source: server/doc/HOWTO-SETUP-LDAP @ 880

Last change on this file since 880 was 880, checked in by quentin, 14 years ago
Add indexes for Apache vhosts
File size: 2.0 KB
Line 
1To set up a new LDAP server:
2
3- Install the RPM fedora-ds-base with yum
4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/setup-ds.pl
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
14- /sbin/service dirsrv stop
15- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
16- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
17- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
18- Generate a pkcs12 cert for the server:
19- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
20- Put LDAP keytab in /etc/dirsrv/keytab
21- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
22- mkdir -p /var/tmp/dirsrv
23- chown fedora-ds:fedora-ds /var/tmp/dirsrv
24- /sbin/service dirsrv restart
25- Use ldapvi -b cn=config to add these indexes:
26
27add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
28objectClass: top
29objectClass: nsIndex
30cn: apacheServerName
31nsSystemIndex: false
32nsIndexType: eq
33nsIndexType: pres
34
35add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
36objectClass: top
37objectClass: nsIndex
38cn: apacheServerAlias
39nsSystemIndex: false
40nsIndexType: eq
41nsIndexType: pres
42
43- Build the indexes with:
44    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerName
45    - Watch the progress with: ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
46    - Wait for it to finish before:
47    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerAlias
48
49- Set up replication:
50  (basically, execute
51   http://directory.fedoraproject.org/sources/contrib/mmr.pl
52   manually)
Note: See TracBrowser for help on using the repository browser.