Installazione di LDAP
I source si trova in:
Adesso possiamo installare l’ultima versione di ldap (copiandola), da notare che è sempre buona norma disinstallare la vecchia versione e subito dopo installare la nuova:
Estrarre i file in /programs/openldap/release
tar zxvf openldap-2.3.33.tgz
cd openldap-2.3.33
Compiliamo il tutto
./configure --prefix=/usr/local --enable-slapd --enable-syslog --with-cyrus-sasl=yes --enable-dynamic --enable-rewrite --disable-ipv6 --disable-shell --disable-sql --with-threads --enable-modules --enable-backends=mod --enable-overlays=mod --with-tls --enable-wrapper
Se vi sono errori di dipendenze vanno risolti
Se invece appare l’errore seguente:
configure: error: could not locate libtool ltdl.h
Potrebbe essere necessario eseguire la seguente procedura:
[root@node1 openldap-2.3.33]# cd /usr/share/libtool/libltdl
[root@node1 libltdl]# ./configure
[root@node1 libltdl]# make
[root@node1 libltdl]# make install
Step 3
Ricostruiamo le dipendenze
[root@node1 openldap-2.3.33]# make depend
Compiliamo ldap
[root@node1 openldap-2.3.33]# make
Installiamo ldap
[root@node1 openldap-2.3.33]# make install
Di default viene installato in /usr/local/etc/openldap/ da tenere a mente che slapd.conf dovrà essere modificato per puntare a "/usr/local/libexec/openldap". Dove saranno presenti synprov, accesslog e back_bdb moduli
[slapd.conf] – node1
#slapd.conf Master delta syncrepl Openldap2.3
#path: /usr/local/etc/openldap/slapd.conf
#provider
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
#If your slapd was configured with dynamic module support, and your backends and overlays are not statically compiled, you will need these module statements.
modulepath /usr/local/libexec/openldap
moduleload syncprov.la
moduleload accesslog.la
moduleload back_bdb.la
pidfile /usr/local/var/run/slapd/slapd.pid
argsfile /usr/local/var/run/slapd/slapd.args
# Accesslog database definitions
database bdb
suffix cn=accesslog
directory /usr/local/var/openldap-data/accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
# Samba Primary Database differentialdesign.org
database bdb
suffix "dc=differentialdesign,dc=org"
directory /usr/local/var/openldap-data
rootdn "cn=Manager,dc=differentialdesign,dc=org"
rootpw Manager
index entryCSN eq
index entryUUID eq
overlay syncprov
syncprov-checkpoint 1000 60
# accesslog overlay definitions for primary database
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
logpurge 07+00:00 01+00:00
# give syncuser DN limitless searches
limits dn.exact="cn=syncuser,dc=differentialdesign,dc=org" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
access to attrs=userPassword
by self write
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
by dn="cn=syncuser,dc=differentialdesign,dc=org" read
by * auth
access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
by dn="cn=syncuser,dc=differentialdesign,dc=org" read
access to *
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
by dn="cn=syncuser,dc=differentialdesign,dc=org" read
by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
Creare le seguenti cartelle come per avviare il daemon
[root@node1 ~]# mkdir /usr/local/var/openldap-data
[root@node1 ~]# mkdir /usr/local/var/openldap-data/accesslog
[root@node1 ~]# mkdir /usr/local/var/run/slapd/
à Loggarsi sul nodo2 ed eseguire le stesse operazioni
[Slapd.conf] – Node2
# slapd.conf delta synrepl Openldap2.3
# LDAP Consumer
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
modulepath /usr/local/libexec/openldap
moduleload back_bdb.la
pidfile /usr/local/var/run/slapd/slapd.pid
argsfile /usr/local/var/run/slapd/slapd.args
database bdb
suffix "dc=differentialdesign,dc=org"
directory /usr/local/var/openldap-data
rootdn "cn=Manager,dc=differentialdesign,dc=org"
rootpw Manager
# syncrepl directives
syncrepl rid=0
provider=ldap://node1.differentialdesign.org:389
bindmethod=simple
binddn="cn=syncuser,dc=differentialdesign,dc=org"
credentials=SyncUser
searchbase="dc=differentialdesign,dc=org"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="60 +"
syncdata=accesslog
access to attrs=userPassword
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read
by dn="cn=syncuser,dc=differentialdesign,dc=org" write
by * auth
access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read
by dn="cn=syncuser,dc=differentialdesign,dc=org" write
access to *
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" read
by dn="cn=syncuser,dc=differentialdesign,dc=org" write
by * read
updateref ldap://node1.differentialdesign.org
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
[Ldap.conf] - Node1
#/etc/ldap.conf
# LDAP Master
host node1.differentialdesign.org node2.differentialdesign.org
base dc=differentialdesign,dc=org
binddn cn=Manager,dc=differentialdesign,dc=org
bindpw Manager
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one
nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one
nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one
nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one
nss_base_group ou=Groups,dc=differentialdesign,dc=org?one
ssl no
[Ldap.conf] - Node2
#/etc/ldap.conf
# LDAP Slave
host node2.differentialdesign.org node1.differentialdesign.org
base dc=differentialdesign,dc=org
binddn cn=Manager,dc=differentialdesign,dc=org
bindpw Manager
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=differentialdesign,dc=org?one
nss_base_shadow ou=People,ou=Users,dc=differentialdesign,dc=org?one
nss_base_passwd ou=Computers,ou=Users,dc=differentialdesign,dc=org?one
nss_base_shadow ou=Computers,ou=Users,dc=differentialdesign,dc=org?one
nss_base_group ou=Groups,dc=differentialdesign,dc=org?one
ssl no
[/etc/nsswitch.conf]Di default linux cerca gli utenti ed i gruppi localmente e poi in ldap
You can see the hosts options uses DNS and WINS; the same also applies.
Su entrambi I nodi editare nsswitch.conf come di seguito, lasciare tutte le alter opzioni come di default
#/etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
networks: files dns
[Berkeley DB]Utilizziamo il Berkeley DB
[root@node1 bdb]# wget http://download.oracle.com/berkeley-db/db-4.5.20.tar.gz
[root@node1 bdb]# tar zxvf db-4.5.20.tar.gz
[root@node1 bdb]# cd db-4.5.20
[root@node1 db-4.5.20]# cd build_unix/
[root@node1 build_unix]# ../dist/configure --prefix=/usr/local
Se appaiono gli errori seguenti vuol dire che siamo nella cartella sbagliata:[root@node1 dist]# ./configure --prefix=/usr/local
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking if building in the top-level or dist directories... yes
configure: error: Berkeley DB should not be built in the top-level or "dist" directories.
Change directory to the build_unix directory and run ../dist/configure from there.
[root@node1 build_unix]# make
[root@node1 build_unix]# make install
Per vedere che tutto sia installato correttamente:[root@node1 build_unix]# cd /usr/local/bin/
[root@node1 bin]# ls
db_archive db_hotbackup db_stat ldapcompare ldappasswd
db_checkpoint db_load db_upgrade ldapdelete ldapsearch
db_deadlock db_printlog db_verify ldapmodify ldapwhoami
db_dump db_recover ldapadd ldapmodrdn
