source: server/doc/HOWTO-SETUP-LDAP @ 951

Last change on this file since 951 was 951, checked in by andersk, 13 years ago
chmod 755 /var/run/dirsrv
File size: 2.1 KB
Line 
1To set up a new LDAP server:
2
3- Install the RPM fedora-ds-base with yum
4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/setup-ds.pl
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
14- /sbin/service dirsrv stop
15- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
16- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
17- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
18- Generate a pkcs12 cert for the server:
19- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
20- Put LDAP keytab in /etc/dirsrv/keytab
21- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
22- mkdir -p /var/tmp/dirsrv
23- chown fedora-ds:fedora-ds /var/tmp/dirsrv
24- chmod 755 /var/run/dirsrv
25- /sbin/service dirsrv restart
26- Use ldapvi -b cn=config to add these indexes:
27
28add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
29objectClass: top
30objectClass: nsIndex
31cn: apacheServerName
32nsSystemIndex: false
33nsIndexType: eq
34nsIndexType: pres
35
36add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
37objectClass: top
38objectClass: nsIndex
39cn: apacheServerAlias
40nsSystemIndex: false
41nsIndexType: eq
42nsIndexType: pres
43
44- Build the indexes with:
45    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerName
46    - Watch the progress with: ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
47    - Wait for it to finish before:
48    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerAlias
49
50- Set up replication:
51  (basically, execute
52   http://directory.fedoraproject.org/sources/contrib/mmr.pl
53   manually)
Note: See TracBrowser for help on using the repository browser.