source: trunk/server/doc/HOWTO-SETUP-LDAP @ 1177

Last change on this file since 1177 was 1177, checked in by quentin, 15 years ago
Document how to generate a pkcs12 file from a PEM certificate and key
File size: 2.2 KB
Line 
1To set up a new LDAP server:
2
3- Install the RPM fedora-ds-base with yum
4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/setup-ds.pl
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
14- /sbin/service dirsrv stop
15- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
16- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
17- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
18- Generate a pkcs12 cert for the server:
19- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
20- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
21- Put LDAP keytab in /etc/dirsrv/keytab
22- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
23- mkdir -p /var/tmp/dirsrv
24- chown fedora-ds:fedora-ds /var/tmp/dirsrv
25- chmod 755 /var/run/dirsrv
26- /sbin/service dirsrv restart
27- Use ldapvi -b cn=config to add these indexes:
28
29add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
30objectClass: top
31objectClass: nsIndex
32cn: apacheServerName
33nsSystemIndex: false
34nsIndexType: eq
35nsIndexType: pres
36
37add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
38objectClass: top
39objectClass: nsIndex
40cn: apacheServerAlias
41nsSystemIndex: false
42nsIndexType: eq
43nsIndexType: pres
44
45- Build the indexes with:
46    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerName
47    - Watch the progress with: ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
48    - Wait for it to finish before:
49    - /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot -t apacheServerAlias
50
51- Set up replication:
52  (basically, execute
53   http://directory.fedoraproject.org/sources/contrib/mmr.pl
54   manually)
Note: See TracBrowser for help on using the repository browser.