Manualshelf

Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX
261262263264265266267268269270
Chapter 18. Lightweight Directory Access Protocol (LDAP) 261
/etc/openldap/slapd.conf This is the configuration file for the slapd daemon. See Sec-
tion 18.4.1 for more information about this file.
Note
If the nss_ldap package is installed, it will create a file named /etc/ldap.conf. This file is used by
the PAM and NSS modules supplied by the nss_ldap package. See Section 18.7 for more information
about this configuration file.
18.4.1. slapd.conf
In order to use the slapd LDAP server, you will need to modify its configuration file,
/etc/openldap/slapd.conf. You must to edit this file to make it specific to your domain and
server.
The suffix line names the domain for which the LDAP server will provide information. The suffix
line should be changed from:
suffix "dc=your-domain,dc=com"
so that it reflects your domain name. For example:
suffix "dc=example,dc=com"
The rootdn entry is the Distinguished Name (DN) for a user who is unrestricted by access controls
or administrative limit parameters set for operations on the LDAP directory. The rootdn user can be
thought of as the root user for the LDAP directory. In the configuration file, change the rootdn line
from its default value to something like the example below:
rootdn "cn=root,dc=example,dc=com"
Change the rootpw line to something like the example below:
rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u
In the rootpw example, you are using an encrypted root password, which is a much better idea than
leaving a plain text root password in the slapd.conf file. To make this encrypted string, type the
following command:
slappasswd
You will be prompted to type and then re-type a password. The program prints the resulting encrypted
password to the terminal.
Warning
LDAP passwords, including the rootpw directive specified in /etc/openldap/slapd.conf, are sent
over the network in plain text unless you enable TLS encryption.
For added security, the rootpw directive should only be used if the initial configuration and population
of the LDAP directory occurs over a network. After the task is completed, it is best to comment out
the rootpw directive by preceding it with a pound sign (#).