User Tools
установка_и_настройка_openldap
This is an old revision of the document!
Table of Contents
Установка и настройка OpenLDAP
Debian/Ubuntu
# apt install slapd ldap-utils Administrative password: secret # ldapsearch -x -b "dc=corpX,dc=un"
Отключение анонимного доступа
# ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret
Включение TLS
# chmod 0640 /etc/ldap/key.pem # chgrp openldap /etc/ldap/key.pem # cat certinfo.ldif
dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ca.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/key.pem
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif root@server:~# cat /etc/default/slapd
... SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" ...
# systemctl restart slapd.service
Дополнительные материалы
FreeBSD
[server:~] # pkg install openldap-server [server:~] # cat /usr/local/etc/openldap/slapd.conf
... include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema ... moduleload back_mdb ... suffix "dc=corpX,dc=un" rootdn "cn=admin,dc=corpX,dc=un" ...
[server:~] # cat /etc/rc.conf
... slapd_enable="YES"
[server:~] # service slapd start
установка_и_настройка_openldap.1747384466.txt.gz · Last modified: 2025/05/16 11:34 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
