Commit c9f03a40 authored by pedrolab's avatar pedrolab

ldap: improve format, update toc

parent 67f1c4c9
......@@ -425,12 +425,9 @@ and restart the ldap server
Instead, we can tell slapd to accept ldap:// only on localhost and and ldaps:// for external connections by binding to our server's IPs.
Edit `/etc/default/slapd`
our localhost IP is 127.0.0.1 and the network device eth0 has 10.200.161.1
Our localhost IP is 127.0.0.1 and the network device eth0 has 10.200.161.1. Edit accordingly `/etc/default/slapd`:
```
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps://10.200.161.1/ ldapi:///"
```
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps://10.200.161.1/ ldapi:///"
Restart the service
......@@ -440,41 +437,41 @@ Don't forget to update your firewall
iptables -A INPUT -p tcp -m tcp --dport 636 -j ACCEPT
# Backup and Restore
## Dump databases
Dump config
```
slapcat -b cn=config -l /tmp/cn=config.master.ldif
```
slapcat -b cn=config -l /tmp/cn=config.master.ldif
List your database(es) and dump
```
slapcat -b cn=config | grep "^dn: olcDatabase=\|^olcSuffix"
```
slapcat -b cn=config | grep "^dn: olcDatabase=\|^olcSuffix"
Dump a database
```
slapcat -b dc=example,dc=com -l /tmp/dc=example,dc=com.ldif
```
slapcat -b dc=example,dc=com -l /tmp/dc=example,dc=com.ldif
You might want to copy `/etc/default/slapd` and `/etc/ldap/ldap.conf` too.
## Restore databases
Stop slapd
```
/etc/init.d/slapd stop
```
/etc/init.d/slapd stop
Move old files out of the way and create directories
```
mv /etc/ldap/slapd.d /tmp/
mkdir /etc/ldap/slapd.d
mkdir /etc/ldap/slapd.d
mv /var/lib/ldap /tmp
mkdir /var/lib/ldap
```
Import ldif files
```
slapadd -F /etc/ldap/slapd.d -b cn=config -l cn=config.master.ldif
-#################### 100.00% eta none elapsed 03s spd 928.5 k/s
......@@ -484,17 +481,17 @@ slapadd -F /etc/ldap/slapd.d -b dc=example,dc=com -l dc=example,dc=com.ldif
-#################### 100.00% eta none elapsed 03s spd 928.5 k/s
Closing DB...
```
Change owner of the files
```
chown -R openldap.openldap /etc/ldap/slapd.d
chown -R openldap.openldap /var/lib/ldap
```
And start slapd
```
/etc/init.d/slapd start
```
And start slapd
/etc/init.d/slapd start
# Usage
......@@ -537,7 +534,7 @@ Then import the file
Create nobody user to do the ldap bind when you integrate in the different services. Edit `/etc/ldap/ldif/create_nobody.ldif`
```
dn: cn=nobody,dc=example,dc=ccom
dn: cn=nobody,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: top
objectClass: organizationalRole
......@@ -613,7 +610,7 @@ member: uid=a_user,ou=users,dc=example,dc=com
Import configuration
ldapmodify -x -W -D "uid=my-user,dc=example,dc=com" -f /tmp/delete_member.ldif
ldapmodify -x -W -D "uid=my-user,dc=commonscloud,dc=coop" -f /tmp/delete_member.ldif
ldapmodify -x -W -D "uid=my-user,dc=example,dc=com" -f /tmp/delete_member.ldif
# Apache Directory
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment