Wednesday, June 6, 2012

OpenLDAP on Fedora 17 - Understanding Installation

As per the motivation in my previous post, I cleaned up slapd.d and various other files to start with a blank state on Fedora 17. Slapd would not start. It now needs slapd.d to exist.

Examining the installation script:
rpm -q --scripts openldap-servers
we notice that it creates fresh slapd.d at start as follows:
 /usr/libexec/openldap/convert-config.sh
                           -f /usr/share/openldap-servers/slapd.ldif
Obviously, the script is smart enough to upgrade the existing files and database in case slapd is already running.

We can customize slapd.conf as follows for our needs:
  1. Modify realm in olcAccess, olcSuffix and olcRootDN entries. 
  2. Add an entry for olcRootPW -  olcRootPW:"slappasswd output"
  3. Add needed schemas, e.g. cosine and nis as only core schema is included by default.
Create the starting slapd database and start the daemon:
$ sudo /usr/libexec/openldap/convert-config.sh -f slapd.ldif
$ sudo systemctl start slapd.service
 I created base.ldif, users.ldif and groups.ldif using the migrationtools and added them to the ldap database:
$ ldapadd -x -W  -D cn=Manager,dc=example,dc=com  -f base.ldif 
It should now be possible to use this server for authentication.

More in next post.

No comments:

Post a Comment