NotesOnOpenLDAP

From Sfvlug

Revision as of 07:25, 18 June 2009 (view source) Jeff (Talk | contribs) ← Previous diff		Revision as of 07:26, 18 June 2009 (view source) Jeff (Talk | contribs) Next diff →
Line 1:		Line 1:
	==Basic LDAP Queries==		==Basic LDAP Queries==
		+
		+	First of all, there are two files named ldap.conf. The first, which I'll cover in a moment, is /etc/ldap.conf, and it is used by pam_ldap and nss_ldap. It is described by the pam_ldap(5) and nss_ldap(5) man pages. In order to use the OpenLDAP command line utilities, you need to configure /etc/openldap/ldap.conf, which is described in the ldap.conf(5) man page.
		+
		+	There are only a few lines needed in /etc/openldap/ldap.conf. Here is a working example:
		+
		+	URI ldap://auth/
		+	BASE dc=reachlocal,dc=com
		+	TLS_CACERTDIR /etc/openldap/cacerts
		+	TLS_REQCERT allow
		+
		+	Without this file, you would have to specify all these parameters on the command line when using ldapsearch and other tools. You can override the contents of /etc/openldap/ldap.conf in your $HOME/.ldaprc file. You can also specify alternative configuration files with the environment variables LDAPCONF and LDAPRC.
	==Adding Users With Migration Scripts==		==Adding Users With Migration Scripts==

---

Revision as of 07:26, 18 June 2009

Contents 1 Basic LDAP Queries 2 Adding Users With Migration Scripts 3 Authentication and Identification 4 LDAP Replication 4.1 What If It Breaks? 5 GUI Tools 6 libuser Tools

Basic LDAP Queries

First of all, there are two files named ldap.conf. The first, which I'll cover in a moment, is /etc/ldap.conf, and it is used by pam_ldap and nss_ldap. It is described by the pam_ldap(5) and nss_ldap(5) man pages. In order to use the OpenLDAP command line utilities, you need to configure /etc/openldap/ldap.conf, which is described in the ldap.conf(5) man page.

There are only a few lines needed in /etc/openldap/ldap.conf. Here is a working example:

URI ldap://auth/ BASE dc=reachlocal,dc=com TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT allow

Without this file, you would have to specify all these parameters on the command line when using ldapsearch and other tools. You can override the contents of /etc/openldap/ldap.conf in your $HOME/.ldaprc file. You can also specify alternative configuration files with the environment variables LDAPCONF and LDAPRC.

Adding Users With Migration Scripts

Authentication and Identification

LDAP Replication

What If It Breaks?

GUI Tools

libuser Tools