Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

261

262

263

264

265

266

267

268

269

270

Chapter 18. Lightweight Directory Access Protocol (LDAP) 263

The basic steps for creating an LDAP server are as follows:

1. Install the openldap, openldap-servers, and openldap-clients RPMs.

2. Edit the /etc/openldap/slapd.conf ﬁle to reference your LDAP domain and server. Refer

to Section 18.4.1 for more information on how to edit this ﬁle.

3. Start slapd with the command:

/sbin/service/ldap start

After you have conﬁgured LDAP correctly, you can use chkconfig, ntsysv, or Services Con-

ﬁguration Tool to conﬁgure LDAP to start at boot time. For more information about conﬁguring

services, see to the chapter titled Controlling Access to Services in the Ofﬁcial Red Hat Linux

Customization Guide.

4. Add entries to your LDAP directory with ldapadd.

5. Use ldapsearch to see if slapd is accessing the information correctly.

6. At this point, your LDAP directory should be functioning properly and you can conﬁgure any

LDAP-enabled applications to use the LDAP directory.

18.6. Upgrading To OpenLDAP Version 2.0

In OpenLDAP Version 2.0, the on-disk storage format used by the slapd LDAP server has changed.

If you are upgrading LDAP from Red Hat Linux 7.0 or earlier, you will need to extract the existing

LDAP directories to an LDIF ﬁle using the following command:

ldbmcat -n

ldif_file

In the above command, change ldif_file to the name of the output ﬁle. Next type the follow-

ing command to import this ﬁle into OpenLDAP 2.0:

slapadd -l

ldif_file

18.7. Conﬁguring Your System to Authenticate Using OpenLDAP

This section provides a brief overview of how to conﬁgure a Red Hat Linux system to authenticate

using OpenLDAP. Unless you are an OpenLDAP expert, you will probably need more documentation

than is provided here. Please refer to the references provided in Section 18.8 for more information.

18.7.1. Install the Necessary LDAP Packages

First, you should make sure that the appropriate packages are installed on both the LDAP server and

the LDAP client machines. The LDAP server needs the openldap-server package.

The LDAP client machines need the following packages installed: openldap, openldap-clients,

and nss_ldap.

18.7.2. Edit the Conﬁguration Files

18.7.2.1. On the Server, Edit slapd.conf

Edit the /etc/openldap/slapd.conf ﬁle on the LDAP server to make sure it matches the speciﬁcs

of your organization. Please refer to Section 18.4.1 for instructions on editing slapd.conf.