LDAP¶
Overview¶
Data imports are handled by ldif files
Data structure is defined by schema files
Basic setup¶
Edit /etc/openldap/slapd.conf
suffix is the start of the directory tree (usually the server name)
rootdn defines the admin user
rootpw sets the admins password (generated with slappasswd)
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
suffix "dc=myserver,dc=mydomain,dc=tld"
rootdn "cn=admin,dc=myserver,dc=mydomain,dc=tld"
rootpw <password_hash>
Test config file¶
slaptest -u
Migrate passwd / group¶
Maybe you need to install migrationtools
migrate_base.pl > base.ldif
migrate_group.pl /etc/group > group.ldif
migrate_passwd.pl /etc/passwd > passwd.ldif
Edit ldif files and change
dc=padl,dc=com
todc=myserver,dc=mydomain,dc=tld
Maybe you have to delete the first entry of base.ldif because the root dn already exists
ldapadd -x -D “cn=admin,dc=myserver,dc=mydomain,dc=tld” -W -f base.ldif ldapadd -x -D “cn=admin,dc=myserver,dc=mydomain,dc=tld” -W -f group.ldif ldapadd -x -D “cn=admin,dc=myserver,dc=mydomain,dc=tld” -W -f passwd.ldif
Dump database¶
ldapsearch -x -D "cn=admin,dc=myserver,dc=mydomain,dc=tld" -W -b "dc=myserver,dc=mydomain,dc=tld"
List user / groups¶
getent passwd
getent group
Migrate from 2.3 to 2.4¶
Use
/usr/lib/openldap/convert-config.sh
to convert old slapd.conf to new cn=config format