Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 13. Lightweight Directory Access Protocol (LDAP)Next

13.6. OpenLDAP Setup Overview

This section provides a quick overview for installing and configuring an OpenLDAP directory. For more details, refer to the following URLs:

The basic steps for creating an LDAP server are as follows:

  1. Install the openldap, openldap-servers, and openldap-clients RPMs.

  2. Edit the /etc/openldap/slapd.conf file to reference your LDAP domain and server. Refer to Section 13.6.1 Editing /etc/openldap/slapd.conf for more information on how to edit this file.

  3. Start slapd with the command:

    /sbin/service/ldap start

    After you have configured LDAP correctly, you can use chkconfig, ntsysv, or the Services Configuration Tool to configure LDAP to start at boot time. For more information about configuring services, refer to the chapter titled Controlling Access to Services in the Red Hat Linux Customization Guide.

  4. Add entries to your LDAP directory with ldapadd.

  5. Use ldapsearch to see if slapd is accessing the information correctly.

  6. At this point, your LDAP directory should be functioning properly and you can configure any LDAP-enabled applications to use the LDAP directory.

13.6.1. Editing /etc/openldap/slapd.conf

In order to use the slapd LDAP server, you will need to modify its configuration file, /etc/openldap/slapd.conf. You must edit this file to specify the correct domain and server.

The suffix line names the domain for which the LDAP server will provide information and should be changed from: 

suffix          "dc=your-domain,dc=com"

so that it reflects a fully qualified domain name. For example: 

suffix          "dc=example,dc=com"

The rootdn entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The rootdn user can be thought of as the root user for the LDAP directory. In the configuration file, change the rootdn line from its default value to something like the example below: 

rootdn          "cn=root,dc=example,dc=com"

If you intend to populate the LDAP directory over the network, change the rootpw line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command: 

slappasswd

You will be prompted to type and then re-type a password, then the program prints the resulting encrypted password to the terminal.

Next, copy the newly created encrypted password into the /etc/openldap/slapd.conf on one of the rootpw lines and remove the hash mark (#).

When finished, the line should look similar to the following example: 

rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u

WarningWarning
 

LDAP passwords, including the rootpw directive specified in /etc/openldap/slapd.conf, are sent over the network in unencrypted, unless you enable TLS encryption.

To enable TLS encryption review the comments in /etc/openldap/slapd.conf and see the man page for slapd.conf.

For added security, the rootpw directive should be commented out after populating the LDAP directory by preceding it with a hash mark (#).

When using the /usr/sbin/slapadd command line tool locally to populate the LDAP directory, use of the rootpw directive is not necessary.

ImportantImportant
 

You must be the root user to use /usr/sbin/slapadd. However, the directory server runs as the ldap user. Therefore the directory server will not be able to modify any files created by slapadd. To correct this issue, after you have finished using slapadd, type the following command: 

chown -R ldap /var/lib/ldap
PrevHomeNext
The /etc/openldap/schema/ DirectoryUpConfiguring Your System to Authenticate Using OpenLDAP
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.