Commit 67f1c4c9 authored by pedrolab's avatar pedrolab

Merge branch 'buttle/wiki-patch-2'

parents edceb489 77d3a46c
......@@ -335,7 +335,7 @@ olcPasswordHash: {SSHA512}
*Use a guide to install letsencrypt certificates before continuing this guide*
Originally our certs are stored in `/etc/letsencrypt/live/example.com` as symlinks but slapd needs a path to the files. Hence, you have to run jobs periodically.
Letsencrypt certs are stored at `/etc/letsencrypt/live/example.com` as symlinks but slapd needs a path to the files. Hence, you have to run jobs periodically.
Start creating a directory to place the dereferenced certificatest, for example here:
......@@ -440,22 +440,61 @@ Don't forget to update your firewall
iptables -A INPUT -p tcp -m tcp --dport 636 -j ACCEPT
## nobody user for ldap bind
Create nobody user to do the ldap bind when you integrate in the different services. Edit `/etc/ldap/ldif/create_nobody.ldif`
# Backup and Restore
## Dump databases
Dump config
```
dn: cn=nobody,dc=example,dc=ccom
objectClass: simpleSecurityObject
objectClass: top
objectClass: organizationalRole
cn: nobody
userPassword: mypassword
slapcat -b cn=config -l /tmp/cn=config.master.ldif
```
List your database(es) and dump
```
slapcat -b cn=config | grep "^dn: olcDatabase=\|^olcSuffix"
```
Dump a database
```
slapcat -b dc=example,dc=com -l /tmp/dc=example,dc=com.ldif
```
You might want to copy `/etc/default/slapd` and `/etc/ldap/ldap.conf` too.
## Restore databases
Stop slapd
```
/etc/init.d/slapd stop
```
Move old files out of the way and create directories
```
mv /etc/ldap/slapd.d /tmp/
mkdir /etc/ldap/slapd.d
mv /var/lib/ldap /tmp
mkdir /var/lib/ldap
```
Import ldif files
```
slapadd -F /etc/ldap/slapd.d -b cn=config -l cn=config.master.ldif
-#################### 100.00% eta none elapsed 03s spd 928.5 k/s
Closing DB...
slapadd -F /etc/ldap/slapd.d -b dc=example,dc=com -l dc=example,dc=com.ldif
-#################### 100.00% eta none elapsed 03s spd 928.5 k/s
Closing DB...
```
Change owner of the files
```
chown -R openldap.openldap /etc/ldap/slapd.d
chown -R openldap.openldap /var/lib/ldap
```
And start slapd
```
/etc/init.d/slapd start
```
And import the configuration
ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -H ldapi:/// -f /etc/ldap/ldif/add-user-group.ldif
# Usage
......@@ -493,6 +532,42 @@ Then import the file
ldapmodify -Y EXTERNAL -H ldapi:/// -f chg_admin_pass
## nobody user for ldap bind
Create nobody user to do the ldap bind when you integrate in the different services. Edit `/etc/ldap/ldif/create_nobody.ldif`
```
dn: cn=nobody,dc=example,dc=ccom
objectClass: simpleSecurityObject
objectClass: top
objectClass: organizationalRole
cn: nobody
userPassword: mypassword
```
And import the configuration
ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -H ldapi:/// -f /etc/ldap/ldif/add-user-group.ldif
## Create a user using ldif
Edit `/tmp/add_user.ldif`
```
dn: uid=peter,ou=users,dc=xrcb,dc=cat
objectClass: inetOrgPerson
cn: peter
sn: Surname
mail: peter@example.com
uid: peter
userPassword: 1234
```
Import configuration
ldapmodify -x -W -D "uid=my-user,dc=example,dc=com" -f /tmp/add_user.ldif
## Create a group using ldif
Edit `/tmp/add_group.ldif`
......@@ -509,7 +584,7 @@ Import configuration
ldapmodify -x -W -D "uid=my-user,dc=example,dc=com" -f /tmp/add_group.ldif
## Add a member from a group using ldif
## Add a member to a group using ldif
Edit `/tmp/add_member.ldif`
......@@ -538,6 +613,7 @@ member: uid=a_user,ou=users,dc=example,dc=com
Import configuration
ldapmodify -x -W -D "uid=my-user,dc=example,dc=com" -f /tmp/delete_member.ldif
ldapmodify -x -W -D "uid=my-user,dc=commonscloud,dc=coop" -f /tmp/delete_member.ldif
# Apache Directory
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment