Idefix's Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: start » freebsd » ldap
Zuletzt angesehen:
freebsd:ldap

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
freebsd:ldap [2007/12/15 23:55]
Idefix /* Creating SSL Certificate */ 		freebsd:ldap [2013/12/15 20:13] (aktuell)
idefix freebsd-ldap umbenannt in freebsd:ldap
Zeile 1: Zeile 1:
 +====== ​ Configure abook  ======
 +Download [[Image:​Abook.ldif.txt|abook.ldif]].
 +
 +execute:
 +<​code>​
 +ldapadd -x -W -D '​cn=Manager,​dc=fechner,​dc=net'​ -f abook.ldif
 +</​code>​
 +to create the initial tree.
 +
 +====== ​ Search ​ ======
 +<​code>​
 +ldapsearch -LLL -x -D "​cn=Manager,​dc=fechner,​dc=net"​ -W -u
 +</​code>​
 +
 +====== ​ Upgrade ​ ======
 +First make a backup of your data:
 +<​code>​
 +slapcat >​backup-openldap-20060709.ldif
 +tar cvfj backup_openldap.tar.bz2 /​var/​db/​openldap-* /​usr/​local/​etc/​openldap
 +</​code>​
 +Upgrade the server and the client to the new version.
 +Now delete the old database:
 +<​code>​
 +find -type f /​var/​db/​openldap-* -delete -print
 +</​code>​
 +Restore the old database:
 +<​code>​
 +slapadd -l backup-openldap-20060709.ldif
 +</​code>​
 +Start openldap with:
 +<​code>​
 +/​usr/​local/​etc/​rc.d/​slapd start
 +</​code>​
 +
 +====== ​ Add Index  ======
 +If you get the following warning message it's recommended that you add an index to your ldap database:
 +<​code>​
 +Sep 18 10:28:29 server slapd[[40569]]:​ <= bdb_equality_candidates:​ (givenName) index_param failed (18)
 +</​code>​
 +
 +To do this edit the file /​usr/​local/​etc/​openldap/​slapd.conf and add:
 +<​code>​
 +index   ​givenName pres,sub,eq
 +</​code>​
 +
 +Now stop the ldap server, create the index and start the ldap server:
 +<​code>​
 +/​usr/​local/​etc/​rc.d/​slapd stop
 +slapindex
 +/​usr/​local/​etc/​rc.d/​slapd start
 +</​code>​
 +
 +====== ​ Tune the LDAP  ======
 +If you get the warning:
 +<​code>​
 +Sep 18 10:36:10 server slapd[[43302]]:​ bdb_db_open:​ Warning - No DB_CONFIG file found in directory ​
 +/​var/​db/​openldap-data:​ (2) Expect poor performance for suffix dc=fechner,​dc=net.
 +</​code>​
 +it is necessary to tune your database. To do this create the file DB_CONFIG in /​var/​db/​openldap-data with:
 +<​code>​
 +  -  one 4 MB cache
 +set_cachesize 0 4194304 1
 +
 +  -  Data Directory
 +  - set_data_dir db
 +
 +  -  Transaction Log settings
 +set_lg_regionmax 262144
 +set_lg_bsize 2097152
 +  - set_lg_dir logs
 +</​code>​
 +Adapt the cache size to your needs. You can check the values with:
 +<​code>​
 +db_stat-4.2 -m
 +</​code>​
 +
 +====== ​ Creating SSL Certificate ​ ======
 +[[FreeBSD-Apache|See here]]
 +
 +Create certificate if not allready exist:
 +<​code>​
 +openssl req -new -x509 -nodes -out slapd.pem -keyout lsapd.key -days 365
 +</​code>​
 +
 +Activate in /​etc/​rc.conf with:
 +<​code>​
 +ldaps:<​nowiki>//</​nowiki>​0.0.0.0/​
 +
 +TLSCertificateFile /​usr/​share/​ssl/​certs/​slapd.pem
 +TLSCertificateKeyFile /​usr/​share/​ssl/​certs/​slapd.key
 +TLSCACertificateFile /​usr/​share/​ssl/​certs/​slapd.pem
 +</​code>​
 +
 +Check if all is ok:
 +<​code>​
 +openssl s_client -connect localhost:​636 -showcerts
 +</​code>​
 +
 +====== ​ Recover ​ ======
 +<​code>​
 +cd /​var/​db/​openldap-data
 +db_recover-4.6
 +/​usr/​local/​etc/​rc.d/​slapd restart
 +</​code>​
  
freebsd/ldap.txt · Zuletzt geändert: 2013/12/15 20:13 von idefix

Seiten-Werkzeuge

Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial 4.0 International
CC Attribution-Noncommercial 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki