• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OpenLDAP configuration brought to Apache Directory Studio
 

OpenLDAP configuration brought to Apache Directory Studio

on

  • 1,173 views

 

Statistics

Views

Total Views
1,173
Views on SlideShare
1,085
Embed Views
88

Actions

Likes
2
Downloads
5
Comments
0

1 Embed 88

http://lanyrd.com 88

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OpenLDAP configuration brought to Apache Directory Studio OpenLDAP configuration brought to Apache Directory Studio Presentation Transcript

    • OpenLDAP configuration brought to Apache Directory Studio 1
    • <OpenLDAP configuration/> brought to <Apache Directory Studio/> 2
    • Emmanuel Lécharny Apache Software Foundation member Chairman of MINA project PMC of Apache Directory Project elecharny@apache.org / elecharny@symas.com
    • Apache Directory Studio 4
    • OpenLDAP configuration slapd.conf Or cn=config/ 5
    • Slapd.conf # See slapd.conf(5) for details on configuration options. include "/opt/symas/etc/openldap/schema/core.schema" pidfile argsfile "/var/symas/run/slapd.pid" "/var/symas/run/slapd.args" # Choose the directory for loadable modules. modulepath "/opt/symas/lib/openldap" # Load dynamic backend modules: moduleload back_hdb.la moduleload back_monitor.la # Sample hdb database suffix rootdn rootpw database definitions hdb "dc=example,dc=com" "dc=example,dc=com" secret # Indices to maintain index default index objectClass index cn directory cachesize idlcachesize checkpoint database eq "/var/symas/openldap-data/example" 5000 5000 512 60 monitor 6
    • cn=config dn: cn=config olcWriteTimeout: 0 olcTLSCRLCheck: none olcConnMaxPendingAuth: 1000 olcIndexIntLen: 4 olcIdleTimeout: 0 olcIndexHash64: FALSE olcAttributeOptions: langolcConfigDir: etc/openldap/slapd.d olcIndexSubstrAnyStep: 2 olcPidFile: /var/symas/run/slapd.pid ... dn: cn=schema structuralObjectClass: olcSchemaConfig createTimestamp: 20131117072024.982Z olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2 olcObjectIdentifier: OLcfgAt OLcfg:3 olcObjectIdentifier: OLcfgGlAt OLcfgAt:0 olcObjectIdentifier: OLcfgBkAt OLcfgAt:1 olcObjectIdentifier: OLcfgDbAt OLcfgAt:2 olcObjectIdentifier: OLcfgOvAt OLcfgAt:3 olcObjectIdentifier: OLcfgCtAt OLcfgAt:4 olcObjectIdentifier: OLcfgOc OLcfg:4 ... dn: olcDatabase={1}hdb olcDbShmKey: 0 olcDbConfig: {0}# olcDbConfig: {1}# DB_CONFIG file for example database olcDbConfig: {2}# olcDbConfig: {3}# IMPORTANT olcDbConfig: {4}# Changes will automatically take effect after slapd is restarted. ... 7
    • Why cn=config ? Configuration in LDAP Can be replicated Allows dynamic configuration Protects against misconfigurations 8
    • But... People keep using vi/Emacs More complex than slapd.conf You have to use ldapadd/ldapmodify/ldapdelete 9
    • But... « It is of course possible for a careful, clueful admin to edit the files by hand without breaking anything. » « But let's face it, the majority of people out there, and particularly the people having problems that drive them to post on this mailing list, are neither careful enough nor clueful enough to qualify for these activities. » 10
    • Let's use Studio ! 11
    • OpenLDAP configuration plugin Don't have to lecture people who use text editors Config for dummies (almost) Many controls done by the plugin « smart » editors 12
    • Backend configuration 13
    • HDB configuration 14
    • Replication configuration 15
    • Options configuration 16
    • What's next ? Polish the editors Make it work with slapd.conf Add the missing elements Manage versions Release it !!! 17
    • Thanks!