Archives par étiquette : OpenLDAP reconfiguration

OpenLDAP tutorial (2) – Modify the default settings

Goal: This«OpenLDAP tutorial» aims to show how to improve the basic server configuration viewed in OpenLDAP tutorial – Installation and basic configuration post. This reconfiguration allows to customize settings made by default in the installation procedure. This is a further step to prepare th server use in a real environment.

Prerequisite: The OpenLDAP server is installed with its default configuration. The installation is  done on a host with Debian / Ubuntu OS or compliant.

This reconfiguration must be made before filling the directory server with data. The reason is this will reset the database and set its contents to empty.

This reconfiguration is done with the command:

sudo dpkg-reconfigure slapd

Following this a series of screens appear and asks you to enter settings or make choices.

Reconfiguring OpenLDAP – step 1

openldap tutorial openldap ubuntuChoose <No> to start the reconfiguration.

Reconfiguring OpenLDAP – step 2

openldap tutorial

By default, the domain name configured for the host machine is taken. Enter the domain name, this sets the DIT in the directory. In this example: dc=ldaptuto,dc=net

Reconfiguring OpenLDAP – step 3

openldap tutorial openldap ubuntuEnter the name of the organization, a label attached to the DIT in the directory. For information only.

Reconfiguring OpenLDAP – step 4

openldap tutorial openldap ubuntuPassword of the directory administrator who is cn=admin,dc=ldaptuto,dc=net. The administrator has all the rights and it is not subject to any restrictions set.

Reconfiguring OpenLDAP – step 5

openldap tutorial

The Database type to use. OpenLDAP can work with many types of databases like BDB, HDB and MDB, which are proposed by the installation procedure. MDB is the recommended database. It is more compact and powerful than HDB and BDB. MDB works without any special configuration and allows you to rename a sub-set of the directory (any node) just like HDB.

Reconfiguring OpenLDAP – step 6

openldap tutorial openldap ubuntuBehavior when uninstalling and then purge the package slapd. Choose whether the data files to be deleted or not (<No> is more cautious, <Yes> is more efficient).

Reconfiguring OpenLDAP – step 7

openldap tutorial

Choose <Yes>. The data files will moved from /var/lib/ldap to /var/backup.

Reconfiguring OpenLDAP – step 8 (if it apears)

openldap tutorial openldap ubuntuChoose <No>, unless there is a good reason (eg maintain compatibility with old system).

Following this step, the directory server is reset and restarted.

Check the new setting

sudo ldapsearch -Y external -H ldapi:///  -b dc=ldaptuto,dc=net ↵

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
# extended LDIF
# LDAPv3
# base <dc=ldaptuto,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

dn: dc=ldaptuto,dc=net
objectClass: top
objectClass: dcObject
objectClass: organization
o: OpenLDAP tutorial
dc: ldaptuto

# admin,
dn: cn=admin,dc=ldaptuto,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Noice the new DIT dc=ldaptuto,dc=net and its label o: OpenLDAP tutorial