source: server/doc/HOWTO-SETUP-LDAP @ 921

Last change on this file since 921 was 880, checked in by quentin, 16 years ago
Add indexes for Apache vhosts
File size: 2.0 KB
1To set up a new LDAP server:
3- Install the RPM fedora-ds-base with yum
4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
14- /sbin/service dirsrv stop
15- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
16- wget
17- certutil -d /etc/dirsrv/slapd-scripts -A -n " CA" -t CT,, -a -i scripts-ca.pem
18- Generate a pkcs12 cert for the server:
19- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
20- Put LDAP keytab in /etc/dirsrv/keytab
21- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
22- mkdir -p /var/tmp/dirsrv
23- chown fedora-ds:fedora-ds /var/tmp/dirsrv
24- /sbin/service dirsrv restart
25- Use ldapvi -b cn=config to add these indexes:
27add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
28objectClass: top
29objectClass: nsIndex
30cn: apacheServerName
31nsSystemIndex: false
32nsIndexType: eq
33nsIndexType: pres
35add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
36objectClass: top
37objectClass: nsIndex
38cn: apacheServerAlias
39nsSystemIndex: false
40nsIndexType: eq
41nsIndexType: pres
43- Build the indexes with:
44    - /usr/lib64/dirsrv/slapd-scripts/ -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerName
45    - Watch the progress with: ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
46    - Wait for it to finish before:
47    - /usr/lib64/dirsrv/slapd-scripts/ -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerAlias
49- Set up replication:
50  (basically, execute
52   manually)
Note: See TracBrowser for help on using the repository browser.