The slapd.conf file, located in
/etc/openldap, contains the configuration
information needed by your slapd LDAP
server. You will need to edit this file to make it specific to your
domain and server.
The suffix line names the domain for which the LDAP server will
provide information. The suffix line should be changed from:
suffix "dc=your-domain, dc=com" |
so that it reflects your domain name. For example:
suffix "dc=acmewidgets, dc=com" |
or
suffix "dc=acmeuniversity, dc=edu" |
The rootdn entry is the DN for a user who is unrestricted by the
access control or administrative limit parameters set for operations
on the LDAP directory. The rootdn user can be thought of as the root
user for the LDAP directory. The rootdn line needs to be changed
from:
rootdn "cn=root, dc=your-domain, dc=com" |
to something like:
rootdn "cn=root, dc=redhat, dc=com" |
or
rootdn "cn=ldapmanager, dc=my_organization, dc=org" |
Change the rootpw line from:
to something like
rootpw {crypt}s4L9sOIJo4kBM |
In the above example, you are using an encrypted root password, which
is a much better idea than leaving a plain text root password in the
slapd.conf file. To make this crypt string,
you can use Perl:
perl -e "print crypt('passwd','a_salt_string');" |
In the previous Perl line,
salt_string is a two
character salt, and
passwd is the plain
text version of the password.
You could also copy a passwd entry out of
/etc/passwd, but this won't work if the
passwd entry is an MD5 password (the default in
Red Hat Linux 7.1).
New to OpenLDAP version 2, the
schema directory holds the various LDAP
definitions, previously located in the
slapd.at.conf and
slapd.oc.conf files. All attribute syntax
definitions and objectclass
definitions are now located in the different schema
files. The various schema files are referenced in
/etc/openldap/slapd.conf using
include lines, as shown in this example:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/rfc822-MailMember.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/kerberosobject.schema |
 | Caution |
|---|
| | You should not modify any of the schema items defined in the schema
files installed by OpenLDAP.
|
You can extend the schema used by OpenLDAP
to support additional attribute types and object classes using the
default schema files as a guide. To do this, create a
local.schema file in the
/etc/openldap/schema directory. Reference this
new schema within slapd.conf by adding the
following line below your default include schema
lines:
include /etc/openldap/schema/local.schema |
Next, go about defining your new attribute types and object classes
within the local.schema file. Many organizations
use existing attribute types and object classes from the schema files
installed by default and modify them for use in the
local.schema file. This can help you to learn the
schema syntax while meeting the immediate needs of your organization.
Extending schemas to match certain specialized requirements is quite
involved and beyond the scope of this chapter. Visit http://www.openldap.org/doc/admin/schema.html
for information on writing new schema files.
