Solução para o bug do #ubuntu 9.10 na instalação do #openldap

Passei um bocado de tempo resolvendo um bug na instalação do Open Ldap.

A interface de instalação não funciona corretamente.

 

A solução:

Step 1

Run the following command to add all the LDAP schemas in the slapd package to your cn=config (by default only core is added):

 

Code:
ls /etc/ldap/schema/*.ldif | xargs -I {} sudo ldapadd -Y EXTERNAL -H ldapi:/// -f {}

Step 2

Create a file called db.ldif with the following contents. This will setup a database for a domain dc=home,dc=local (aka home.local). Also, only the cn=admin,dc=hoome,dc=local can manage this database (pass:admin).

 

Code:
# Load modules for database typedn: cn=module,cn=configobjectclass: olcModuleListcn: moduleolcModuleLoad: back_bdb.la# Create directory databasedn: olcDatabase=bdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcBdbConfigolcDatabase: bdb# Domain name (e.g. home.local)olcSuffix: dc=home,dc=local# Location on system where database is storedolcDbDirectory: /var/lib/ldap# Manager of the databaseolcRootDN: cn=admin,dc=home,dc=localolcRootPW: admin# Indices in database to speed up searchesolcDbIndex: uid pres,eqolcDbIndex: cn,sn,mail pres,eq,approx,subolcDbIndex: objectClass eq# Allow users to change their own password# Allow anonymous to authenciate against the password# Allow admin to change anyone's passwordolcAccess: to attrs=userPassword  by self write  by anonymous auth  by dn.base="cn=admin,dc=home,dc=local" write  by * none# Allow users to change their own record# Allow anyone to read directoryolcAccess: to *  by self write  by dn.base="cn=admin,dc=home,dc=local" write  by * read

Run the following command on the file above to add the database to the LDAP server. Note that Karmic uses the EXTERNAL SASL binding to communicate with the LDAP server. There is no admin user or password here:

 

Code:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif

Step 3

Create another file for all the people you want to add, we’ll call it people.ldif

 

Code:
# Create top-level object in domaindn: dc=home,dc=localobjectClass: topobjectClass: dcObjectobjectclass: organizationo: home.localdc: homedescription: Home network dn: ou=people,dc=home,dc=localobjectClass: organizationalUnitou: peopledn: ou=groups,dc=home,dc=localobjectClass: organizationalUnitou: groupsdn: uid=john,ou=people,dc=home,dc=localobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountuid: johnsn: DoegivenName: Johncn: John DoedisplayName: John DoeuidNumber: 1000gidNumber: 10000userPassword: passwordgecos: John DoeloginShell: /bin/bashhomeDirectory: /home/johnshadowExpire: -1shadowFlag: 0shadowWarning: 7shadowMin: 8shadowMax: 999999shadowLastChange: 10877mail: [email protected]: 31000l: Toulouseo: Examplemobile: +33 (0)6 xx xx xx xxhomePhone: +33 (0)5 xx xx xx xxtitle: System AdministratorpostalAddress: initials: JDdn: cn=example,ou=groups,dc=home,dc=localobjectClass: posixGroupcn: examplegidNumber: 10000

Since we have created our own access control lists for the dc=home,dc=local database, we must change the binding method (i.e. auth with the admin user and password). Add the data for the directory via the following command:

 

Code:
sudo ldapadd -x -D cn=admin,dc=home,dc=local -w admin -f people.ldif

Step 4

From a client, you can now check to see if you can read the database:

 

Code:
ldapsearch -x -H ldap://dustball.home.local -b dc=home,dc=local

 

 

 

 

 

 

 

 

 

 

 

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *