Configure the OpenLDAP server

This section shows how to configure the OpenLDAP server.

Prerequisites

Complete Install OpenLDAP packages and Configure the OpenLDAP client before starting this procedure.

Context

The server is known as the stand-alone LDAP daemon (or slapd).

Steps

  1. Edit the entries in the configuration file /etc/openldap/slapd.conf. These entries are shown in Table 1.
    Table 1. slapd.conf parameters
    Parameter Description
    suffix This parameter is the base DN for any searches. Searches such as those set this parameter to the base suffix specified in Table 3. In our example, it is o=yourOrg.
    rootdn This parameter is the DN of the LDAP "root" user. Although it can have any hierarchy, it can most easily be placed under the suffix. In our example, it is cn=Manager,o=yourOrg.
    rootpw This parameter is set to a shielded (not encrypted) password at the next step.
    Here is an example slapd.conf file:
    #suffix “dc=my-domain,dc=com”
    suffix “o=yourOrg”
    #rootdn “cn=Manager,dc=my-domain,dc=com”
    rootdn “cn=Manager,o=yourOrg”
    #
    # Cleartext passwords, especially for the rootdn, should
    # be avoided. See slappasswd(8) and slapd.conf(5)
    for details.
    # Use of strong authentication encouraged.
    # rootpw secret
  2. Save the slapd.conf file and quit.
  3. Create a shielded password for the root DN. Enter the following command with the parameter slappasswd enclosed in back-slanting tick marks (`slappasswd `):
    # export SLAPPW=`slappasswd`
  4. When prompted, enter the same password twice. It is concealed as is other UNIX® password input.
    Note: The slappasswd utility creates an encrypted Switch Link Authentication Protocol (SLAP) password. If you enter the command echo $SLAPPW, you see the encrypted password string, starting with the characters {SSHA}, followed by apparently random characters. The {SSHA} prefix indicates that SSHA has been used as the default encryption algorithm.
  5. When you return to the prompt, the SLAPPW variable contains the shielded string that is needed for the slapd.conf file. Insert the value of this variable into the slapd.conf file. Be careful to enter this string exactly, especially if you are not familiar with Linux™ command syntax:
    # echo "rootpw $SLAPPW" >>slapd.conf
    The basic configuration of your LDAP server is complete and you are ready to start your LDAP server.
  6. Use the service command at the Linux prompt to start the LDAP server:
    # service ldap start
    You should receive a green OK. If not, check for error messages in the /var/log/messages file that relate to the slapd and then run the command again.
  7. Configure the LDAP server to start automatically on boot, using the chkconfig command:
    # chkconfig --level 235 ldap on
  8. Make sure that the LDAP server is running and responding to queries, using the ldapsearch command:
    # ldapsearch -h localhost -x -b <base_suffix>
       ‘(object class=*)’
    No entries should be returned, though you can expect a positive response from the LDAP server:
    # ldapsearch -h localhost -x -b o=yourOrg ‘(objectclass=*)’
    version: 2
    # filter: (objectclass=*)
    # requesting: ALL
    # search result
    search: 2
    result: 32 No such object
    # numResponses: 1#

    If the LDAP server responded correctly to the query, you are ready to configure your LDAP server to work with SAN File System.

Postrequisites

Continue with Configure OpenLDAP for SAN File System.

Parent topic: Configuring LDAP using OpenLDAP
Previous topic: Configure the OpenLDAP client
Next topic: Configure OpenLDAP with SAN File System

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2