検索

このコンテンツは選択した言語では利用できません。

13.6. OpenLDAP Setup Overview

download PDF
This section provides a quick overview for installing and configuring an OpenLDAP directory. For more details, refer to the following URLs:
The basic steps for creating an LDAP server are as follows:
  1. Install the openldap, openldap-servers, and openldap-clients RPMs.
  2. Edit the /etc/openldap/slapd.conf file to specify the LDAP domain and server. Refer to Section 13.6.1, “Editing /etc/openldap/slapd.conf for more information.
  3. Start slapd with the command:
    service ldap start
    After configuring LDAP, use chkconfig, /usr/sbin/ntsysv, or the Services Configuration Tool to configure LDAP to start at boot time. For more information about configuring services, refer to the chapter titled Controlling Access to Services in the System Administrators Guide.
  4. Add entries to an LDAP directory with ldapadd.
  5. Use ldapsearch to determine if slapd is accessing the information correctly.
  6. At this point, the LDAP directory should be functioning properly and can be configured with LDAP-enabled applications.

13.6.1. Editing /etc/openldap/slapd.conf

To use the slapd LDAP server, modify its configuration file, /etc/openldap/slapd.conf, to specify the correct domain and server.
The suffix line names the domain for which the LDAP server provides information and should be changed from:
suffix          "dc=your-domain,dc=com"
so that it reflects a fully qualified domain name. For example:
suffix          "dc=example,dc=com"
The rootdn entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The rootdn user can be thought of as the root user for the LDAP directory. In the configuration file, change the rootdn line from its default value as in the following example:
rootdn          "cn=root,dc=example,dc=com"
When populating an LDAP directory over a network, change the rootpw line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command:
slappasswd
When prompted, type and then re-type a password. The program prints the resulting encrypted password to the shell prompt.
Next, copy the newly created encrypted password into the /etc/openldap/slapd.conf on one of the rootpw lines and remove the hash mark (#).
When finished, the line should look similar to the following example:
rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u

Warning

LDAP passwords, including the rootpw directive specified in /etc/openldap/slapd.conf, are sent over the network unencrypted, unless TLS encryption is enabled.
To enable TLS encryption, review the comments in /etc/openldap/slapd.conf and refer to the man page for slapd.conf.
For added security, the rootpw directive should be commented out after populating the LDAP directory by preceding it with a hash mark (#).
When using the /usr/sbin/slapadd command line tool locally to populate the LDAP directory, use of the rootpw directive is not necessary.

Important

Only the root user can use /usr/sbin/slapadd. However, the directory server runs as the ldap user. Therefore, the directory server is unable to modify any files created by slapadd. To correct this issue, after using slapadd, type the following command:
chown -R ldap /var/lib/ldap
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.