Configure OpenLDAP: Difference between revisions
No edit summary |
mNo edit summary |
||
Line 10: | Line 10: | ||
apk add openldap openldap-back-mdb openldap-clients | apk add openldap openldap-back-mdb openldap-clients | ||
But, before you start up the slapd service and go, there's a bit of configuration to do. | |||
== Customizing Configuration for OpenLDAP 2.3+ == | == Customizing Configuration for OpenLDAP 2.3+ == | ||
The Alpine OpenLDAP package can use either a configuration directory (slapd.d) or a configuration file (slapd.conf). Since OpenLDAP 2.3, the preferred method is to use the slapd.d configuration directory | The Alpine OpenLDAP package can use either a configuration directory (slapd.d) or a configuration file (slapd.conf). Since OpenLDAP version 2.3, the preferred method is to use the slapd.d configuration directory. Any official OpenLDAP documentation, including their [https://www.openldap.org/doc/admin26/quickstart.html quickstart guide], will use this configuration method. | ||
First, create the slapd.d directory with the proper ownership and permissions. | First, create the slapd.d directory with the proper ownership and permissions. |
Revision as of 20:34, 4 May 2022
This material is work-in-progress ... Do not follow instructions here until this notice is removed. |
Lightweight Directory Access Protocol (LDAP) is often employed as an authentication mechanism, providing a common username and password across many different applications. This tutorial shows how to install and configure the OpenLDAP package on Alpine Linux.
Installing Packages
There is an Alpine package for OpenLDAP. However, simply adding the openldap apk is not enough to get you up and running. You'll also need to install a backend database and some LDAP command-line tools.
Here's how:
apk add openldap openldap-back-mdb openldap-clients
But, before you start up the slapd service and go, there's a bit of configuration to do.
Customizing Configuration for OpenLDAP 2.3+
The Alpine OpenLDAP package can use either a configuration directory (slapd.d) or a configuration file (slapd.conf). Since OpenLDAP version 2.3, the preferred method is to use the slapd.d configuration directory. Any official OpenLDAP documentation, including their quickstart guide, will use this configuration method.
First, create the slapd.d directory with the proper ownership and permissions.
install -m 755 -o ldap -g ldap -d /etc/openldap/slapd.d
Next, edit the slapd startup configuration to use the directory instead of the file
vi /etc/conf.d/slapd
Comment out cfgfile="/etc/openldap/slapd.conf"
Uncomment cfgdir="/etc/openldap/slapd.d"
rm /etc/openldap/slapd.conf
vi /etc/openldap/slapd.ldif
Open up /etc/openldap/slapd.ldif in your favorite editor. Search for the filenames ending with .la
and change the extension to .so
Or, you can do...
sed -i s/\.la$/.so/g slapd.ldif
Customizing Configuration for Your Domain
- Edit slapd.ldif again.
- Find
olcSuffix:
- Change to match your domain
- Find
olcRootDN:
- Change to match your domain
Or, assuming your domain is 'contoso.com' you can do...
sed -i s/dc=my-domain,dc=com/dc=contoso,dc=com/g /etc/openldap/slapd.ldif
Import the Configuration
Use this command:
slapadd -n 0 -F /etc/openldap/slapd.d -l /etc/openldap/slapd.ldif
There should be no errors, only a "Closing DB..." message.
Change ownership on the files or the slapd service will refuse to start.
chown -R ldap:ldap /etc/openldap/slapd.d/*
Configuring the slapd Service
The pid directory is missing. We'll need to create it or the service won't start.
install -m 755 -o ldap -g ldap -d /var/lib/openldap/run
Testing
ldapsearch -x -b -s base '(objectclass=*)' namingContexts
You should see your domain.
You can also test with `slapcat -n 0` This will dump the entire config database in LDIF format. Combine with grep to search for your domain.
>When using grep, remember LDAP uses the format dc=domain,dc=com and not the more familiar domain.com.