OpenLDAP
Info found on https://wiki.debian.org/LDAP/OpenLDAPSetup
Install required packages
# apt-get install slapd
If required manually re-configure slapd. (E.g. to change the domain used) This is a interactive process and will ask some questions.
# dpkg-reconfigure slapd ldap-utils # /etc/init.d/slapd start
Add Indexes (debian only)
Create a LDIF file olcDbIndex.ldif
containing:
- olcDbIndex.ldif
dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: cn pres,sub,eq - add: olcDbIndex olcDbIndex: sn pres,sub,eq - add: olcDbIndex olcDbIndex: uid pres,sub,eq - add: olcDbIndex olcDbIndex: displayName pres,sub,eq - add: olcDbIndex olcDbIndex: default sub - add: olcDbIndex olcDbIndex: uidNumber eq - add: olcDbIndex olcDbIndex: gidNumber eq - add: olcDbIndex olcDbIndex: mail,givenName eq,subinitial - add: olcDbIndex olcDbIndex: dc eq
Create the indexes.
ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcDbIndex.ldif
Enable 'chsh' and 'chfn'
Create a LDIF file olcAccess.ldif
containing:
- olcAccess.ldif
dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcAccess olcAccess: {1}to attrs=loginShell,gecos by dn="cn=admin,dc=example,dc=com" write by self write by * read
Apply permissions by loading the ldif into OpenLDAP
ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcAccess.ldif
Enable LDAPS
Have your OpenSSL: Setup a private Certificate Authority setup and allow openldap to access to:
- Decrypted private key
- Certificate
- Root/Intermediate CA chain file
Update /etc/default/slapd
SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
Create a file olcSSL.ldif
containing:
- olcSSL.ldif
dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/ca-chain.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/server-key.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/server-cert.pem
Load the config info OpenLDAP
# ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcSSL.ldif
Backlinks: