source: trunk/server/doc/HOWTO-SETUP-LDAP @ 1558

Last change on this file since 1558 was 1532, checked in by quentin, 14 years ago
Add an index on scriptsVhostAccount, so that Pony's query will be happy
File size: 3.3 KB
Line 
1To set up a new LDAP server:
2
3- Install the RPM 389-ds-base with yum
4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/setup-ds.pl
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
14- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
15  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
16- /sbin/service dirsrv stop
17- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
18- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
19- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
20- Generate a pkcs12 cert for the server:
21- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
22- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
23- Put LDAP keytab in /etc/dirsrv/keytab
24- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
25- mkdir -p /var/tmp/dirsrv
26- chown fedora-ds:fedora-ds /var/tmp/dirsrv
27- chmod 755 /var/run/dirsrv
28- /sbin/service dirsrv restart
29- Use ldapvi -b cn=config to add these indexes:
30
31add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
32objectClass: top
33objectClass: nsIndex
34cn: apacheServerName
35nsSystemIndex: false
36nsIndexType: eq
37nsIndexType: pres
38
39add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
40objectClass: top
41objectClass: nsIndex
42cn: apacheServerAlias
43nsSystemIndex: false
44nsIndexType: eq
45nsIndexType: pres
46
47add cn=scriptsVhostName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
48objectClass: top
49objectClass: nsIndex
50cn: scriptsVhostName
51nsSystemIndex: false
52nsIndexType: eq
53nsIndexType: pres
54
55add cn=scriptsVhostAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
56objectClass: top
57objectClass: nsIndex
58cn: scriptsVhostAlias
59nsSystemIndex: false
60nsIndexType: eq
61nsIndexType: pres
62
63add cn=scriptsVhostAccount, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
64objectClass: top
65objectClass: nsIndex
66cn: scriptsVhostAccount
67nsSystemIndex: false
68nsIndexType: eq
69nsIndexType: pres
70
71add cn=memberuid, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
72objectClass: top
73objectClass: nsIndex
74cn: memberuid
75nsSystemIndex: false
76nsIndexType: eq
77nsIndexType: pres
78
79add cn=uidnumber, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
80objectClass: top
81objectClass: nsIndex
82cn: uidnumber
83nsSystemIndex: false
84nsIndexType: eq
85nsIndexType: pres
86
87add cn=gidnumber, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
88objectClass: top
89objectClass: nsIndex
90cn: gidnumber
91nsSystemIndex: false
92nsIndexType: eq
93nsIndexType: pres
94
95- Build the indexes for all the fields:
96
97    /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot
98
99-  Watch for the indexing operations to finish with this command:
100
101    ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
102
103- Set up replication:
104  (basically, execute
105   http://directory.fedoraproject.org/sources/contrib/mmr.pl
106   manually)
Note: See TracBrowser for help on using the repository browser.