Добрый день!Подскажите пожалуйста, как заставить работать OpenLDAP со статическим конфигом (/etc/ldap/slapd.conf) а не с динамическим (/etc/ldap/slapd.d/).
И каким образом можно сконвертировать настройки из каталога /etc/ldap/slapd.d/ в обычный конфиг /etc/ldap/slapd.conf
>Подскажите пожалуйста, как заставить работать OpenLDAP со статическим конфигом (/etc/ldap/>slapd.conf) а не с динамическим (/etc/ldap/slapd.d/).
>И каким образом можно сконвертировать настройки из каталога /etc/ldap/slapd.d/ в обычный
>конфиг /etc/ldap/slapd.conf
-f slapd-config-file
Specifies the slapd configuration file. The default is
/usr/local/etc/openldap/slapd.conf.-F slapd-config-directory
Specifies the slapd configuration directory. The default is
/usr/local/etc/openldap/slapd.d. If both -f and -F are speci-
fied, the config file will be read and converted to config
directory format and written to the specified directory. If
neither option is specified, slapd will attempt to read the
default config directory before trying to use the default config
file. If a valid config directory exists then the default config
file is ignored. All of the slap tools that use the config
options observe this same behavior.
Т.е. вместо -F указать -f, а вот преобразовать формат конфига из каталога в файл, похоже, только руками...
>Добрый день!
>
>Подскажите пожалуйста, как заставить работать OpenLDAP со статическим конфигом (/etc/ldap/slapd.conf) а не
>с динамическим (/etc/ldap/slapd.d/).
>
>И каким образом можно сконвертировать настройки из каталога /etc/ldap/slapd.d/ в обычный конфиг
>/etc/ldap/slapd.confНужно было в /etc/default/slapd переменной SLAPD_CONF указать путь к файлу конфигу, например, SLAPD_CONF=/etc/ldap/slapd.conf
И да, slapd.conf действительно нужно самому делать(
>>Добрый день!
>>
>> ...
>И да, slapd.conf действительно нужно самому делать(http__forum.ubuntu.ru/index.php?topic=90667.0_____
[slapd.conf]
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/extension.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.orgpidfile /var/run/slapd.pid
argsfile /var/run/slapd.args# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem#loglevel 128
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
#access to * by * write#dn.regex="uid=([^,]+),ou=personal_addressbook,dc=dghartung,dc=com$"
#access to *
# by anonymous auth
# by dn="uid=$1,ou=personal_addressbook,dc=dghartung,dc=com" write
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!#######################################################################
# ldbm and/or bdb database definitions
#######################################################################database bdb
checkpoint 1024 5
cachesize 200
suffix "dc=dghartung,dc=com"
rootdn "cn=Manager,dc=dghartung,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd( and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}adsfadfadfdfadadafadsfadsfadf
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap# Indices to maintain for this database
#index objectClass eq,pres
#index cn,sn,uid eq,pres,sub
#index uidNumber,gidNumber,loginShell eq,pres
#index uid,memberUid eq,pres,sub
#index nisMapName,nisMapEntry eq,pres,sub
index cn,sn,uid pres,eq,approx,sub
index objectClass eq
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
#access to attr=userPassword
# by self write
# by anonymous auth
# by dn.base="cn=Manager,dc=dghartung,dc=com" write
# by * none
#access to * by * read
#access to * by * write
#access to dn.regex="ou=addressbook,cn=([^,]+),ou=people,dc=dghartung,dc=com$"
# by dn.exact,expand="cn=$1,ou=people,dc=dghartung,dc=com" read
# by users none
# dn="uid=mail0005,ou=people,dc=dghartung,dc=com"
#access to *
# by self
# by anonymous auth
# by dn="uid=$1,ou=people,dc=dghartung,dc=com" write
##########################################################################
access to attr=userPassword
by self
by anonymous auth
by dn.regex="cn=(.+),ou=ab,dc=dghartung,dc=com" write
access to *
by dn.regex="cn=(.+),ou=ab,dc=dghartung,dc=com" write
#access to dn="uid=mail0005,ou=people,dc=dghartung,dc=com"
# by dn="uid=mail0005,ou=people,dc=dghartung,dc=com" write
##########################################################################------------------------------
and minimal
[slapd.conf]
##############################
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schemapassword-hash {SSHA}
access to dn.exact=""
by * readaccess to dn.subtree="cn=Subschema"
by * readaccess to attrs=userPassword
by self write
by anonymous auth
by * nonemodulepath /usr/lib/ldap
moduleload back_hdb.la
moduleload back_bdb.la
moduleload back_monitor.la
moduleload back_null.ladatabase hdb
suffix "dc=domain,dc=local"
rootdn "cn=admin,dc=domain,dc=local"
rootpw secretdirectory /var/lib/ldap
#######################################
>Добрый день!скажите лучше зачем и без того не простой и чрезвычайно запутанный сервис усложнили?
получается, что все примеры в топку