Zum Inhalt springen

OpenLDAP

Aus Foxwiki

OpenLDAP is an open-source implementation of the LDAP protocol.

Beschreibung

  • An LDAP server basically is a non-relational database which is optimised for accessing, but not writing, data.
  • It is mainly used as an address book (for e.g. email clients) or authentication backend to various services (such as Samba, where it is used to emulate a domain controller, or Linux system authentication, where it replaces /etc/passwd) and basically holds the user data.
Note:
Commands related to OpenLDAP that begin with ldap (like ldapsearch) are client-side utilities, while commands that begin with slap (like slapcat) are server-side.

Tip: 
Directory services are an enormous topic.
  • Configuration can therefore be complex.
  • If you are totally new to those concepts, this is a good introduction that is easy to understand and that will get you started, even if you are new to LDAP.

Installation

OpenLDAP contains both a LDAP server and client. Install it with the package openldap.

Anwendungen

Syntax

Optionen

Parameter

Umgebungsvariablen

Exit-Status

Konfiguration

Dateien

Sicherheit

Dokumentation

RFC

Man-Pages

Info-Pages

Siehe auch

Links

Projekt-Homepage

Weblinks

  1. https://wiki.archlinux.org/title/OpenLDAP
  2. Official OpenLDAP Software 2.4 Administrator's Guide
  3. phpLDAPadmin is a web interface tool in the style of phpMyAdmin.
  4. LDAP authentication
  5. apachedirectorystudioAUR from the Arch User Repository is an Eclipse-based LDAP viewer.
  6. Works perfect with OpenLDAP installations.

Einzelnachweise

Testfragen

Testfrage 1

Antwort1

Testfrage 2

Antwort2

Testfrage 3

Antwort3

Testfrage 4

Antwort4

Testfrage 5

Antwort5

TMP

Next steps

You now have a basic LDAP installation.

  • The next step is to design your directory.
  • The design is heavily dependent on what you are using it for.
  • If you are new to LDAP, consider starting with a directory design recommended by the specific client services that will use the directory (PAM, Postfix, etc).

A directory for system authentication is the LDAP authentication article.

A nice web frontend is phpLDAPadmin.

Backup LDAP

It is imperative that we have a backup of our LDAP database and configuration in case we ever need to restore for any number of reasons.

Export configuration

$ sudo -u ldap slapcat -vF /etc/openldap/slapd.d -n 0 -l "$(hostname)-ldap-mdb-config-$(date '+%F').ldif"

Export database

$ sudo -u ldap slapcat -v -n 1 -l "$(hostname)-ldap-database-$(date '+%F').ldif"

Restore LDAP

Import configuration

$ sudo -u ldap slapadd -v -n 0 -F /etc/openldap/slapd.d -l <filename from config export>

Import database

$ sudo -u ldap slapadd -v -n 1 -F /etc/openldap/slapd.d -l <filename from database export>

Troubleshooting

slapd configuration checking

You can check configuration settings with

$ slaptest -F /etc/openldap/slapd.d/ -v

Client authentication checking

If you cannot connect to your server for non-secure authentication:

$ ldapsearch -x -H ldap://ldaservername:389 -D cn=Manager,dc=example,dc=exampledomain

and for TLS secured authentication with:

$ ldapsearch -x -H ldaps://ldaservername:636 -D cn=Manager,dc=example,dc=exampledomain

LDAP server stops suddenly

If you notice that slapd seems to start but then stops, try running:

# chown -R ldap:ldap /var/lib/openldap

to allow slapd write access to its data directory as the user "ldap".

LDAP server does not start

Try starting the server from the command line with debugging output enabled:

# slapd -u ldap -g ldap -h ldaps://ldaservername:636 -d Config,Stats

Abgerufen von „https://wiki.foxtom.de/index.php?title=OpenLDAP&oldid=42419