Table of Contents

Установка и настройка OpenLDAP

Debian/Ubuntu

root@server:~# apt install slapd ldap-utils

Administrative password: secret

root@server:~# ldapsearch -x -b "dc=corpX,dc=un"

Отключение анонимного доступа

# ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret

Включение TLS

# chmod 0640 /etc/ldap/key.pem

# chgrp openldap /etc/ldap/key.pem

# cat certinfo.ldif
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/ca.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/cert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/key.pem
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif

root@server:~# cat /etc/default/slapd
...
SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
...
# systemctl restart slapd.service

Дополнительные материалы

FreeBSD

[server:~] # pkg install openldap-server

[server:~] # cat /usr/local/etc/openldap/slapd.conf
...
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
...
moduleload      back_mdb
...
suffix                "dc=corpX,dc=un"
rootdn                "cn=admin,dc=corpX,dc=un"
...
[server:~] # cat /etc/rc.conf
...
slapd_enable="YES"
[server:~] # service slapd start