[deployment-guide/comm-rel: 714/727] Changed the order of sections.
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:25:50 UTC 2010
commit e86ecf8a4d9a8d1131e21dac92b56c501f861c3d
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Thu Oct 7 01:14:25 2010 +0200
Changed the order of sections.
.../Lightweight_Directory_Access_Protocol_LDAP.xml | 722 ++++++++++----------
1 files changed, 374 insertions(+), 348 deletions(-)
---
diff --git a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml b/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
index bb9b09f..df7a501 100644
--- a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
+++ b/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
@@ -108,130 +108,21 @@
</section>
</section>
<section id="s1-ldap-daemonsutils">
- <title>Overview of LDAP Packages</title>
- <para>
- The suite of OpenLDAP libraries and tools is provided by the following packages:
- </para>
- <table id="table-ldap-packages-openldap">
- <title>List of OpenLDAP packages</title>
- <tgroup cols="2">
- <colspec colname="package" colnum="1" colwidth="30*" />
- <colspec colname="description" colnum="2" colwidth="60*" />
- <thead>
- <row>
- <entry>
- Package
- </entry>
- <entry>
- Description
- </entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <package>openldap</package>
- </entry>
- <entry>
- A package containing the libraries necessary to run the OpenLDAP server and client applications.
- </entry>
- </row>
- <row>
- <entry>
- <package>openldap-clients</package>
- </entry>
- <entry>
- A package containing the command line utilities for viewing and modifying directories on an LDAP server.
- </entry>
- </row>
- <row>
- <entry>
- <package>openldap-servers</package>
- </entry>
- <entry>
- A package containing both the services and utilities to configure and run an LDAP server. This includes the <firstterm>Standalone LDAP Daemon</firstterm>, <systemitem class="service">slapd</systemitem>.
- </entry>
- </row>
- <row>
- <entry>
- <package>compat-openldap</package>
- </entry>
- <entry>
- A package containing the OpenLDAP compatibility libraries.
- </entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- <para>
- Additionally, the following packages are commonly used along with the LDAP server, and extend its functionality:
- </para>
- <table id="table-ldap-packages-additional">
- <title>List of additional LDAP packages</title>
- <tgroup cols="2">
- <colspec colname="package" colnum="1" colwidth="30*" />
- <colspec colname="description" colnum="2" colwidth="60*" />
- <thead>
- <row>
- <entry>
- Package
- </entry>
- <entry>
- Description
- </entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <package>nss-pam-ldapd</package>
- </entry>
- <entry>
- A package containing <systemitem class="service">nslcd</systemitem>, a local LDAP name service that allows a user to perform local LDAP queries.
- </entry>
- </row>
- <row>
- <entry>
- <package>mod_authz_ldap</package>
- </entry>
- <entry>
- <para>
- A package containing <systemitem class="resource">mod_authz_ldap</systemitem>, the LDAP authorization module for the Apache HTTP Server. This module uses the short form of the distinguished name for a subject and the issuer of the client SSL certificate to determine the distinguished name of the user within an LDAP directory. It is also capable of authorizing users based on attributes of that user's LDAP directory entry, determining access to assets based on the user and group privileges of the asset, and denying access for users with expired passwords. Note that the <systemitem class="resource">mod_ssl</systemitem> module is required when using the <systemitem class="resource">mod_authz_ldap</systemitem> module.
- </para>
- </entry>
- </row>
- <row>
- <entry>
- <package>php-ldap</package>
- </entry>
- <entry>
- A package containing the <systemitem class="resource">ldap</systemitem> module, which allows PHP scripts to access information stored in an LDAP directory.
- </entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- <para>
- To install the OpenLDAP packages, type the following at a shell prompt:
- </para>
- <screen>~]# <command>yum instal openldap openldap-clients openldap-servers compat-openldap</command></screen>
- <para>
- Note that you must have superuser privileges (that is, you must be logged in as <systemitem class="username">root</systemitem>) to run this command. For more information on how to install new packages in &MAJOROS;, refer to <xref linkend="sec-Installing" />.
- </para>
- <section id="s2-ldap-packages-openldap-servers">
- <title>Server Utilities</title>
+ <title>Installing the OpenLDAP Suite</title>
+ <section id="s2-ldap-packages">
+ <title>Overview of LDAP Packages</title>
<para>
- To perform administrative tasks, the <package>openldap-servers</package> package installs the following utilities along with the <systemitem class="service">slapd</systemitem> service:
+ The suite of OpenLDAP libraries and tools is provided by the following packages:
</para>
- <table id="table-ldap-packages-openldap-servers">
- <title>List of OpenLDAP server utilities</title>
+ <table id="table-ldap-packages-openldap">
+ <title>List of OpenLDAP packages</title>
<tgroup cols="2">
- <colspec colname="command" colnum="1" colwidth="30*" />
+ <colspec colname="package" colnum="1" colwidth="30*" />
<colspec colname="description" colnum="2" colwidth="60*" />
<thead>
<row>
<entry>
- Command
+ Package
</entry>
<entry>
Description
@@ -241,123 +132,51 @@
<tbody>
<row>
<entry>
- <command>slapacl</command>
+ <package>openldap</package>
</entry>
<entry>
- Allows you to check the access to a list of attributes.
+ A package containing the libraries necessary to run the OpenLDAP server and client applications.
</entry>
</row>
<row>
<entry>
- <command>slapadd</command>
+ <package>openldap-clients</package>
</entry>
<entry>
- Allows you to add entries from an LDIF file to an LDAP directory.
+ A package containing the command line utilities for viewing and modifying directories on an LDAP server.
</entry>
</row>
<row>
<entry>
- <command>slapauth</command>
+ <package>openldap-servers</package>
</entry>
<entry>
- Allows you to check a list of IDs for authentication and authorization permissions.
+ A package containing both the services and utilities to configure and run an LDAP server. This includes the <firstterm>Standalone LDAP Daemon</firstterm>, <systemitem class="service">slapd</systemitem>.
</entry>
</row>
<row>
<entry>
- <command>slapcat</command>
+ <package>compat-openldap</package>
</entry>
<entry>
- Allows you to pull entries from an LDAP directory in the default format and save them in an LDIF file.
- </entry>
- </row>
- <row>
- <entry>
- <command>slapindex</command>
- </entry>
- <entry>
- Allows you to re-index the <systemitem class="service">slapd</systemitem> directory based on the current content. Run this utility whenever you change indexing options in the configuration file.
- </entry>
- </row>
- <row>
- <entry>
- <command>slappasswd</command>
- </entry>
- <entry>
- Allows you to create an encrypted user password to be used with the <command>ldapmodify</command> utility, or in the <systemitem class="service">slapd</systemitem> configuration file.
- </entry>
- </row>
- <row>
- <entry>
- <command>slapschema</command>
- </entry>
- <entry>
- Allows you to check the compliance of a database with the corresponding schema.
- </entry>
- </row>
- <row>
- <entry>
- <command>slaptest</command>
- </entry>
- <entry>
- Allows you to check the LDAP server configuration.
- </entry>
- </row>
- <row>
- <entry>
- <command>slapd_db_archive</command>,
- <command>slapd_db_checkpoint</command>,
- <command>slapd_db_deadlock</command>,
- <command>slapd_db_dump</command>,
- <command>slapd_db_hotbackup</command>,
- <command>slapd_db_load</command>,
- <command>slapd_db_printlog</command>,
- <command>slapd_db_recover</command>,
- <command>slapd_db_sql</command>,
- <command>slapd_db_stat</command>,
- <command>slapd_db_upgrade</command>,
- <command>slapd_db_verify</command>
- </entry>
- <entry>
- Provides a set of tools to work with <firstterm>Berkeley DB</firstterm> (BDB).
+ A package containing the OpenLDAP compatibility libraries.
</entry>
</row>
</tbody>
</tgroup>
</table>
- <important>
- <title>Important: Make Sure the Files Have Correct Owner</title>
- <para>
- Although only <systemitem class="username">root</systemitem> can run <command>slapadd</command>, the <systemitem class="service">slapd</systemitem> service runs as the <systemitem class="username">ldap</systemitem> user. Because of this, the directory server is unable to modify any files created by <command>slapadd</command>. To correct this issue, after running the <command>slapd</command> utility, type the following at a shell prompt:
- </para>
- <screen>~]# <command>chown -R ldap:ldap /var/lib/ldap</command></screen>
- </important>
- <warning>
- <title>Caution: Stop the <systemitem class="service">slapd</systemitem> Service Before Using these Utilities</title>
- <para>
- To preserve the data integrity, stop the <systemitem class="service">slapd</systemitem> service before using <command>slapadd</command>, <command>slapcat</command>, or <command>slapindex</command>. You can do so by typing the following at a shell prompt:
- </para>
- <screen>~]# <command>service slapd stop</command>
-Stopping slapd: [ OK ]</screen>
- <para>
- For more information on how to start, stop, restart, and check the current status of the <systemitem class="service">slapd</systemitem> service, refer to <xref linkend="s1-ldap-running" />.
- </para>
- </warning>
- </section>
- <section id="s2-ldap-packages-ldap-clients">
- <title>Client Utilities</title>
<para>
- The <package>openldap-clients</package> package installs the following utilities which can be used to add, modify, and delete entries in an LDAP directory:
+ Additionally, the following packages are commonly used along with the LDAP server, and extend its functionality:
</para>
- <table id="table-ldap-packages-openldap-clients">
- <title>List of OpenLDAP client utilities</title>
+ <table id="table-ldap-packages-additional">
+ <title>List of additional LDAP packages</title>
<tgroup cols="2">
- <colspec colname="command" colnum="1" colwidth="30*" />
+ <colspec colname="package" colnum="1" colwidth="30*" />
<colspec colname="description" colnum="2" colwidth="60*" />
<thead>
<row>
<entry>
- Command
+ Package
</entry>
<entry>
Description
@@ -367,182 +186,333 @@ Stopping slapd: [ OK ]</screen>
<tbody>
<row>
<entry>
- <command>ldapadd</command>
- </entry>
- <entry>
- Allows you to add entries to an LDAP directory, either from a file, or from standard input. It is a symbolic link to <command>ldapmodify -a</command>.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapcompare</command>
- </entry>
- <entry>
- Allows you to compare given attribute with an LDAP directory entry.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapdelete</command>
- </entry>
- <entry>
- Allows you to delete entries from an LDAP directory.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapexop</command>
- </entry>
- <entry>
- Allows you to perform extended LDAP operations.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapmodify</command>
- </entry>
- <entry>
- Allows you to modify entries in an LDAP directory, either from a file, or from standard input.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapmodrdn</command>
+ <package>nss-pam-ldapd</package>
</entry>
<entry>
- Allows you to modify the RDN value of an LDAP directory entry.
+ A package containing <systemitem class="service">nslcd</systemitem>, a local LDAP name service that allows a user to perform local LDAP queries.
</entry>
</row>
<row>
<entry>
- <command>ldappasswd</command>
+ <package>mod_authz_ldap</package>
</entry>
<entry>
- Allows you to set or change the password for an LDAP user.
+ <para>
+ A package containing <systemitem class="resource">mod_authz_ldap</systemitem>, the LDAP authorization module for the Apache HTTP Server. This module uses the short form of the distinguished name for a subject and the issuer of the client SSL certificate to determine the distinguished name of the user within an LDAP directory. It is also capable of authorizing users based on attributes of that user's LDAP directory entry, determining access to assets based on the user and group privileges of the asset, and denying access for users with expired passwords. Note that the <systemitem class="resource">mod_ssl</systemitem> module is required when using the <systemitem class="resource">mod_authz_ldap</systemitem> module.
+ </para>
</entry>
</row>
<row>
<entry>
- <command>ldapsearch</command>
+ <package>php-ldap</package>
</entry>
<entry>
- Allows you to search LDAP directory entries.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapurl</command>
- </entry>
- <entry>
- Allows you to compose or decompose LDAP URLs.
- </entry>
- </row>
- <row>
- <entry>
- <command>ldapwhoami</command>
- </entry>
- <entry>
- Allows you to perform a <option>whoami</option> operation on an LDAP server.
+ A package containing the <systemitem class="resource">ldap</systemitem> module, which allows PHP scripts to access information stored in an LDAP directory.
</entry>
</row>
</tbody>
</tgroup>
</table>
- <para>
- With the exception of <command>ldapsearch</command>, each of these utilities is more easily used by referencing a file containing the changes to be made rather than typing a command for each entry to be changed within an LDAP directory. The format of such a file is outlined in the man page for each utility.
- </para>
- </section>
- <section id="s2-ldap-applications">
- <title>Client Applications</title>
- <para>
- Although there are various graphical LDAP clients capable of creating and modifying directories on the server, none of them is included in &MAJOROS;. Popular applications that can access directories in a read-only mode include <application>Mozilla Thunderbird</application>, <application>Evolution</application>, or <application>Ekiga</application>.
- </para>
- </section>
- </section>
- <section id="s1-ldap-running">
- <title>Running the <systemitem class="service">slapd</systemitem> Service</title>
- <para>
- This section describes how to start, stop, restart, and check the current status of the <application>Standalone LDAP Daemon</application>. For more information on how to manage system services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />.
- </para>
- <section id="s2-ldap-running-starting">
- <title>Starting the Service</title>
- <para>
- To run the <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt:
- </para>
- <screen>~]# <command>service slapd start</command>
-Starting slapd: [ OK ]</screen>
- <para>
- If you want the service to start automatically at the boot time, use the following command:
- </para>
- <screen>~]# <command>chkconfig slapd on</command></screen>
- <para>
- Note that you can also use the <application>Service Configuration</application> utility as described in <xref linkend="s3-services-serviceconf-enabling" />.
- </para>
- </section>
- <section id="s2-ldap-running-stopping">
- <title>Stopping the Service</title>
- <para>
- To stop the running <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt:
- </para>
- <screen>~]# <command>service slapd stop</command>
-Stopping slapd: [ OK ]</screen>
- <para>
- To prevent the service from starting automatically at the boot time, type:
- </para>
- <screen>~]# <command>chkconfig slapd off</command></screen>
- <para>
- Alternatively, you can use the <application>Service Configuration</application> utility as described in <xref linkend="s3-services-serviceconf-disabling" />.
- </para>
+ <section id="s3-ldap-packages-openldap-servers">
+ <title>Server Utilities</title>
+ <para>
+ To perform administrative tasks, the <package>openldap-servers</package> package installs the following utilities along with the <systemitem class="service">slapd</systemitem> service:
+ </para>
+ <table id="table-ldap-packages-openldap-servers">
+ <title>List of OpenLDAP server utilities</title>
+ <tgroup cols="2">
+ <colspec colname="command" colnum="1" colwidth="30*" />
+ <colspec colname="description" colnum="2" colwidth="60*" />
+ <thead>
+ <row>
+ <entry>
+ Command
+ </entry>
+ <entry>
+ Description
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <command>slapacl</command>
+ </entry>
+ <entry>
+ Allows you to check the access to a list of attributes.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slapadd</command>
+ </entry>
+ <entry>
+ Allows you to add entries from an LDIF file to an LDAP directory.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slapauth</command>
+ </entry>
+ <entry>
+ Allows you to check a list of IDs for authentication and authorization permissions.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slapcat</command>
+ </entry>
+ <entry>
+ Allows you to pull entries from an LDAP directory in the default format and save them in an LDIF file.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slapindex</command>
+ </entry>
+ <entry>
+ Allows you to re-index the <systemitem class="service">slapd</systemitem> directory based on the current content. Run this utility whenever you change indexing options in the configuration file.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slappasswd</command>
+ </entry>
+ <entry>
+ Allows you to create an encrypted user password to be used with the <command>ldapmodify</command> utility, or in the <systemitem class="service">slapd</systemitem> configuration file.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slapschema</command>
+ </entry>
+ <entry>
+ Allows you to check the compliance of a database with the corresponding schema.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slaptest</command>
+ </entry>
+ <entry>
+ Allows you to check the LDAP server configuration.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>slapd_db_archive</command>,
+ <command>slapd_db_checkpoint</command>,
+ <command>slapd_db_deadlock</command>,
+ <command>slapd_db_dump</command>,
+ <command>slapd_db_hotbackup</command>,
+ <command>slapd_db_load</command>,
+ <command>slapd_db_printlog</command>,
+ <command>slapd_db_recover</command>,
+ <command>slapd_db_sql</command>,
+ <command>slapd_db_stat</command>,
+ <command>slapd_db_upgrade</command>,
+ <command>slapd_db_verify</command>
+ </entry>
+ <entry>
+ Provides a set of tools to work with <firstterm>Berkeley DB</firstterm> (BDB).
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <important>
+ <title>Important: Make Sure the Files Have Correct Owner</title>
+ <para>
+ Although only <systemitem class="username">root</systemitem> can run <command>slapadd</command>, the <systemitem class="service">slapd</systemitem> service runs as the <systemitem class="username">ldap</systemitem> user. Because of this, the directory server is unable to modify any files created by <command>slapadd</command>. To correct this issue, after running the <command>slapd</command> utility, type the following at a shell prompt:
+ </para>
+ <screen>~]# <command>chown -R ldap:ldap /var/lib/ldap</command></screen>
+ </important>
+ <warning>
+ <title>Caution: Stop the <systemitem class="service">slapd</systemitem> Service Before Using these Utilities</title>
+ <para>
+ To preserve the data integrity, stop the <systemitem class="service">slapd</systemitem> service before using <command>slapadd</command>, <command>slapcat</command>, or <command>slapindex</command>. You can do so by typing the following at a shell prompt:
+ </para>
+ <screen>~]# <command>service slapd stop</command>
+ Stopping slapd: [ OK ]</screen>
+ <para>
+ For more information on how to start, stop, restart, and check the current status of the <systemitem class="service">slapd</systemitem> service, refer to <xref linkend="s1-ldap-running" />.
+ </para>
+ </warning>
+ </section>
+ <section id="s3-ldap-packages-openldap-clients">
+ <title>Client Utilities</title>
+ <para>
+ The <package>openldap-clients</package> package installs the following utilities which can be used to add, modify, and delete entries in an LDAP directory:
+ </para>
+ <table id="table-ldap-packages-openldap-clients">
+ <title>List of OpenLDAP client utilities</title>
+ <tgroup cols="2">
+ <colspec colname="command" colnum="1" colwidth="30*" />
+ <colspec colname="description" colnum="2" colwidth="60*" />
+ <thead>
+ <row>
+ <entry>
+ Command
+ </entry>
+ <entry>
+ Description
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <command>ldapadd</command>
+ </entry>
+ <entry>
+ Allows you to add entries to an LDAP directory, either from a file, or from standard input. It is a symbolic link to <command>ldapmodify -a</command>.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapcompare</command>
+ </entry>
+ <entry>
+ Allows you to compare given attribute with an LDAP directory entry.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapdelete</command>
+ </entry>
+ <entry>
+ Allows you to delete entries from an LDAP directory.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapexop</command>
+ </entry>
+ <entry>
+ Allows you to perform extended LDAP operations.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapmodify</command>
+ </entry>
+ <entry>
+ Allows you to modify entries in an LDAP directory, either from a file, or from standard input.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapmodrdn</command>
+ </entry>
+ <entry>
+ Allows you to modify the RDN value of an LDAP directory entry.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldappasswd</command>
+ </entry>
+ <entry>
+ Allows you to set or change the password for an LDAP user.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapsearch</command>
+ </entry>
+ <entry>
+ Allows you to search LDAP directory entries.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapurl</command>
+ </entry>
+ <entry>
+ Allows you to compose or decompose LDAP URLs.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <command>ldapwhoami</command>
+ </entry>
+ <entry>
+ Allows you to perform a <option>whoami</option> operation on an LDAP server.
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <para>
+ With the exception of <command>ldapsearch</command>, each of these utilities is more easily used by referencing a file containing the changes to be made rather than typing a command for each entry to be changed within an LDAP directory. The format of such a file is outlined in the man page for each utility.
+ </para>
+ </section>
+ <section id="s3-ldap-packages-applications">
+ <title>Client Applications</title>
+ <para>
+ Although there are various graphical LDAP clients capable of creating and modifying directories on the server, none of them is included in &MAJOROS;. Popular applications that can access directories in a read-only mode include <application>Mozilla Thunderbird</application>, <application>Evolution</application>, or <application>Ekiga</application>.
+ </para>
+ </section>
</section>
- <section id="s2-ldap-running-restarting">
- <title>Restarting the Service</title>
+ <section id="s2-ldap-installing">
+ <title>Installing an OpenLDAP Server</title>
<para>
- To restart the running <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt:
+ To install the OpenLDAP packages, type the following at a shell prompt:
</para>
- <screen>~]# <command>service slapd restart</command>
-Stopping slapd: [ OK ]
-Starting slapd: [ OK ]</screen>
- <para>
- This stops the service, and then starts it again. Use this command to reload the configuration.
- </para>
- </section>
- <section id="s2-ldap-running-status">
- <title>Checking the Service Status</title>
+ <screen>~]# <command>yum instal openldap openldap-clients openldap-servers compat-openldap</command></screen>
<para>
- To check whether the service is running, type the following at a shell prompt:
+ Note that you must have superuser privileges (that is, you must be logged in as <systemitem class="username">root</systemitem>) to run this command. For more information on how to install new packages in &MAJOROS;, refer to <xref linkend="sec-Installing" />.
</para>
- <screen>~]# <command>service slapd status</command>
-slapd (pid 3672) is running...</screen>
</section>
</section>
<section id="s1-ldap-files">
- <title>OpenLDAP Configuration Files</title>
+ <title>Configuring an OpenLDAP Server</title>
<para>
OpenLDAP configuration files are installed into the <filename>/etc/openldap/</filename> directory. The following is a brief list highlighting the most important directories and files:
</para>
- <itemizedlist>
- <listitem>
- <para>
- <filename>/etc/openldap/ldap.conf</filename> — This is the configuration file for all <emphasis>client</emphasis> applications which use the OpenLDAP libraries such as <command>ldapsearch</command>, <command>ldapadd</command>, Sendmail, <application>Evolution</application>, and <application>Ekiga</application>.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>/etc/openldap/slapd.conf</filename> — This is the configuration file for the <command>slapd</command> daemon. Refer to <xref linkend="s2-ldap-files-slapd-conf"/> for more information.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>/etc/openldap/schema/</filename> directory — This subdirectory contains the schema used by the <command>slapd</command> daemon. Refer to <xref linkend="s1-ldap-files-schemas"/> for more information.
- </para>
- </listitem>
- </itemizedlist>
- <note>
- <title>Note</title>
- <para>
- If the <filename>nss_ldap</filename> package is installed, it creates a file named <filename>/etc/ldap.conf</filename>. This file is used by the PAM and NSS modules supplied by the <filename>nss_ldap</filename> package. Refer to <xref linkend="s1-ldap-pam"/> for more information.
- </para>
- </note>
+ <table id="table-ldap-configuration-files">
+ <title>List of OpenLDAP configuration files and directories</title>
+ <tgroup cols="2">
+ <colspec colname="path" colnum="1" colwidth="30*" />
+ <colspec colname="description" colnum="2" colwidth="60*" />
+ <thead>
+ <row>
+ <entry>
+ Path
+ </entry>
+ <entry>
+ Description
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <filename>/etc/openldap/ldap.conf</filename>
+ </entry>
+ <entry>
+ The configuration file for client applications that use the OpenLDAP libraries. This includes <command>ldapadd</command>, <command>ldapsearch</command>, <application>Evolution</application>, etc.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename class="directory">/etc/openldap/slapd.d/</filename>
+ </entry>
+ <entry>
+ The directory containing the <systemitem class="service">slapd</systemitem> configuration files.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename class="directory">/etc/openldap/schema/</filename>
+ </entry>
+ <entry>
+ The directory containing the schema files used by the <systemitem class="service">slapd</systemitem> service. The <filename class="directory">redhat/</filename> subdirectory holds customized schemas distributed by &OSORG; for &MAJOROS;.
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</section>
<section id="s1-ldap-files-schemas">
<title>The <filename>/etc/openldap/schema/</filename> Directory</title>
@@ -884,6 +854,62 @@ group: files ldap</screen>
</listitem>
</orderedlist>
</section>
+ <section id="s1-ldap-running">
+ <title>Running an OpenLDAP Server</title>
+ <para>
+ This section describes how to start, stop, restart, and check the current status of the <application>Standalone LDAP Daemon</application>. For more information on how to manage system services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />.
+ </para>
+ <section id="s2-ldap-running-starting">
+ <title>Starting the Service</title>
+ <para>
+ To run the <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt:
+ </para>
+ <screen>~]# <command>service slapd start</command>
+Starting slapd: [ OK ]</screen>
+ <para>
+ If you want the service to start automatically at the boot time, use the following command:
+ </para>
+ <screen>~]# <command>chkconfig slapd on</command></screen>
+ <para>
+ Note that you can also use the <application>Service Configuration</application> utility as described in <xref linkend="s3-services-serviceconf-enabling" />.
+ </para>
+ </section>
+ <section id="s2-ldap-running-stopping">
+ <title>Stopping the Service</title>
+ <para>
+ To stop the running <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt:
+ </para>
+ <screen>~]# <command>service slapd stop</command>
+Stopping slapd: [ OK ]</screen>
+ <para>
+ To prevent the service from starting automatically at the boot time, type:
+ </para>
+ <screen>~]# <command>chkconfig slapd off</command></screen>
+ <para>
+ Alternatively, you can use the <application>Service Configuration</application> utility as described in <xref linkend="s3-services-serviceconf-disabling" />.
+ </para>
+ </section>
+ <section id="s2-ldap-running-restarting">
+ <title>Restarting the Service</title>
+ <para>
+ To restart the running <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt:
+ </para>
+ <screen>~]# <command>service slapd restart</command>
+Stopping slapd: [ OK ]
+Starting slapd: [ OK ]</screen>
+ <para>
+ This stops the service, and then starts it again. Use this command to reload the configuration.
+ </para>
+ </section>
+ <section id="s2-ldap-running-status">
+ <title>Checking the Service Status</title>
+ <para>
+ To check whether the service is running, type the following at a shell prompt:
+ </para>
+ <screen>~]# <command>service slapd status</command>
+slapd (pid 3672) is running...</screen>
+ </section>
+ </section>
<section id="s1-ldap-additional-resources">
<title>Additional Resources</title>
<para>
More information about the docs-commits
mailing list