Changes between Version 27 and Version 28 of Howto_Ldap


Ignore:
Timestamp:
Jan 15, 2011 10:02:13 AM (2 years ago)
Author:
andudi
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Howto_Ldap

    v27 v28  
    6161By the way, remember the user and group of the slapd daemon, usually '''openldap'''. 
    6262 
    63 Now you have to create/modify the config file '''/etc/ldap/slapd.conf'''. This example config file should just work for this simple Roundcube LDAP addressbook: [[http://trac.roundcube.net/raw-attachment/wiki/Howto_Ldap/slapd.conf|slapd.conf]][[BR]] 
    64 Some words about this example configuration: 
    65 - compared to the default slapd.conf file of openldap, all the nonrelevant comments are removed. 
     63Now you have to create/modify the config file '''/etc/ldap/slapd.conf''': 
     64- [[http://trac.roundcube.net/raw-attachment/wiki/Howto_Ldap/slapd.conf|slapd.conf]] 
     65This example config file should just work for the Roundcube LDAP addressbook server described here, but maybe not for other LDAP solutions. Some words about this example configuration: 
     66- compared to the default slapd.conf file of OpenLDAP, all the nonrelevant comments are removed. 
    6667- the nis schema is removed because the simple addressbook do not need it. 
    67 - normally you must not touch anything else than: '''suffix''', '''rootdn''', '''rootpw''' and the '''access''' directives! 
    68 - if you just follow my Howto, just change the password. 
     68- if you just follow my Howto, just change the password ('''rootpw''', use slappasswd to create it). 
    6969 
    70 After you created/modified it, check or even set restrictive permissions for the config file: because the password is stored inside, normal user must not be able to read it! 
    71 User and group must correspond with the ones you found above '''/etc/default/slapd'''. 
     70After you created/modified it, set restrictive permissions for the config file: since the password is stored inside, normal user must not be able to read it! 
     71User and group must correspond with the ones you found above in '''/etc/default/slapd'''. 
    7272{{{ 
    7373$ sudo chmod 640 /etc/ldap/slapd.conf 
     
    7575}}} 
    7676 
    77 Try to restart the OpenLDAP server now, e.g. on Debian based systems do: 
     77Restart the OpenLDAP server now, e.g. on Debian based systems do: 
    7878{{{ 
    7979$ sudo invoke-rc.d slapd restart 
     
    8383 
    8484== Setup the LDAP Server == 
    85 If the OpenLDAP server is running once, you can start to setup it. First of all, it could be a good choise to check if you can access to it: 
     85Once the OpenLDAP server is running, you can start to set it up. First of all, it could be a good choise to check if you can even access it: 
    8686{{{ 
    8787$ ldapsearch -xLLL -H ldap://localhost:389 -D cn=admin,dc=localhost -W -b dc=localhost 
     
    9090}}} 
    9191The password must correspond withe the '''rootpw''' in the config file, the -D option corresponds with the '''rootdn''' and the -b with the '''suffix'''. 
    92 If you get '''No such object (32)''' this means that the LDAP directory is still empty, else you can get all the preconfigured entries. 
     92If you get '''No such object (32)''', this means that the LDAP directory is still empty, thus is ready to be filled now. 
    9393 
    94 Next we have to setup a directory structure such that Roundcube can operate on it. Download the following shell script, configure the first few lines in it, and execute it as administrator on the server (sudo or as root): [[http://trac.roundcube.net/raw-attachment/wiki/Howto_Ldap/rcabook-setup.sh|rcabook-setup.sh]] 
     94We have to setup now a directory structure such that Roundcube can operate on it. Download the following shell script, configure the first few lines in it, and execute it with admin privileges on the server (use sudo or even run it as root): [[http://trac.roundcube.net/raw-attachment/wiki/Howto_Ldap/rcabook-setup.sh|rcabook-setup.sh]] 
    9595 
    9696You should get something like that: