Set up an OpenLDAP administrative user and assign a password: # slappasswdas shown in the next image. Since the slapd service runs as the ldap user (which you can verify with ps -e -o pid,uname,comm grep slapd), such user should own the /var/lib/ldap directory in order for the server to be able to modify entries created by administrative tools that can only be run as root (more on this in a minute).Before changing the ownership of this directory recursively, copy the sample database configuration file for slapd into it: # cp /usr/share/openldap-servers/DBCONFIG.example /var/lib/ldap/DBCONFIG# chown -R ldap:ldap /var/lib/ldap4. Enable and start the service: # systemctl enable rvice# systemctl start rviceKeep in mind that you can also disable, restart, or stop the service with as well: # systemctl disable rvice# systemctl restart rvice# systemctl stop rvice3. Make sure SELinux does not get in the way by enabling the following booleans persistently, both on the server and the client: # setsebool -P allowypbind=0 authloginnsswitchuseldap=0Where allowypbind is required for LDAP-based authentication, and authloginnsswitchuseldap may be needed by some applications.2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |