rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:sldap_2_5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
doc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:13] – [Testing an ldapsearch] niccolodoc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:29] – [Enable SSL] niccolo
Line 42: Line 42:
  
 Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend). Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend).
 +
 +===== Enable SSL =====
 +
 +Create a self signed certificate or get it from some provider, like **[[https://letsencrypt.org/|Let's Encrypt]]**. Copy the files into **/etc/ldap/ssl/** and give them permissions for the //openldap// user.
 +
 +Create the following file **config-ssl.ldif**:
 +
 +<file>
 +dn: cn=config
 +changetype: modify
 +replace: olcTLSCertificateFile
 +olcTLSCertificateFile: /etc/ldap/ssl/fullchain.pem
 +-
 +replace: olcTLSCertificateKeyFile
 +olcTLSCertificateKeyFile: /etc/ldap/ssl/privkey.pem
 +-
 +replace: olcTLSCACertificatePath
 +olcTLSCACertificatePath: /etc/ssl/cert
 +</file>
 +
 +and load it into the slapd 2.5 configuration:
 +
 +<code>
 +ldapmodify -Y EXTERNAL -H ldapi:/// -f config-ssl.ldif
 +</code>
  
 ===== Adding a second (new) database ===== ===== Adding a second (new) database =====
doc/appunti/linux/sa/sldap_2_5.txt · Last modified: 2023/12/02 12:31 by niccolo