rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:sldap_2_5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
doc:appunti:linux:sa:sldap_2_5 [2023/12/02 11:17] – [Restore from the backup file] niccolodoc:appunti:linux:sa:sldap_2_5 [2023/12/02 12:29] – [Enable SSL] niccolo
Line 14: Line 14:
  
 FIXME La **[[https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807|Service - Migrating from OpenLDAP 2.4.x to 2.5.x]]** non ha funzionato; fallisce quando si tenta di ricaricare il database **dc=rigacci,dc=org.ldif** con il comando **slapadd**. FIXME La **[[https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807|Service - Migrating from OpenLDAP 2.4.x to 2.5.x]]** non ha funzionato; fallisce quando si tenta di ricaricare il database **dc=rigacci,dc=org.ldif** con il comando **slapadd**.
 +
 +Per ripristinare il servizio si sono eseguite ex-nove tutte le operazoni necessarie, in particolare:
 +
 +  * Caricato lo schema **mozillaAbPersonAlpha**.
 +  * Creato il database #2 per gestire il suffisso **ou=Addressbook,dc=rigacci,dc=org**.
 +  * Creata la organizationalUnit **Addressbook**.
 +  * Creata la inetOrgPerson **cn=guest**.
 +  * Caricate tutte le entry objectClass **mozillaAbPersonAlpha**.
  
 ===== (Re)installation from scratch ===== ===== (Re)installation from scratch =====
Line 34: Line 42:
  
 Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend). Reading the dump of database #0, you can see that the **cn=config** database has the **olcRootDN: cn=admin,cn=config**, but it does not have an **olcRootPW**, so you cannot modify the config database connecting with a login/password pair. See below on how to modify the **cn=config** database (e.g. to add a new database backend).
 +
 +===== Enable SSL =====
 +
 +Create a self signed certificate or get it from some provider, like **[[https://letsencrypt.org/|Let's Encrypt]]**. Copy the files into **/etc/ldap/ssl/** and give them permissions for the //openldap// user.
 +
 +Create the following file **config-ssl.ldif**:
 +
 +<file>
 +dn: cn=config
 +changetype: modify
 +replace: olcTLSCertificateFile
 +olcTLSCertificateFile: /etc/ldap/ssl/fullchain.pem
 +-
 +replace: olcTLSCertificateKeyFile
 +olcTLSCertificateKeyFile: /etc/ldap/ssl/privkey.pem
 +-
 +replace: olcTLSCACertificatePath
 +olcTLSCACertificatePath: /etc/ssl/cert
 +</file>
 +
 +and load it into the slapd 2.5 configuration:
 +
 +<code>
 +ldapmodify -Y EXTERNAL -H ldapi:/// -f config-ssl.ldif
 +</code>
  
 ===== Adding a second (new) database ===== ===== Adding a second (new) database =====
Line 218: Line 251:
 </file> </file>
  
 +==== Testing an ldapsearch ====
 +
 +Finally you can test if the LDAP database is working doing a full search with **ldapsearch**:
 +
 +<code bash>
 +ldapsearch -W \
 +    -H ldap://127.0.0.1/ \
 +    -D "cn=guest,ou=Addressbook,dc=rigacci,dc=org" \
 +    -b 'ou=Addressbook,dc=rigacci,dc=org'
 +</code>
 +
 +The **ldap** protocol is on port **389/tcp**, **ldaps** is on **636/tcp**.
 ===== Web References ===== ===== Web References =====
  
doc/appunti/linux/sa/sldap_2_5.txt · Last modified: 2023/12/02 12:31 by niccolo