Additional OpenLDAP packages, not required for a standard configuration, are:
• compat-openldap: Includes older versions of the OpenLDAP-shared libraries that
might be required by some applications
• bind-dyndb-ldap: A new LDAP driver for BIND9. It allows you to read data and also
write data back (DNS Updates) to an LDAP backend.
Oracle Linux 7: Advanced Administration 3 - 9
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
OpenLDAP
•
OpenLDAP is an open-source implementation of LDAP.
•
Packages include:
–
openldap: OpenLDAP libraries
–
openldap-clients: Client command-line utilities
–
openldap-servers: Server package; includes slapd
–
nss-pam-ldapd: Required for LDAP authentication
•
OpenLDAP service is the stand-alone LDAP daemon, slapd.
•
Use the systemctl utility to enable and start the service:
# systemctl enable slapd # systemctl start slapd
Oracle Internal & Oracle
Previous versions of OpenLDAP used a configuration file:
/etc/openldap/slapd.conf
OpenLDAP now uses a configuration database located in the following directory:
/etc/openldap/slapd.d
The following list summarizes the OpenLDAP configuration that is stored in the /etc/openldapdirectory:
• /etc/openldap/ldap.conf: The configuration file for client applications
• /etc/openldap/slapd.d: The directory containing the slapd configuration
• /etc/openldap/schema: The directory containing the schema files
The schema used by OpenLDAP can be extended to support additional attribute types and object classes. This is described at:
http://www.openldap.org/doc/admin24/schema.html
OpenLDAP uses one of two varieties of the Berkeley DB storage format: • bdb: The standard Berkeley DB format
• hdb: A newer version for hierarchical databases like LDAP
The database is stored in the /var/lib/ldap directory.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
OpenLDAP Server Directories
•
Previous versions of OpenLDAP used a configuration file:
–
/etc/openldap/slapd.conf
•
The current version of OpenLDAP uses a configuration
database located in:
–
/etc/openldap/slapd.d
•
The directory containing additional configuration files:
–
/etc/openldap/slapd.d/cn=config
•
The directory containing the schema files:
–
/etc/openldap/schema
•
The directory containing the database:
–
/var/lib/ldap
Oracle Internal & Oracle
The openldap-servers package also includes the following utilities: • slapacl: Checks the access to a list of attributes
• slapadd: Adds entries from an LDIF file to an LDAP directory
• slapauth: Checks a list of IDs for authentication and authorization permissions
• slapcat: Generates LDIF output from an LDAP directory
• slapdn: Checks a list of distinguished names (DNs) based on schema syntax
• slapindex: Re-indexes the directory. Run slapindex whenever indexing options are
changed in the configuration file.
• slappasswd: Is a password utility for creating an encrypted user password
• slapschema: Checks compliance of a database with the corresponding schema
• slaptest: Checks the LDAP server configuration
Oracle Linux 7: Advanced Administration 3 - 11
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
OpenLDAP Server Utilities
•
slapacl: Checks the access to a list of attributes
•
slapadd: Adds entries from an LDIF file
•
slapauth: Checks permissions
•
slapcat: Generates LDIF output from an LDAP directory
•
slapdn: Checks a list of DNs based on schema syntax
•
slapindex: Re-indexes the directory
•
slappasswd: Is a password utility
•
slapschema: Checks compliance of a directory
•
slaptest: Checks the LDAP server configuration
Oracle Internal & Oracle
The openldap-clients package installs the following utilities:
• ldapadd: Adds entries to an LDAP directory either from a file or from standard input.
ldapaddis a symbolic link to ldapmodify -a. • ldapmodify: Modifies entries in an LDAP directory
• ldapcompare: Compares a given attribute with an LDAP directory entry
• ldapdelete: Deletes entries from an LDAP directory
• ldapexop: Performs extended LDAP operations
• ldapmodrdn: Modifies the RDN value of an LDAP directory entry
• ldappasswd: Is a password utility for an LDAP user
• ldapsearch: Is an LDAP directory search tool
• ldapurl: Is an LDAP URL formatting tool
• ldapwhoami: Performs a whoami operation on an LDAP server
There are several LDAP client software applications that provide a graphical user interface (GUI) for maintaining LDAP directories, but none of them are included in Oracle Linux.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
OpenLDAP Client Utilities
•
ldapadd: Adds entries to an LDAP directory
•
ldapmodify: Modifies entries in an LDAP directory
•
ldapcompare: Compares a given attribute with an entry
•
ldapdelete: Deletes entries from an LDAP directory
•
ldapexop: Performs extended LDAP operations
•
ldapmodrdn: Modifies the RDN value of an entry
•
ldappasswd: Is a password utility for an LDAP user
•
ldapsearch: Is an LDAP directory search tool
•
ldapurl: Is an LDAP URL formatting tool
•
ldapwhoami: Performs a whoami operation
Oracle Internal & Oracle
To configure an OpenLDAP server, install the following packages:
# yum install openldap-servers openldap-clients migrationtools The openldap-clients package provides the LDAP command-line utilities used to update the configuration database. The migrationtools package is optional but it provides a set of Perl scripts, which allows you to migrate users, groups, and other information from existing name services.
Use the systemctl command to enable and start the slapd service. # systemctl enable slapd
# systemctl start slapd
Use ldapmodify and ldapadd commands to update the files in the configuration directory: # ls /etc/openldap/slapd.d/cn=config
-rw---. 1 ldap ldap ... olcDatabase={0}config.ldif -rw---. 1 ldap ldap ... olcDatabase={-1}frontend.ldif -rw---. 1 ldap ldap ... olcDatabase={1}monitor.ldif -rw---. 1 ldap ldap ... olcDatabase={2}hdb.ldif
Oracle Linux 7: Advanced Administration 3 - 13
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.