openldap install centos 8 1

openldap install centos 8

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 42949672960
olcDbDirectory: /var/lib/openldap
olcSuffix: dc=ldapmaster,dc=kifarunix-demo,dc=com
olcRootDN: cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com
olcRootPW: {SSHA}5Hcgjj4gtcr/exLcdSRuYgH6bFhIqkSe
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn pres,eq,approx,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: objectClass pres,eq
olcDbIndex: loginShell pres,eq
olcDbIndex: sudoUser,sudoHost pres,eq
olcAccess: to attrs=userPassword,shadowLastChange,shadowExpire
  by self write
  by anonymous auth
  by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
  by dn.subtree="ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com" read
  by * none
olcAccess: to dn.subtree="ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com" by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
  by * none
olcAccess: to dn.subtree="dc=ldapmaster,dc=kifarunix-demo,dc=com" by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
  by users read 
  by * none

Here is what the above code is Doing:
1. It’s creating a new database called mdb.
2. It’s setting the maximum size of the database to 40GB.
3. It’s setting the database directory to /var/lib/openldap.
4. It’s setting the suffix to dc=ldapmaster,dc=kifarunix-demo,dc=com.
5. It’s setting the root DN to cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com.
6. It’s setting the root password to {SSHA}5Hcgjj4gtcr/exLcdSRuYgH6bFhIqkSe.
7. It’s indexing the uid, cn, sn, mail, objectClass, loginShell, sudoUser and sudoHost attributes.
8. It’s setting the access control to the userPassword, shadowLastChange and shadowExpire attributes.
9. It’s setting the access control to the ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com subtree.
10. It’s setting the access control to the dc=ldapmaster,dc=kifarunix-demo,dc=com subtree.

Now, let’s add the above configuration to the LDAP server.

# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ldap_database.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “olcDatabase=mdb,cn=config”

# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config ‘(olcDatabase=mdb)’
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (olcDatabase=mdb)
# requesting: ALL
#

# olcDatabase=mdb,cn=config
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 42949672960
olcDbDirectory: /var/lib/openldap
olcSuffix: dc=ldapmaster,dc=kifarunix-demo,dc=com
olcRootDN: cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com
olcRootPW: {SSHA}5Hcgjj4gtcr/exLcdSRuYgH6bFhIqkSe
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn pres,eq,approx,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: objectClass pres,eq
olcDbIndex: loginShell pres,eq
olcDbIndex: sudoUser,sudoHost pres,eq
olcAccess: to attrs=userPassword,shadowLastChange,shadowExpire
by self write
by anonymous auth
by dn.subtree=”

Similar Posts