administration:ldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
administration:ldap [2013/01/26 22:28] – damir | administration:ldap [2013/01/26 22:44] (current) – damir | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== cn=config ====== | ====== cn=config ====== | ||
- | in LDAP all configurations can be registered inside a file / | + | in LDAP all configurations can be registered inside a file / |
- | once the slapd configuration | + | Once the slapd configuration |
- | the manager can be defined as you like, but is common to use " | + | the manager can be defined as you like, but is common to use " |
- | the passage to cn=config method means that all the variation to the configuration are activated using the standard ldap< | + | the passage to cn=config method means that all the variation to the configuration are activated using the standard ldap< |
===== cn=config manager ===== | ===== cn=config manager ===== | ||
- | the cn=config manager is defined inside one of the files used by slapd to run the service: **/ | + | the cn=config manager is defined inside one of the files used by slapd to run the service: **/ |
< | < | ||
olcRootDN: cn=manager, | olcRootDN: cn=manager, | ||
olcRootPW: {SSHA}2c....... | olcRootPW: {SSHA}2c....... | ||
</ | </ | ||
- | | + | As you probably imagined, they define the name of the manager and the password associated. |
- | in both cases you can change the values of these fields by writing directly inside the file but in this case you must relaunch the slapd service. better to configure these fields correctly before going in production. | + | in both cases you can change the values of these fields by writing directly inside the file but you must relaunch the slapd service, so it' |
- | in case you need to change the password you can use the **slappasswd** command, that generate an encrypted password | + | In case you need to change the password you can use the **slappasswd** command that generate an encrypted password |
- | ====== add a schema | + | ===== add a schema ===== |
- | if you need to add a schema to the slapd configuration, | + | if you need to add a schema to the slapd configuration, |
- | to generate the ldif file containing the schema you can use the same command used to generate the initial cn=config structure from the existing slapd.conf file, but as this means that a new cn=config structure will be created, **never** use the transform command inside the production slapd.d directory. | + | To generate the ldif file containing the schema you can use the same command used to generate the initial cn=config structure from the existing slapd.conf file, but as this means that a new cn=config structure will be created, **never** use the transform command inside the production slapd.d directory.\\ |
- | It's for sure better that you create a new directory somewhere in the disc and move inside | + | It's for sure better that you create a new directory somewhere in the disc and move inside |
< | < | ||
mkdir / | mkdir / | ||
Line 27: | Line 27: | ||
include / | include / | ||
EOF | EOF | ||
+ | |||
slaptest -f newschema.conf -F / | slaptest -f newschema.conf -F / | ||
ls -R / | ls -R / | ||
Line 44: | Line 45: | ||
</ | </ | ||
- | With the line codes above we created the //.ldif// containing the information about the kerberos schema we want to add/ | + | With the code lines above we created the // |
* The schema is provided by the // | * The schema is provided by the // | ||
- | * The ls -R command shows the structure created by the **slaptest** conversion utility, **the base directory, passed with the -F option MUST exist**.\\ | + | * The ls -R command shows the structure created by the **slaptest** conversion utility |
Once we have the needed //.ldif// file, we must edit it so it can be added to an existing structure (the structure files created by slaptest are considered always as independent, | Once we have the needed //.ldif// file, we must edit it so it can be added to an existing structure (the structure files created by slaptest are considered always as independent, | ||
We do this by changing some lines in the .ldif file the define the schema we want to add: | We do this by changing some lines in the .ldif file the define the schema we want to add: | ||
Line 72: | Line 73: | ||
modifiersName: | modifiersName: | ||
modifyTimestamp: | modifyTimestamp: | ||
- | </> | + | </code> |
to | to | ||
< | < | ||
[empty line] | [empty line] | ||
- | </.code> | + | </ |
Remember that every .ldif file must contain an empty line to complete the command. | Remember that every .ldif file must contain an empty line to complete the command. | ||
administration/ldap.1359239330.txt.gz · Last modified: 2013/01/26 22:28 by damir