[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP installation. Am I missing something?

To: Sherman Lilly <Sherman.Lilly@knoxcounty.org>
Subject: Re: OpenLDAP installation. Am I missing something?
From: Ryan Tandy <ryan@nardis.ca>
Date: Sat, 14 Nov 2015 10:27:03 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=+vKkSNii9zst5W1+lpwu0V2t0vb22mfsxEyOmX7uHm8=; b=K/YTe7/QQ2FQbNP+bSrYypPuj8yj6kmjOmp9roJYcMYixehihDouUUP0x4iCN2iCsX Dzz0PHO+VFiHj+vqqb8tq2sSul78vkKUiUf6cL9CnE92j6z1tvkFKUAzREJeXPuJmyAe VKnUwD9aLJu4QrCQbma2V27ptQWAAP3T3Fztc=
In-reply-to: <775174236735BA4E9C606781C315EF8703766AF4BF@Main-Mailbox4.knox-main.org>
Mail-followup-to: Sherman Lilly <Sherman.Lilly@knoxcounty.org>, openldap-technical@openldap.org
References: <775174236735BA4E9C606781C315EF8703766AF4BF@Main-Mailbox4.knox-main.org>
User-agent: Mutt/1.5.23 (2014-03-12)

Hello Sherman,

On Fri, Nov 13, 2015 at 02:29:05PM +0000, Sherman Lilly wrote:

I may have this totally wrong but why is there no installationdocumentation that tells somebody how to setup OpenLDAP the right way.


http://www.openldap.org/doc/admin24/

http://www.openldap.org/doc/admin24/slapdconf2.html

If you deployed OpenLDAP from a distribution package, you could alsocheck whether your distribution provides documentation about theirspecific setup, which may have some additional or differing bestpractices compared to the above. For example, Ubuntu:


https://help.ubuntu.com/lts/serverguide/openldap-server.html

file:///usr/share/doc/slapd/README.Debian.gz
(online: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/openldap/wily/view/head:/debian/slapd.README.Debian)

or Red Hat:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Directory_Servers.html

After installing OpenLDAP you have no slapd.conf file so that directionis not happening. If you modify any file in the slapd.d directory,startup will complain about bad checksum.

Well, yes. As the files themselves say: "DO NOT EDIT!! Use ldapmodify."We can't really help if you decide to ignore that recommendation.

I can't find any where that tells you how to modify the base dn,rootdn, and root password without editing the files in the slapd.dmanually.

Those parameters are touched on briefly the admin guide, above. Look forolcRootDN, olcRootPW, and olcSuffix. The slapd-config(5) man page is amore comprehensive reference for configuration directives.

Am I missing something? I have check Google, Youtube, and other placesand they all say manually edit files in slapd.d. That can't be theright way if openldap server is complaining about doing it.

Any site that says to edit files under slapd.d by hand is wrong andshould be ignored. The man pages and admin guide are included *with thesoftware itself*, in the tarball: why would you not start with those?


hope that helps,
Ryan

References:
- OpenLDAP installation. Am I missing something?
  - From: Sherman Lilly <Sherman.Lilly@knoxcounty.org>

Prev by Date: Re: OpenLDAP installation. Am I missing something?
Next by Date: looking for example config olc for totp module.
Index(es):
- Chronological
- Thread