source: trunk/server/doc/HOWTO-SETUP-LDAP @ 1601

Last change on this file since 1601 was 1532, checked in by quentin, 16 years ago
Add an index on scriptsVhostAccount, so that Pony's query will be happy
File size: 3.3 KB
RevLine 
[861]1To set up a new LDAP server:
2
[1296]3- Install the RPM 389-ds-base with yum
[861]4- root# env NSS_NONLOCAL_IGNORE=1 useradd -r -d /var/lib/dirsrv fedora-ds
5- root# /usr/sbin/setup-ds.pl
6    - Choose a typical install
7    - Tell it to use the fedora-ds user and group
8    - Directory server identifier: scripts
9    - Suffix: dc=scripts,dc=mit,dc=edu
10    - Input directory manager password
11- yum install ldapvi
12- /sbin/service dirsrv start
13- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
[1178]14- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
15  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
[861]16- /sbin/service dirsrv stop
[880]17- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
[861]18- wget http://web.mit.edu/geofft/Public/scripts-ca.pem
19- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
[862]20- Generate a pkcs12 cert for the server:
[1177]21- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
[861]22- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
23- Put LDAP keytab in /etc/dirsrv/keytab
24- Uncomment and modify in /etc/syscnfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
25- mkdir -p /var/tmp/dirsrv
26- chown fedora-ds:fedora-ds /var/tmp/dirsrv
[951]27- chmod 755 /var/run/dirsrv
[861]28- /sbin/service dirsrv restart
[880]29- Use ldapvi -b cn=config to add these indexes:
[861]30
[880]31add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
32objectClass: top
33objectClass: nsIndex
34cn: apacheServerName
35nsSystemIndex: false
36nsIndexType: eq
37nsIndexType: pres
38
39add cn=apacheServerAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
40objectClass: top
41objectClass: nsIndex
42cn: apacheServerAlias
43nsSystemIndex: false
44nsIndexType: eq
45nsIndexType: pres
46
[1473]47add cn=scriptsVhostName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
48objectClass: top
49objectClass: nsIndex
50cn: scriptsVhostName
51nsSystemIndex: false
52nsIndexType: eq
53nsIndexType: pres
[880]54
[1473]55add cn=scriptsVhostAlias, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
56objectClass: top
57objectClass: nsIndex
58cn: scriptsVhostAlias
59nsSystemIndex: false
60nsIndexType: eq
61nsIndexType: pres
62
[1532]63add cn=scriptsVhostAccount, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
64objectClass: top
65objectClass: nsIndex
66cn: scriptsVhostAccount
67nsSystemIndex: false
68nsIndexType: eq
69nsIndexType: pres
70
[1473]71add cn=memberuid, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
72objectClass: top
73objectClass: nsIndex
74cn: memberuid
75nsSystemIndex: false
76nsIndexType: eq
77nsIndexType: pres
78
79add cn=uidnumber, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
80objectClass: top
81objectClass: nsIndex
82cn: uidnumber
83nsSystemIndex: false
84nsIndexType: eq
85nsIndexType: pres
86
87add cn=gidnumber, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
88objectClass: top
89objectClass: nsIndex
90cn: gidnumber
91nsSystemIndex: false
92nsIndexType: eq
93nsIndexType: pres
94
95- Build the indexes for all the fields:
96
97    /usr/lib64/dirsrv/slapd-scripts/db2index.pl -D "cn=Directory Manager" -j /etc/signup-ldap-pw -n userRoot
98
99-  Watch for the indexing operations to finish with this command:
100
101    ldapsearch -x -y /etc/signup-ldap-pw -D 'cn=Directory Manager' -b cn=tasks,cn=config
102
[862]103- Set up replication:
104  (basically, execute
105   http://directory.fedoraproject.org/sources/contrib/mmr.pl
[951]106   manually)
Note: See TracBrowser for help on using the repository browser.