[deployment-guide: 26/185] Removed the content that is no longer needed.
Jaromir Hradilek
jhradile at fedoraproject.org
Sun May 15 21:12:11 UTC 2011
commit c7630cdcea7bc851aa2ff15dd5d12114928a29e8
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Thu Jan 20 18:13:54 2011 +0100
Removed the content that is no longer needed.
.../Lightweight_Directory_Access_Protocol_LDAP.xml | 54 --------------------
1 files changed, 0 insertions(+), 54 deletions(-)
---
diff --git a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml b/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
index 1a4191f..0c3dbb9 100644
--- a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
+++ b/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml
@@ -909,60 +909,6 @@ include /etc/openldap/schema/redhat/autofs.schema</screen>
Extending the schema to match certain specialized requirements is quite involved and beyond the scope of this chapter. Refer to <ulink url="http://www.openldap.org/doc/admin/schema.html" /> for information.
</para>
</section>
- <section id="s2-ldap-files-slapd-conf">
- <title>Editing <filename>/etc/openldap/slapd.conf</filename></title>
- <para>
- To use the <command>slapd</command> LDAP server, modify its configuration file, <filename>/etc/openldap/slapd.conf</filename>, to specify the correct domain and server.
- </para>
- <para>
- The <command>suffix</command> line names the domain for which the LDAP server provides information and should be changed from:
- </para>
- <screen>suffix "dc=your-domain,dc=com"</screen>
- <para>
- Edit it accordingly so that it reflects a fully qualified domain name. For example:
- </para>
- <screen>suffix "dc=example,dc=com"</screen>
- <para>
- The <command>rootdn</command> entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The <command>rootdn</command> user can be thought of as the root user for the LDAP directory. In the configuration file, change the <command>rootdn</command> line from its default value as in the following example:
- </para>
- <screen>rootdn "cn=root,dc=example,dc=com"</screen>
- <para>
- When populating an LDAP directory over a network, change the <command>rootpw</command> line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command:
- </para>
- <screen>slappasswd</screen>
- <para>
- When prompted, type and then re-type a password. The program prints the resulting encrypted password to the shell prompt.
- </para>
- <para>
- Next, copy the newly created encrypted password into the <filename>/etc/openldap/slapd.conf</filename> on one of the <command>rootpw</command> lines and remove the hash sign (<command>#</command>).
- </para>
- <para>
- When finished, the line should look similar to the following example:
- </para>
- <screen>rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u</screen>
- <warning>
- <title>Warning</title>
- <para>
- LDAP passwords, including the <command>rootpw</command> directive specified in <filename>/etc/openldap/slapd.conf</filename>, are sent over the network <emphasis>unencrypted</emphasis>, unless TLS encryption is enabled.
- </para>
- <para>
- To enable TLS encryption, review the comments in <filename>/etc/openldap/slapd.conf</filename> and refer to the man page for <filename>slapd.conf</filename>.
- </para>
- </warning>
- <para>
- For added security, the <command>rootpw</command> directive should be commented out after populating the LDAP directory by preceding it with a hash sign (<command>#</command>).
- </para>
- <para>
- When using the <command>/usr/sbin/slapadd</command> command line tool locally to populate the LDAP directory, use of the <command>rootpw</command> directive is not necessary.
- </para>
- <important>
- <title>Important</title>
- <para>
- Only the root user can use <command>/usr/sbin/slapadd</command>. However, the directory server runs as the <filename>ldap</filename> user. Therefore, the directory server is unable to modify any files created by <command>slapadd</command>. To correct this issue, after using <command>slapadd</command>, type the following command:
- </para>
- <screen>chown -R ldap /var/lib/ldap</screen>
- </important>
- </section>
</section>
<section id="s1-ldap-running">
<title>Running an OpenLDAP Server</title>
More information about the docs-commits
mailing list