Changes

stoney backup: Server set-up

2,393 bytes added, 13:19, 30 August 2013
/* OpenLDAP */
== OpenLDAP ==
=== /etc/hosts ===
Update the <code>/etc/hosts</code> with the LDAP server:
/etc/hosts
 
# Int VIP for LDAP
10.131.0.4 ldapm.stepping-stone.ch
 
=== Root CA Certificate Installation ===
Install the root CA certificate into the OpenSSL default certificate storage directory:
cd /etc/ssl/certs/
wget --no-check-certificate https://cloud.stepping-stone.ch/FOSS-Cloud_CA.cert.pem
chown root:root /etc/ssl/certs/FOSS-Cloud_CA.cert.pem
chmod 444 /etc/ssl/certs/FOSS-Cloud_CA.cert.pem
 
Rebuild the CA hashes
c_rehash /etc/ssl/certs/
=== /etc/openldap/ldap.conf ===
Update the <code/etc/openldap/ldap.conf</code>LDAP configuration file/environment variables:
/etc/openldap/ldap.conf
 
<pre>
# Used to specify a size limit to use when performing searches. The number should be an
# non-negative integer. SIZELIMIT of zero (0) specifies unlimited search size.
SIZELIMIT 20000
 
# Used to specify a time limit to use when performing searches. The number should be an
# non-negative integer. TIMELIMIT of zero (0) specifies unlimited search time to be used.
TIMELIMIT 45
 
# Specify how aliases dereferencing is done. DEREF should be set to one of never, always, search,
# or find to specify that aliases are never dereferenced, always dereferenced, dereferenced when
# searching, or dereferenced only when locating the base object for the search. The default is to
# never dereference aliases.
DEREF never
 
# Specifies the URI(s) of an LDAP server(s) to which the LDAP library should connect. The URI
# scheme may be either ldapor ldaps which refer to LDAP over TCP and LDAP over SSL (TLS)
# respectively. Each server's name can be specified as a domain- style name or an IP address
# literal. Optionally, the server's name can followed by a ':' and the port number the LDAP
# server is listening on. If no port number is provided, the default port for the scheme is
# used (389 for ldap://, 636 for ldaps://). A space separated list of URIs may be provided.
URI ldaps://ldapm.stepping-stone.ch
 
# Used to specify the default base DN to use when performing ldap operations. The base must be
# specified as a Distinguished Name in LDAP format.
BASE o=stepping-stone, c=ch
 
# This is a local copy of the certificate of the certificate authority
# used to sign the server certificate for the LDAP server I am using
TLS_CACERT /etc/ssl/certs/FOSS-Cloud_CA.cert.pem
</pre>
== nss-pam-ldapd ==
Michael
SLB, editor, reviewer
3,368
edits