vps_-_netbsd_with_ldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
vps_-_netbsd_with_ldap [2021/04/02 09:34] – hc9 | vps_-_netbsd_with_ldap [2021/04/02 19:27] (current) – [Graphical Client] hc9 | ||
---|---|---|---|
Line 60: | Line 60: | ||
{SSHA}1LuiLGmSO+EoPA0uk80v4TC5xwacBOWg | {SSHA}1LuiLGmSO+EoPA0uk80v4TC5xwacBOWg | ||
- | **Note: The "-s" | + | **Note: The '' |
- | You should copy the whole line to your clipboard as we will need it shortly. Then open up "/ | + | You should copy the whole line to your clipboard as we will need it shortly. Then open up '' |
The first three lines that need changing are near the top of the file. They start with include, pidfile and argsfile and have a path to a file following them. These paths point to the read-only filesystem of the SDF VPS pkgsrc and not our chroot, so they should be changed like so: | The first three lines that need changing are near the top of the file. They start with include, pidfile and argsfile and have a path to a file following them. These paths point to the read-only filesystem of the SDF VPS pkgsrc and not our chroot, so they should be changed like so: | ||
Line 71: | Line 71: | ||
argsfile | argsfile | ||
- | Next, we’ll need to set the suffix, the root DN, and the password for the root DN. The suffix is normally formed from your domain name. In this example, the domain name is shiftout.org, | + | Next, we’ll need to set the suffix, the root DN, and the password for the root DN. The suffix is normally formed from your domain name. In this example, the domain name is shiftout.org, |
suffix | suffix | ||
Line 80: | Line 80: | ||
Then there is one final path to modify. This is the directory that OpenLDAP uses for storing its data. Currently, it is set to point at the read-only SDF VPS pkgsrc, so this needs to be changed. | Then there is one final path to modify. This is the directory that OpenLDAP uses for storing its data. Currently, it is set to point at the read-only SDF VPS pkgsrc, so this needs to be changed. | ||
- | | + | directory |
The final step before running the server for the first time is to configure the rc scripts. These allow for the server to be started on boot. | The final step before running the server for the first time is to configure the rc scripts. These allow for the server to be started on boot. | ||
- | First, copy the example rc script for slapd into the "/etc/rc.d" | + | First, copy the example rc script for slapd into the '' |
- | | + | # cp / |
- | Then edit the new file "/ | + | Then edit the new file '' |
- | There are two lines you need to edit here. The line defining where to find "slapd" | + | There are two lines you need to edit here. The line defining where to find '' |
The first line that needs to be edited is the location of the configuration file, which should look like this: | The first line that needs to be edited is the location of the configuration file, which should look like this: | ||
- | | + | required_files="/ |
The second line is the command line arguments that are passed to " | The second line is the command line arguments that are passed to " | ||
- | | + | command_args=" |
- | The "-u" | + | The '' |
- | Finally, it is necessary to enable | + | Finally, it is necessary to enable |
- | | + | # echo " |
- | You can edit the file manually and add this line if you would like to keep your "rc.conf" organised | + | You can edit the file manually and add this line if you would like to keep your '' |
===== Testing ===== | ===== Testing ===== | ||
- | Before starting | + | Before starting |
- | | + | # / |
If you see something similar to: | If you see something similar to: | ||
- | | + | 502c06bd slapd starting |
502c06bd daemon: added 4r listener=0x0 | 502c06bd daemon: added 4r listener=0x0 | ||
502c06bd daemon: added 6r listener=0x7f7ffc427180 | 502c06bd daemon: added 6r listener=0x7f7ffc427180 | ||
Line 125: | Line 125: | ||
502c06bd daemon: waked | 502c06bd daemon: waked | ||
502c06bd daemon: select: listen=6 active_threads=0 tvp=NULL | 502c06bd daemon: select: listen=6 active_threads=0 tvp=NULL | ||
- | 502c06bd daemon: select: listen=7 active_threads=0 tvp=NULL" | + | 502c06bd daemon: select: listen=7 active_threads=0 tvp=NULL |
- | Then you have succeeded in configuring an OpenLDAP to a point where it will start successfully. Press Ctrl+C to stop the server. You can start or stop the server as a daemon using "/ | + | Then you have succeeded in configuring an OpenLDAP to a point where it will start successfully. Press Ctrl+C to stop the server. You can start or stop the server as a daemon using '' |
- | **Note: From this point, configuration will become specific to providing authentication and authorisation | + | **Note: From this point, configuration will become specific to providing authentication and authorization |
===== Including extra schemata ===== | ===== Including extra schemata ===== | ||
- | Three schemata will need to be used by "slapd" | + | Three schemata will need to be used by '' |
- | "cosine.schema"Includes “generally useful” objects and attributes (sic)"nis.schema"Includes objects and attributes for use in representing fields from BSD-style flat file authentication and authorisation | + | * '' |
+ | *Includes “generally useful” objects and attributes (sic) | ||
+ | * '' | ||
+ | * Includes objects and attributes for use in representing fields from BSD-style flat file authentication and authorization | ||
+ | * '' | ||
+ | * Includes objects and attributes for representing contact information and organizational | ||
- | These files are included by adding the following three lines underneath the first include we changed earlier in the "/ | + | These files are included by adding the following three lines underneath the first include we changed earlier in the '' |
- | "include | + | <file config / |
+ | | ||
include | include | ||
- | include | + | include |
+ | </ | ||
At the end of this file, we’ll also add another index. Searching on non-indexed fields can result in no results being returned, so this is important. | At the end of this file, we’ll also add another index. Searching on non-indexed fields can result in no results being returned, so this is important. | ||
- | | + | index |
===== Configuring ACLs ===== | ===== Configuring ACLs ===== | ||
- | The sample configuration in "/ | + | The sample configuration in '' |
- | "access to dn.base="" | + | <file config / |
+ | | ||
access to dn.base=" | access to dn.base=" | ||
access to * | access to * | ||
by self write | by self write | ||
by users read | by users read | ||
- | by anonymous auth" | + | by anonymous auth |
+ | </ | ||
===== A second test ===== | ===== A second test ===== | ||
- | To ensure that no errors have been made while configuring, | + | To ensure that no errors have been made while configuring, |
- | | + | # / |
===== Importing data ===== | ===== Importing data ===== | ||
Line 170: | Line 178: | ||
Copy the following example into a text file: | Copy the following example into a text file: | ||
- | "# Create top-level object in domain | + | < |
+ | | ||
dn: dc=shiftout, | dn: dc=shiftout, | ||
objectClass: | objectClass: | ||
Line 216: | Line 225: | ||
objectClass: | objectClass: | ||
cn: irl | cn: irl | ||
- | gidNumber: 2000" | + | gidNumber: 2000 |
+ | </ | ||
The following is used in this example: | The following is used in this example: | ||
Line 226: | Line 236: | ||
These three values will need to be changed. Hopefully you can also use common sense to identify names and contact information that will need to be changed. | These three values will need to be changed. Hopefully you can also use common sense to identify names and contact information that will need to be changed. | ||
- | Assuming you have saved your LDIF file as "/tmp/ldif", run the following command to import it: | + | Assuming you have saved your LDIF file as '' |
- | | + | ldapadd -D " |
You will need to replace the bind DN here with the correct root DN and suffix you specified earlier. | You will need to replace the bind DN here with the correct root DN and suffix you specified earlier. | ||
- | **Note for experienced users: Tools such as "slapadd", "slapcat", etc. work directly on the OpenLDAP database files. As the path for this is set in a configuration file that assumes it’s being used in the chroot, they will not work. Experienced users may decide to setup another | + | **Note for experienced users: Tools such as '' |
You can check the import was successful by running: | You can check the import was successful by running: | ||
- | | + | ldapwhoami -D " |
Replace the uid and suffix with the ones that you have created. You should see an output similar to: | Replace the uid and suffix with the ones that you have created. You should see an output similar to: | ||
- | | + | dn: |
If you see this, you have correctly configured a working LDAP server, to which you can add, query, modify, and remove data representing users and groups. | If you see this, you have correctly configured a working LDAP server, to which you can add, query, modify, and remove data representing users and groups. | ||
Line 248: | Line 258: | ||
Apache Directory Studio provides a graphical browser that you can use to add, query, modify and remove data from your LDAP database. It can be downloaded from http:// | Apache Directory Studio provides a graphical browser that you can use to add, query, modify and remove data from your LDAP database. It can be downloaded from http:// | ||
- | $Id: VPS_NetBSD_OpenLDAP.html, | + | ---- |
+ | $Id: VPS_NetBSD_OpenLDAP.html, |
vps_-_netbsd_with_ldap.1617356078.txt.gz · Last modified: 2021/04/02 09:34 by hc9