OpenLDAP configuration brought to Apache Directory Studio
-
Upload
ldapcon -
Category
Technology
-
view
1.746 -
download
1
description
Transcript of OpenLDAP configuration brought to Apache Directory Studio
![Page 1: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/1.jpg)
OpenLDAP configuration brought to
Apache Directory Studio
1
![Page 2: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/2.jpg)
<OpenLDAP configuration/> brought to
<Apache Directory Studio/>
2
![Page 3: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/3.jpg)
Apache Software Foundation member
Chairman of MINA project
PMC of Apache Directory Project
[email protected] / [email protected]
Emmanuel Lécharny
![Page 4: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/4.jpg)
Apache Directory Studio
4
![Page 5: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/5.jpg)
OpenLDAP configuration
5
slapd.conf
Or
cn=config/
![Page 6: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/6.jpg)
Slapd.conf
6
# See slapd.conf(5) for details on configuration options.include "/opt/symas/etc/openldap/schema/core.schema"
pidfile "/var/symas/run/slapd.pid"argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules.modulepath "/opt/symas/lib/openldap"
# Load dynamic backend modules:moduleload back_hdb.lamoduleload back_monitor.la
# Sample hdb database definitionsdatabase hdbsuffix "dc=example,dc=com"rootdn "dc=example,dc=com"rootpw secret
# Indices to maintainindex default eqindex objectClassindex cn
directory "/var/symas/openldap-data/example"cachesize 5000idlcachesize 5000checkpoint 512 60database monitor
![Page 7: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/7.jpg)
cn=config
7
dn: cn=configolcWriteTimeout: 0olcTLSCRLCheck: noneolcConnMaxPendingAuth: 1000olcIndexIntLen: 4olcIdleTimeout: 0olcIndexHash64: FALSEolcAttributeOptions: lang-olcConfigDir: etc/openldap/slapd.dolcIndexSubstrAnyStep: 2olcPidFile: /var/symas/run/slapd.pid...
dn: cn=schemastructuralObjectClass: olcSchemaConfigcreateTimestamp: 20131117072024.982ZolcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2olcObjectIdentifier: OLcfgAt OLcfg:3olcObjectIdentifier: OLcfgGlAt OLcfgAt:0olcObjectIdentifier: OLcfgBkAt OLcfgAt:1olcObjectIdentifier: OLcfgDbAt OLcfgAt:2olcObjectIdentifier: OLcfgOvAt OLcfgAt:3olcObjectIdentifier: OLcfgCtAt OLcfgAt:4olcObjectIdentifier: OLcfgOc OLcfg:4...
dn: olcDatabase={1}hdbolcDbShmKey: 0olcDbConfig: {0}#olcDbConfig: {1}# DB_CONFIG file for example databaseolcDbConfig: {2}#olcDbConfig: {3}# IMPORTANTolcDbConfig: {4}# Changes will automatically take effect after slapd is restarted....
![Page 8: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/8.jpg)
Why cn=config ?
8
Configuration in LDAP
Can be replicated
Allows dynamic configuration
Protects against misconfigurations
![Page 9: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/9.jpg)
But...
9
People keep using vi/Emacs
More complex than slapd.conf
You have to use ldapadd/ldapmodify/ldapdelete
![Page 10: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/10.jpg)
But...
10
« It is of course possible for a careful, clueful admin to edit the files by hand without breaking
anything. »
« But let's face it, the majority of people out there, and particularly the people having
problems that drive them to post on this mailing list, are neither careful enough nor clueful
enough to qualify for these activities. »
![Page 11: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/11.jpg)
Let's use Studio !
11
![Page 12: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/12.jpg)
OpenLDAP configuration plugin
12
Don't have to lecture people who use text editors
Config for dummies (almost)
Many controls done by the plugin
« smart » editors
![Page 13: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/13.jpg)
Backend configuration
13
![Page 14: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/14.jpg)
HDB configuration
14
![Page 15: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/15.jpg)
Replication configuration
15
![Page 16: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/16.jpg)
Options configuration
16
![Page 17: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/17.jpg)
What's next ?
17
Polish the editors
Make it work with slapd.conf
Add the missing elements
Manage versions
Release it !!!
![Page 18: OpenLDAP configuration brought to Apache Directory Studio](https://reader033.fdocuments.us/reader033/viewer/2022042606/546c2d94b4af9f842c8b4fe5/html5/thumbnails/18.jpg)
Thanks!