Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung | |||
freebsd:ldap [2007/12/15 23:55] Idefix /* Creating SSL Certificate */ |
freebsd:ldap [2013/12/15 20:13] (aktuell) idefix freebsd-ldap umbenannt in freebsd:ldap |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Configure abook ====== | ||
+ | Download [[Image:Abook.ldif.txt|abook.ldif]]. | ||
+ | |||
+ | execute: | ||
+ | <code> | ||
+ | ldapadd -x -W -D 'cn=Manager,dc=fechner,dc=net' -f abook.ldif | ||
+ | </code> | ||
+ | to create the initial tree. | ||
+ | |||
+ | ====== Search ====== | ||
+ | <code> | ||
+ | ldapsearch -LLL -x -D "cn=Manager,dc=fechner,dc=net" -W -u | ||
+ | </code> | ||
+ | |||
+ | ====== Upgrade ====== | ||
+ | First make a backup of your data: | ||
+ | <code> | ||
+ | slapcat >backup-openldap-20060709.ldif | ||
+ | tar cvfj backup_openldap.tar.bz2 /var/db/openldap-* /usr/local/etc/openldap | ||
+ | </code> | ||
+ | Upgrade the server and the client to the new version. | ||
+ | Now delete the old database: | ||
+ | <code> | ||
+ | find -type f /var/db/openldap-* -delete -print | ||
+ | </code> | ||
+ | Restore the old database: | ||
+ | <code> | ||
+ | slapadd -l backup-openldap-20060709.ldif | ||
+ | </code> | ||
+ | Start openldap with: | ||
+ | <code> | ||
+ | /usr/local/etc/rc.d/slapd start | ||
+ | </code> | ||
+ | |||
+ | ====== Add Index ====== | ||
+ | If you get the following warning message it's recommended that you add an index to your ldap database: | ||
+ | <code> | ||
+ | Sep 18 10:28:29 server slapd[[40569]]: <= bdb_equality_candidates: (givenName) index_param failed (18) | ||
+ | </code> | ||
+ | |||
+ | To do this edit the file /usr/local/etc/openldap/slapd.conf and add: | ||
+ | <code> | ||
+ | index givenName pres,sub,eq | ||
+ | </code> | ||
+ | |||
+ | Now stop the ldap server, create the index and start the ldap server: | ||
+ | <code> | ||
+ | /usr/local/etc/rc.d/slapd stop | ||
+ | slapindex | ||
+ | /usr/local/etc/rc.d/slapd start | ||
+ | </code> | ||
+ | |||
+ | ====== Tune the LDAP ====== | ||
+ | If you get the warning: | ||
+ | <code> | ||
+ | Sep 18 10:36:10 server slapd[[43302]]: bdb_db_open: Warning - No DB_CONFIG file found in directory | ||
+ | /var/db/openldap-data: (2) Expect poor performance for suffix dc=fechner,dc=net. | ||
+ | </code> | ||
+ | it is necessary to tune your database. To do this create the file DB_CONFIG in /var/db/openldap-data with: | ||
+ | <code> | ||
+ | - one 4 MB cache | ||
+ | set_cachesize 0 4194304 1 | ||
+ | |||
+ | - Data Directory | ||
+ | - set_data_dir db | ||
+ | |||
+ | - Transaction Log settings | ||
+ | set_lg_regionmax 262144 | ||
+ | set_lg_bsize 2097152 | ||
+ | - set_lg_dir logs | ||
+ | </code> | ||
+ | Adapt the cache size to your needs. You can check the values with: | ||
+ | <code> | ||
+ | db_stat-4.2 -m | ||
+ | </code> | ||
+ | |||
+ | ====== Creating SSL Certificate ====== | ||
+ | [[FreeBSD-Apache|See here]] | ||
+ | |||
+ | Create certificate if not allready exist: | ||
+ | <code> | ||
+ | openssl req -new -x509 -nodes -out slapd.pem -keyout lsapd.key -days 365 | ||
+ | </code> | ||
+ | |||
+ | Activate in /etc/rc.conf with: | ||
+ | <code> | ||
+ | ldaps:<nowiki>//</nowiki>0.0.0.0/ | ||
+ | |||
+ | TLSCertificateFile /usr/share/ssl/certs/slapd.pem | ||
+ | TLSCertificateKeyFile /usr/share/ssl/certs/slapd.key | ||
+ | TLSCACertificateFile /usr/share/ssl/certs/slapd.pem | ||
+ | </code> | ||
+ | |||
+ | Check if all is ok: | ||
+ | <code> | ||
+ | openssl s_client -connect localhost:636 -showcerts | ||
+ | </code> | ||
+ | |||
+ | ====== Recover ====== | ||
+ | <code> | ||
+ | cd /var/db/openldap-data | ||
+ | db_recover-4.6 | ||
+ | /usr/local/etc/rc.d/slapd restart | ||
+ | </code> | ||