source: branches/fc11-dev/server/doc/HOWTO-SETUP-LDAP @ 2080

Last change on this file since 2080 was 1179, checked in by mitchb, 15 years ago
Merge r1121:1178 from trunk to branches/fc11-dev
File size: 2.3 KB
1To set up a new LDAP server:
3- Install the RPM fedora-ds-base with yum
4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
14- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
15  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
16- /sbin/service dirsrv stop
17- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
18- wget
19- certutil -d /etc/dirsrv/slapd-scripts -A -n " CA" -t CT,, -a -i scripts-ca.pem
20- Generate a pkcs12 cert for the server:
21- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
22- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
23- Put LDAP keytab in /etc/dirsrv/keytab
24- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
25- mkdir -p /var/tmp/dirsrv
26- chown fedora-ds:fedora-ds /var/tmp/dirsrv
27- chmod 755 /var/run/dirsrv
28- /sbin/service dirsrv restart
29- Use ldapvi -b cn=config to add these indexes:
31add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
32objectClass: top
33objectClass: nsIndex
34cn: apacheServerName
35nsSystemIndex: false
36nsIndexType: eq
37nsIndexType: pres
39add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
40objectClass: top
41objectClass: nsIndex
42cn: apacheServerAlias
43nsSystemIndex: false
44nsIndexType: eq
45nsIndexType: pres
47- Build the indexes with:
48    - /usr/lib64/dirsrv/slapd-scripts/ -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerName
49    - Watch the progress with: ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
50    - Wait for it to finish before:
51    - /usr/lib64/dirsrv/slapd-scripts/ -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerAlias
53- Set up replication:
54  (basically, execute
56   manually)
Note: See TracBrowser for help on using the repository browser.