[deployment-guide/comm-rel-14: 621/677] Updated the Overview of the LDAP Server Setup section.

Jaromir Hradilek jhradile at fedoraproject.org
Sun Nov 14 23:54:33 UTC 2010


commit 9526113274ad4a99b0bf9350884433404fcd88ec
Author: Jaromir Hradilek <jhradile at redhat.com>
Date:   Fri Oct 22 14:16:14 2010 +0200

    Updated the Overview of the LDAP Server Setup section.

 .../Lightweight_Directory_Access_Protocol_LDAP.xml |  180 +++++++++-----------
 1 files changed, 78 insertions(+), 102 deletions(-)
---
diff --git a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml b/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
index 8a488b5..bb772f0 100644
--- a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
+++ b/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
@@ -106,8 +106,41 @@
         </listitem>
       </itemizedlist>
     </section>
+    <section id="s2-ldap-setup">
+      <title>Overview of the LDAP Server Setup</title>
+      <para>
+        The typical steps to set up an LDAP server on &MAJOROS; are as follows:
+      </para>
+      <procedure>
+        <step>
+          <para>
+            Install the OpenLDAP suite. Refer to <xref linkend="s1-ldap-installation" /> for more information on required packages.
+          </para>
+        </step>
+        <step>
+          <para>
+            Edit the LDIF files in the <filename class="directory">/etc/openldap/slapd.d/</filename> directory as described in <xref linkend="s1-ldap-configuration" />.
+          </para>
+        </step>
+        <step>
+          <para>
+            Start the <systemitem class="service">slapd</systemitem> service as described in <xref linkend="s1-ldap-running" />.
+          </para>
+        </step>
+        <step>
+          <para>
+            Use the <command>ldapadd</command> utility to add entries to the LDAP directory.
+          </para>
+        </step>
+        <step>
+          <para>
+            Use the <command>ldapsearch</command> utility to verify that the <systemitem class="service">slapd</systemitem> service is accessing the information correctly.
+          </para>
+        </step>
+      </procedure>
+    </section>
   </section>
-  <section id="s1-ldap-daemonsutils">
+  <section id="s1-ldap-installation">
     <title>Installing the OpenLDAP Suite</title>
     <section id="s2-ldap-packages">
       <title>Overview of LDAP Packages</title>
@@ -465,7 +498,7 @@ Stopping slapd:                                            [  OK  ]</screen>
       </para>
     </section>
   </section>
-  <section id="s1-ldap-files">
+  <section id="s1-ldap-configuration">
     <title>Configuring an OpenLDAP Server</title>
     <para>
       OpenLDAP configuration files are installed into the <filename>/etc/openldap/</filename> directory. The following is a brief list highlighting the most important directories and files:
@@ -545,116 +578,59 @@ include    /etc/openldap/schema/redhat/autofs.schema</screen>
       Extending the schema to match certain specialized requirements is quite involved and beyond the scope of this chapter. Refer to <ulink url="http://www.openldap.org/doc/admin/schema.html" /> for information.
     </para>
   </section>
-  <section id="s1-ldap-quickstart">
-    <title>OpenLDAP Setup Overview</title>
+  <section id="s2-ldap-files-slapd-conf">
+    <title>Editing <filename>/etc/openldap/slapd.conf</filename></title>
     <para>
-      This section provides a quick overview for installing and configuring an OpenLDAP directory. For more details, refer to the following URLs:
+      To use the <command>slapd</command> LDAP server, modify its configuration file, <filename>/etc/openldap/slapd.conf</filename>, to specify the correct domain and server.
     </para>
-    <itemizedlist>
-      <listitem>
-        <para>
-          <ulink url="http://www.openldap.org/doc/admin/quickstart.html" /> — The <citetitle>Quick-Start Guide</citetitle> on the OpenLDAP website.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          <ulink url="http://www.tldp.org/HOWTO/LDAP-HOWTO/index.html" /> — The <citetitle>LDAP Linux HOWTO</citetitle> from the Linux Documentation Project.
-        </para>
-      </listitem>
-    </itemizedlist>
     <para>
-      The basic steps for creating an LDAP server are as follows:
+      The <command>suffix</command> line names the domain for which the LDAP server provides information and should be changed from:
     </para>
-    <orderedlist>
-      <listitem>
-        <para>
-          Install the <filename>openldap</filename>, <filename>openldap-servers</filename>, and <filename>openldap-clients</filename> RPMs.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Edit the <filename>/etc/openldap/slapd.conf</filename> file to specify the LDAP domain and server. Refer to <xref linkend="s2-ldap-files-slapd-conf"/> for more information.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Start <command>slapd</command> with the command:
-        </para>
-        <screen>/sbin/service ldap start</screen>
-        <para>
-          After configuring LDAP, use <command>chkconfig</command>, <command>/usr/sbin/ntsysv</command>, or the <application>Services Configuration Tool</application> to configure LDAP to start at boot time. For more information about configuring services, refer to <xref linkend="ch-Controlling_Access_to_Services"/>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Add entries to an LDAP directory with <command>ldapadd</command>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Use <command>ldapsearch</command> to determine if <command>slapd</command> is accessing the information correctly.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          At this point, the LDAP directory should be functioning properly and can be configured with LDAP-enabled applications.
-        </para>
-      </listitem>
-    </orderedlist>
-    <section id="s2-ldap-files-slapd-conf">
-      <title>Editing <filename>/etc/openldap/slapd.conf</filename></title>
-      <para>
-        To use the <command>slapd</command> LDAP server, modify its configuration file, <filename>/etc/openldap/slapd.conf</filename>, to specify the correct domain and server.
-      </para>
-      <para>
-        The <command>suffix</command> line names the domain for which the LDAP server provides information and should be changed from:
-      </para>
-      <screen>suffix    "dc=your-domain,dc=com"</screen>
-      <para>
-        Edit it accordingly so that it reflects a fully qualified domain name. For example:
-      </para>
-      <screen>suffix    "dc=example,dc=com"</screen>
-      <para>
-        The <command>rootdn</command> entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The <command>rootdn</command> user can be thought of as the root user for the LDAP directory. In the configuration file, change the <command>rootdn</command> line from its default value as in the following example:
-      </para>
-      <screen>rootdn    "cn=root,dc=example,dc=com"</screen>
-      <para>
-        When populating an LDAP directory over a network, change the <command>rootpw</command> line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command:
-      </para>
-      <screen>slappasswd</screen>
-      <para>
-        When prompted, type and then re-type a password. The program prints the resulting encrypted password to the shell prompt.
-      </para>
-      <para>
-        Next, copy the newly created encrypted password into the <filename>/etc/openldap/slapd.conf</filename> on one of the <command>rootpw</command> lines and remove the hash sign (<command>#</command>).
-      </para>
+    <screen>suffix    "dc=your-domain,dc=com"</screen>
+    <para>
+      Edit it accordingly so that it reflects a fully qualified domain name. For example:
+    </para>
+    <screen>suffix    "dc=example,dc=com"</screen>
+    <para>
+      The <command>rootdn</command> entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The <command>rootdn</command> user can be thought of as the root user for the LDAP directory. In the configuration file, change the <command>rootdn</command> line from its default value as in the following example:
+    </para>
+    <screen>rootdn    "cn=root,dc=example,dc=com"</screen>
+    <para>
+      When populating an LDAP directory over a network, change the <command>rootpw</command> line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command:
+    </para>
+    <screen>slappasswd</screen>
+    <para>
+      When prompted, type and then re-type a password. The program prints the resulting encrypted password to the shell prompt.
+    </para>
+    <para>
+      Next, copy the newly created encrypted password into the <filename>/etc/openldap/slapd.conf</filename> on one of the <command>rootpw</command> lines and remove the hash sign (<command>#</command>).
+    </para>
+    <para>
+      When finished, the line should look similar to the following example:
+    </para>
+    <screen>rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u</screen>
+    <warning>
+      <title>Warning</title>
       <para>
-        When finished, the line should look similar to the following example:
+        LDAP passwords, including the <command>rootpw</command> directive specified in <filename>/etc/openldap/slapd.conf</filename>, are sent over the network <emphasis>unencrypted</emphasis>, unless TLS encryption is enabled.
       </para>
-      <screen>rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u</screen>
-      <warning>
-        <title>Warning</title>
-        <para>
-          LDAP passwords, including the <command>rootpw</command> directive specified in <filename>/etc/openldap/slapd.conf</filename>, are sent over the network <emphasis>unencrypted</emphasis>, unless TLS encryption is enabled.
-        </para>
-        <para>
-          To enable TLS encryption, review the comments in <filename>/etc/openldap/slapd.conf</filename> and refer to the man page for <filename>slapd.conf</filename>.
-        </para>
-      </warning>
       <para>
-        For added security, the <command>rootpw</command> directive should be commented out after populating the LDAP directory by preceding it with a hash sign (<command>#</command>).
+        To enable TLS encryption, review the comments in <filename>/etc/openldap/slapd.conf</filename> and refer to the man page for <filename>slapd.conf</filename>.
       </para>
+    </warning>
+    <para>
+      For added security, the <command>rootpw</command> directive should be commented out after populating the LDAP directory by preceding it with a hash sign (<command>#</command>).
+    </para>
+    <para>
+      When using the <command>/usr/sbin/slapadd</command> command line tool locally to populate the LDAP directory, use of the <command>rootpw</command> directive is not necessary.
+    </para>
+    <important>
+      <title>Important</title>
       <para>
-        When using the <command>/usr/sbin/slapadd</command> command line tool locally to populate the LDAP directory, use of the <command>rootpw</command> directive is not necessary.
+        Only the root user can use <command>/usr/sbin/slapadd</command>. However, the directory server runs as the <filename>ldap</filename> user. Therefore, the directory server is unable to modify any files created by <command>slapadd</command>. To correct this issue, after using <command>slapadd</command>, type the following command:
       </para>
-      <important>
-        <title>Important</title>
-        <para>
-          Only the root user can use <command>/usr/sbin/slapadd</command>. However, the directory server runs as the <filename>ldap</filename> user. Therefore, the directory server is unable to modify any files created by <command>slapadd</command>. To correct this issue, after using <command>slapadd</command>, type the following command:
-        </para>
-        <screen>chown -R ldap /var/lib/ldap</screen>
-      </important>
-    </section>
+      <screen>chown -R ldap /var/lib/ldap</screen>
+    </important>
   </section>
   <section id="s1-ldap-pam">
     <title>Configuring a System to Authenticate Using OpenLDAP</title>


More information about the docs-commits mailing list