Idefix's Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: start » freebsd » ldap
Zuletzt angesehen: ldap
freebsd:ldap

Inhaltsverzeichnis

Configure abook

Download abook.ldif.

execute: 

ldapadd -x -W -D 'cn=Manager,dc=fechner,dc=net' -f abook.ldif

to create the initial tree.

Search

ldapsearch -LLL -x -D "cn=Manager,dc=fechner,dc=net" -W -u

Upgrade

First make a backup of your data: 

slapcat >backup-openldap-20060709.ldif
tar cvfj backup_openldap.tar.bz2 /var/db/openldap-* /usr/local/etc/openldap

Upgrade the server and the client to the new version. Now delete the old database: 

find -type f /var/db/openldap-* -delete -print

Restore the old database: 

slapadd -l backup-openldap-20060709.ldif

Start openldap with: 

/usr/local/etc/rc.d/slapd start

Add Index

If you get the following warning message it's recommended that you add an index to your ldap database: 

Sep 18 10:28:29 server slapd[[40569]]: <= bdb_equality_candidates: (givenName) index_param failed (18)

To do this edit the file /usr/local/etc/openldap/slapd.conf and add: 

index   givenName pres,sub,eq

Now stop the ldap server, create the index and start the ldap server: 

/usr/local/etc/rc.d/slapd stop
slapindex
/usr/local/etc/rc.d/slapd start

Tune the LDAP

If you get the warning: 

Sep 18 10:36:10 server slapd[[43302]]: bdb_db_open: Warning - No DB_CONFIG file found in directory 
/var/db/openldap-data: (2) Expect poor performance for suffix dc=fechner,dc=net.

it is necessary to tune your database. To do this create the file DB_CONFIG in /var/db/openldap-data with: 

  -  one 4 MB cache
set_cachesize 0 4194304 1

  -  Data Directory
  - set_data_dir db

  -  Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 2097152
  - set_lg_dir logs

Adapt the cache size to your needs. You can check the values with: 

db_stat-4.2 -m

Creating SSL Certificate

See here

Create certificate if not allready exist: 

openssl req -new -x509 -nodes -out slapd.pem -keyout lsapd.key -days 365

Activate in /etc/rc.conf with: 

ldaps:<nowiki>//</nowiki>0.0.0.0/

TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.key
TLSCACertificateFile /usr/share/ssl/certs/slapd.pem

Check if all is ok: 

openssl s_client -connect localhost:636 -showcerts

Recover

cd /var/db/openldap-data
db_recover-4.6
/usr/local/etc/rc.d/slapd restart
freebsd/ldap.txt · Zuletzt geändert: 2013/12/15 20:13 von idefix