openldap/doc/guide/admin/quickstart.sdf

211 lines
7.3 KiB
Plaintext

# $OpenLDAP$
# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: A Quick-Start Guide to Running slapd
This chapter provides a quick step-by-step guide to building,
installing and running {{slapd}}(8). It is intended to provide
users with a simple and quick way to get started only.
If you intend to run slapd seriously, you should read the rest
of this guide.
Note: This guide does not use strong authentication nor any
privacy and integrity protection services. These services are
described in detail in later chapters. This guide should
only be used in isolated environments (such as on a single
host protected by a firewall).
^{{B:Get the software}}.
.{{slapd}} is part of the {{PRD:OpenLDAP}} distribution, which
you can retrieve from {{URL: http://www.openldap.org/software/download/}}
or {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}.
If you are reading this guide, you have probably already done this.
.{{S: }}
+{{B:Unpack the distribution}}.
.Pick a directory for the LDAP source to live under and change
directory there, and untar it. For example:
..{{EX:cd /usr/local/src}}
..{{EX:gunzip -c openldap-release.tgz | tar xvfB -}}
..{{EX:cd openldap-release}}
. You'll have to replace {{F:openldap-release}} with the full
name of the release.
.{{S: }}
+{{B: Configure the software}}.
.You will need to run the {{EX:configure}} script to configure slapd.
..{{EX:./configure}}
. The {{EX:configure}} accepts many command line options that enable
or disable optional software features. Usually the defaults are okay,
but you may want to change them. To get a complete list of options
that {{EX:configure}} accepts, use the {{EX:--help}} option.
..{{EX:./configure --help}}
. Once OpenLDAP has been configured, it needs to be compiled.
You'll need to construct dependencies and then compile the software
using {{make}}(1) utility.
For example:
..{{EX:make depend}}
..{{EX:make}}
. Once OpenLDAP is compiled you need to install it. By default OpenLDAP
is installed into {{F:/usr/local}}. This is typically done as root.
..{{EX:su root -c 'make install'}}
.{{S: }}
+{{B:Edit the configuration file}}.
.Use this chapter as a brief tutorial. For more details on the
configuration file, see slapd.conf(5) and chapter 5.
.Now we need to edit the default configuration file that was
installed earlier. The {{slapd}} configuration file {{slapd.conf}}(5)
for is normally located at {{F:/usr/local/etc/openldap/slapd.conf}}.
If you specified the {{EX:--prefix}} option when you ran {{EX:configure}},
then replace {{F:/usr/local}} with the value you gave as the
prefix. For example, if you ran {{EX:configure}} as
..{{EX:./configure --prefix=/opt/ldap}}
.You would find your configuration file in
{{F:/opt/ldap/etc/openldap/slapd.conf}}.
Now look in the configuration file for a line that begins with
..{{EX:database ldbm}}
.This marks the beginning of the database configuration for {{slapd}}.
Everything you will need to change for this example is located
after this line.
.Listed below are the default settings for the database in
{{F:slapd.conf}}(5). Lines that begin with a sharp sign ('{{EX:#}}')
are considered to be comments by slapd, they have been removed
from the listing below to save space. If a line starts with
white space it is considered a continuation of the preceding
line.
..{{EX:suffix "dc=my-domain, dc=com"}}
..{{EX:rootdn "cn=Manager, dc=my-domain, dc=com"}}
..{{EX:rootpw secret}}
..{{EX:directory /usr/local/var/openldap-ldbm}}
. Now we need to replace all of the references to {{EX:my-domain}}
and {{EX:com}} with the correct value. For example, if your domain
is {{EX:example.net}} we might use the following.
..{{EX:suffix "dc=example, dc=net"}}
..{{EX:rootdn "cn=Manager, dc=example, dc=net"}}
..{{EX:rootpw secret}}
..{{EX:directory /usr/local/var/openldap-ldbm}}
. By default, the database files will be created in
{{F:/usr/local/var/openldap-ldbm}}.
You may specify an alternate directory via the directory option
in the {{F:slapd.conf}} file. The directory must exist before
you start the server.
Note: Use of rootpw is deprecated in favor of strong authentication
mechanisms. These are described in later chapters.
.{{S: }}
+{{B:Starting the server}}.
.You are now ready to start the server by running the command
{{slapd}}(8):
..{{EX:/usr/local/libexec/slapd}}
. At this point the LDAP server is up and running, but there isn't
any data in the directory. You can check to see if the server is
running and your naming context (the {{EX:suffix}} you specified above)
by searching it with {{ldapsearch}}(1). By default ldapsearch is
installed as {{F:/usr/local/bin/ldapsearch}}.
..{{EX:ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts}}
. Note the use of single quotes around command parameters to prevent
special characters from interpreted by the shell. This should return:
..{{EX:dn:}}
..{{EX:namingContexts: dc=example, dc=net}}
.{{S: }}
+{{B:Create a database}}.
. This is a two-step process. The first step is to create a file
(we'll call it {{F:example.ldif}}) containing the entries you
want your database to contain. Use the following example as a
guide, or see Section 7.3 for more details.
..{{EX:dn: dc=example, dc=net}}
..{{EX:objectclass: dcObject}}
..{{EX:objectclass: organization}}
..{{EX:o: Example Network}}
..{{EX:dc: example}}
..{{EX: }}
..{{EX:dn: cn=Bob Smith, dc=example, dc=net}}
..{{EX:objectclass: person}}
..{{EX:cn: Bob Smith}}
..{{EX:sn: Smith}}
.Remember to replace {{EX:dc=example, dc=net}} with the correct
values for your site, and to put your name instead of Bob's. You can
include additional entries and attributes in this file if you want,
or add them later via LDAP.
.The second step is to run a tool to add the contents of this file to the
your directory. We use the tool {{ldapadd}}(1) to populate the directory.
Again remember to replace {{EX:dc=example, dc=net}} with the correct values
for your site. By default ldapadd is installed as
{{F:/usr/local/bin/ldapadd}}.
..{{EX:ldapadd -x -D 'cn=Manager,dc=example,dc=net' -w secret -f example.ldif}}
.Where {{F:example.ldif}} is the file you created above.
Note: Use of strong authentication and transport security services
is highly recommended when updating the directory. These services
are described in later chapters.
.{{S: }}
+{{B:See if it works}}.
.Now we're ready to verify the added entries are in your directory.
You can use any LDAP client to do this, but our example uses the
{{ldapsearch}}(1) tool. Remember to replace {{EX:dc=example,dc=net}}
with the correct values for your site.
..{{EX:ldapsearch -x -b 'dc=example,dc=net' '(objectclass=*)'}}
.This command will search for and retrieve every entry in the database.
You are now ready to add more entries using {{ldapadd}}(1) or
another LDAP client, experiment with various configuration options,
backend arrangements, etc. Note that by default, the {{slapd}}(8)
database grants {{read access to everybody}} excepting the
{{super-user}} (as specified by the {{EX:rootdn}} configuration
directive). It is highly recommended that you establish controls
to restrict access to authorized users. Access controls are discussed
in a later chapter.
The following chapters provide more detailed information on making,
installing, and running {{slapd}}(8).