Configure OpenLDAP: Difference between revisions
(Created page with "{{ draft }} Lightweight Directory Access Protocol (LDAP) is often employed as an authentication mechanism, providing a common username and password across many different appl...") |
No edit summary |
||
| Line 5: | Line 5: | ||
== Installing Packages == | == Installing Packages == | ||
There is an Alpine package for OpenLDAP. However, | There is an Alpine package for OpenLDAP. However, simply adding the openldap apk is not enough to get you up and running. You'll also need to install a backend database and some LDAP command-line tools. | ||
Here's how: | Here's how: | ||
| Line 15: | Line 15: | ||
The Alpine OpenLDAP package can use either a configuration directory (slapd.d) or a configuration file (slapd.conf). Since OpenLDAP 2.3, the preferred method is to use the slapd.d configuration directory and any official OpenLDAP documentation, including their quickstart guide, will use this configuration method. | The Alpine OpenLDAP package can use either a configuration directory (slapd.d) or a configuration file (slapd.conf). Since OpenLDAP 2.3, the preferred method is to use the slapd.d configuration directory and any official OpenLDAP documentation, including their quickstart guide, will use this configuration method. | ||
First, create the slapd.d directory with the proper ownership and permissions. | |||
install -m 755 -o ldap -g ldap -d /etc/openldap/slapd.d | install -m 755 -o ldap -g ldap -d /etc/openldap/slapd.d | ||
Next, edit the slapd startup configuration to use the directory instead of the file | |||
vi /etc/conf.d/slapd | vi /etc/conf.d/slapd | ||
| Line 38: | Line 40: | ||
== Customizing Configuration for Your Domain == | == Customizing Configuration for Your Domain == | ||
# Edit slapd.ldif again. | |||
# Find <code>olcSuffix:</code> | |||
# Change to match your domain | |||
# Find <code>olcRootDN:</code> | |||
# Change to match your domain | |||
Or you can do... | Or, assuming your domain is 'contoso.com' you can do... | ||
sed -i s/dc=my-domain,dc=com/dc= | sed -i s/dc=my-domain,dc=com/dc=contoso,dc=com/g /etc/openldap/slapd.ldif | ||
== Import the Configuration == | == Import the Configuration == | ||
Revision as of 20:31, 4 May 2022
 Do not follow instructions here until this notice is removed. |
Lightweight Directory Access Protocol (LDAP) is often employed as an authentication mechanism, providing a common username and password across many different applications. This tutorial shows how to install and configure the OpenLDAP package on Alpine Linux.
Installing Packages
There is an Alpine package for OpenLDAP. However, simply adding the openldap apk is not enough to get you up and running. You'll also need to install a backend database and some LDAP command-line tools.
Here's how:
apk add openldap openldap-back-mdb openldap-clients
Customizing Configuration for OpenLDAP 2.3+
The Alpine OpenLDAP package can use either a configuration directory (slapd.d) or a configuration file (slapd.conf). Since OpenLDAP 2.3, the preferred method is to use the slapd.d configuration directory and any official OpenLDAP documentation, including their quickstart guide, will use this configuration method.
First, create the slapd.d directory with the proper ownership and permissions.
install -m 755 -o ldap -g ldap -d /etc/openldap/slapd.d
Next, edit the slapd startup configuration to use the directory instead of the file
vi /etc/conf.d/slapd
Comment out cfgfile="/etc/openldap/slapd.conf"
Uncomment cfgdir="/etc/openldap/slapd.d"
rm /etc/openldap/slapd.conf
vi /etc/openldap/slapd.ldif
Open up /etc/openldap/slapd.ldif in your favorite editor. Search for the filenames ending with .la and change the extension to .so
Or, you can do...
sed -i s/\.la$/.so/g slapd.ldif
Customizing Configuration for Your Domain
- Edit slapd.ldif again.
- Find
olcSuffix: - Change to match your domain
- Find
olcRootDN: - Change to match your domain
Or, assuming your domain is 'contoso.com' you can do...
sed -i s/dc=my-domain,dc=com/dc=contoso,dc=com/g /etc/openldap/slapd.ldif
Import the Configuration
Use this command:
slapadd -n 0 -F /etc/openldap/slapd.d -l /etc/openldap/slapd.ldif
There should be no errors, only a "Closing DB..." message.
Change ownership on the files or the slapd service will refuse to start.
chown -R ldap:ldap /etc/openldap/slapd.d/*
Configuring the slapd Service
The pid directory is missing. We'll need to create it or the service won't start.
install -m 755 -o ldap -g ldap -d /var/lib/openldap/run
Testing
ldapsearch -x -b -s base '(objectclass=*)' namingContexts
You should see your domain.
You can also test with `slapcat -n 0` This will dump the entire config database in LDIF format. Combine with grep to search for your domain.
>When using grep, remember LDAP uses the format dc=domain,dc=com and not the more familiar domain.com.