolare:
  
   * Caricato lo schema **mozillaAbPersonAlpha**.   * Caricato lo schema **mozillaAbPersonAlpha**.
Line 42: Line 42:
  
 Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend). Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend).
 +
 +===== Enable SSL =====
 +
 +Create a self signed certificate or get it from some provider, like **[[https://letsencrypt.org/|Let's Encrypt]]**. Copy the files into **/etc/ldap/ssl/** and give them permissions for the //openldap// user.
 +
 +Create the following file **config-ssl.ldif**:
 +
 +<file>
 +dn: cn=config
 +changetype: modify
 +replace: olcTLSCertificateFile
 +olcTLSCertificateFile: /etc/ldap/ssl/fullchain.pem
 +-
 +replace: olcTLSCertificateKeyFile
 +olcTLSCertificateKeyFile: /etc/ldap/ssl/privkey.pem
 +-
 +replace: olcTLSCACertificatePath
 +olcTLSCACertificatePath: /etc/ssl/cert
 +</file>
 +
 +and load it into the slapd 2.5 configuration:
 +
 +<code>
 +ldapmodify -Y EXTERNAL -H ldapi:/// -f config-ssl.ldif
 +</code>
  
 ===== Adding a second (new) database ===== ===== Adding a second (new) database =====
Line 232: Line 257:
 <code bash> <code bash>
 ldapsearch -W \ ldapsearch -W \
-    -H ldap://127.0.0.1/+    -H ldap://127.0.0.1/ \
     -D "cn=guest,ou=Addressbook,dc=rigacci,dc=org" \     -D "cn=guest,ou=Addressbook,dc=rigacci,dc=org" \
     -b 'ou=Addressbook,dc=rigacci,dc=org'     -b 'ou=Addressbook,dc=rigacci,dc=org'
doc/appunti/linux/sa/sldap_2_5.txt · Last modified: 2023/12/02 12:31 by niccolo