source: trunk/server/doc/HOWTO-SETUP-LDAP @ 1487

Last change on this file since 1487 was 1473, checked in by mitchb, 14 years ago
LDAP, now with 200% more indexed queries! Previously, only about 1/3 of our LDAP queries were actually being answered using indices. ns-slapd was routinely observed to be eating a huge portion of our CPU. Coincidence? You be the judge. We're going to stop being morons now and use <1% CPU for LDAP.
File size: 3.1 KB
RevLine 
[861]1To set up a new LDAP server:
2
[1296]3- Install the RPM 389-ds-base with yum
[861]4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/setup-ds.pl
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
[1178]14- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
15  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
[861]16- /sbin/service dirsrv stop
[880]17- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
[861]18- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
19- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
[862]20- Generate a pkcs12 cert for the server:
[1177]21- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
[861]22- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
23- Put LDAP keytab in /etc/dirsrv/keytab
24- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
25- mkdir -p /var/tmp/dirsrv
26- chown fedora-ds:fedora-ds /var/tmp/dirsrv
[951]27- chmod 755 /var/run/dirsrv
[861]28- /sbin/service dirsrv restart
[880]29- Use ldapvi -b cn=config to add these indexes:
[861]30
[880]31add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
32objectClass: top
33objectClass: nsIndex
34cn: apacheServerName
35nsSystemIndex: false
36nsIndexType: eq
37nsIndexType: pres
38
39add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
40objectClass: top
41objectClass: nsIndex
42cn: apacheServerAlias
43nsSystemIndex: false
44nsIndexType: eq
45nsIndexType: pres
46
[1473]47add cn=scriptsVhostName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
48objectClass: top
49objectClass: nsIndex
50cn: scriptsVhostName
51nsSystemIndex: false
52nsIndexType: eq
53nsIndexType: pres
[880]54
[1473]55add cn=scriptsVhostAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
56objectClass: top
57objectClass: nsIndex
58cn: scriptsVhostAlias
59nsSystemIndex: false
60nsIndexType: eq
61nsIndexType: pres
62
63add cn=memberuid, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
64objectClass: top
65objectClass: nsIndex
66cn: memberuid
67nsSystemIndex: false
68nsIndexType: eq
69nsIndexType: pres
70
71add cn=uidnumber, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
72objectClass: top
73objectClass: nsIndex
74cn: uidnumber
75nsSystemIndex: false
76nsIndexType: eq
77nsIndexType: pres
78
79add cn=gidnumber, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
80objectClass: top
81objectClass: nsIndex
82cn: gidnumber
83nsSystemIndex: false
84nsIndexType: eq
85nsIndexType: pres
86
87- Build the indexes for all the fields:
88
89    /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot
90
91-  Watch for the indexing operations to finish with this command:
92
93    ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
94
[862]95- Set up replication:
96  (basically, execute
97   http://directory.fedoraproject.org/sources/contrib/mmr.pl
[951]98   manually)
Note: See TracBrowser for help on using the repository browser.