vps_-_netbsd_with_ldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
vps_-_netbsd_with_ldap [2021/04/02 09:42] – [A second test] hc9 | vps_-_netbsd_with_ldap [2021/04/02 19:27] (current) – [Graphical Client] hc9 | ||
---|---|---|---|
Line 60: | Line 60: | ||
{SSHA}1LuiLGmSO+EoPA0uk80v4TC5xwacBOWg | {SSHA}1LuiLGmSO+EoPA0uk80v4TC5xwacBOWg | ||
- | **Note: The "-s" | + | **Note: The '' |
- | You should copy the whole line to your clipboard as we will need it shortly. Then open up "/ | + | You should copy the whole line to your clipboard as we will need it shortly. Then open up '' |
The first three lines that need changing are near the top of the file. They start with include, pidfile and argsfile and have a path to a file following them. These paths point to the read-only filesystem of the SDF VPS pkgsrc and not our chroot, so they should be changed like so: | The first three lines that need changing are near the top of the file. They start with include, pidfile and argsfile and have a path to a file following them. These paths point to the read-only filesystem of the SDF VPS pkgsrc and not our chroot, so they should be changed like so: | ||
Line 71: | Line 71: | ||
argsfile | argsfile | ||
- | Next, we’ll need to set the suffix, the root DN, and the password for the root DN. The suffix is normally formed from your domain name. In this example, the domain name is shiftout.org, | + | Next, we’ll need to set the suffix, the root DN, and the password for the root DN. The suffix is normally formed from your domain name. In this example, the domain name is shiftout.org, |
suffix | suffix | ||
Line 84: | Line 84: | ||
The final step before running the server for the first time is to configure the rc scripts. These allow for the server to be started on boot. | The final step before running the server for the first time is to configure the rc scripts. These allow for the server to be started on boot. | ||
- | First, copy the example rc script for slapd into the "/etc/rc.d" | + | First, copy the example rc script for slapd into the '' |
# cp / | # cp / | ||
- | Then edit the new file "/ | + | Then edit the new file '' |
- | There are two lines you need to edit here. The line defining where to find "slapd" | + | There are two lines you need to edit here. The line defining where to find '' |
The first line that needs to be edited is the location of the configuration file, which should look like this: | The first line that needs to be edited is the location of the configuration file, which should look like this: | ||
- | | + | required_files="/ |
The second line is the command line arguments that are passed to " | The second line is the command line arguments that are passed to " | ||
- | | + | command_args=" |
- | The "-u" | + | The '' |
- | Finally, it is necessary to enable | + | Finally, it is necessary to enable |
- | | + | # echo " |
- | You can edit the file manually and add this line if you would like to keep your "rc.conf" organised | + | You can edit the file manually and add this line if you would like to keep your '' |
===== Testing ===== | ===== Testing ===== | ||
- | Before starting | + | Before starting |
- | | + | # / |
If you see something similar to: | If you see something similar to: | ||
- | | + | 502c06bd slapd starting |
502c06bd daemon: added 4r listener=0x0 | 502c06bd daemon: added 4r listener=0x0 | ||
502c06bd daemon: added 6r listener=0x7f7ffc427180 | 502c06bd daemon: added 6r listener=0x7f7ffc427180 | ||
Line 125: | Line 125: | ||
502c06bd daemon: waked | 502c06bd daemon: waked | ||
502c06bd daemon: select: listen=6 active_threads=0 tvp=NULL | 502c06bd daemon: select: listen=6 active_threads=0 tvp=NULL | ||
- | 502c06bd daemon: select: listen=7 active_threads=0 tvp=NULL" | + | 502c06bd daemon: select: listen=7 active_threads=0 tvp=NULL |
- | Then you have succeeded in configuring an OpenLDAP to a point where it will start successfully. Press Ctrl+C to stop the server. You can start or stop the server as a daemon using "/ | + | Then you have succeeded in configuring an OpenLDAP to a point where it will start successfully. Press Ctrl+C to stop the server. You can start or stop the server as a daemon using '' |
- | **Note: From this point, configuration will become specific to providing authentication and authorisation | + | **Note: From this point, configuration will become specific to providing authentication and authorization |
===== Including extra schemata ===== | ===== Including extra schemata ===== | ||
- | Three schemata will need to be used by "slapd" | + | Three schemata will need to be used by '' |
- | "cosine.schema"Includes “generally useful” objects and attributes (sic)"nis.schema"Includes objects and attributes for use in representing fields from BSD-style flat file authentication and authorisation | + | * '' |
+ | *Includes “generally useful” objects and attributes (sic) | ||
+ | * '' | ||
+ | * Includes objects and attributes for use in representing fields from BSD-style flat file authentication and authorization | ||
+ | * '' | ||
+ | * Includes objects and attributes for representing contact information and organizational | ||
- | These files are included by adding the following three lines underneath the first include we changed earlier in the "/ | + | These files are included by adding the following three lines underneath the first include we changed earlier in the '' |
- | "include | + | <file config / |
+ | | ||
include | include | ||
- | include | + | include |
+ | </ | ||
At the end of this file, we’ll also add another index. Searching on non-indexed fields can result in no results being returned, so this is important. | At the end of this file, we’ll also add another index. Searching on non-indexed fields can result in no results being returned, so this is important. | ||
- | | + | index |
===== Configuring ACLs ===== | ===== Configuring ACLs ===== | ||
- | The sample configuration in "/ | + | The sample configuration in '' |
- | "access to dn.base="" | + | <file config / |
+ | | ||
access to dn.base=" | access to dn.base=" | ||
access to * | access to * | ||
by self write | by self write | ||
by users read | by users read | ||
- | by anonymous auth" | + | by anonymous auth |
+ | </ | ||
===== A second test ===== | ===== A second test ===== | ||
Line 228: | Line 236: | ||
These three values will need to be changed. Hopefully you can also use common sense to identify names and contact information that will need to be changed. | These three values will need to be changed. Hopefully you can also use common sense to identify names and contact information that will need to be changed. | ||
- | Assuming you have saved your LDIF file as "/tmp/ldif", run the following command to import it: | + | Assuming you have saved your LDIF file as '' |
ldapadd -D " | ldapadd -D " | ||
Line 250: | Line 258: | ||
Apache Directory Studio provides a graphical browser that you can use to add, query, modify and remove data from your LDAP database. It can be downloaded from http:// | Apache Directory Studio provides a graphical browser that you can use to add, query, modify and remove data from your LDAP database. It can be downloaded from http:// | ||
- | $Id: VPS_NetBSD_OpenLDAP.html, | + | ---- |
+ | $Id: VPS_NetBSD_OpenLDAP.html, |
vps_-_netbsd_with_ldap.1617356550.txt.gz · Last modified: 2021/04/02 09:42 by hc9