Scribd Logo
Upload

Welcome to Scribd!

  • HOWTO LDAP Tips N Tricks

    Uploaded by

    João Borges
    10 views2 pages
    gg

    Original Title

    HOWTO LDAP Tips n Tricks

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    gg

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views2 pages

    HOWTO LDAP Tips N Tricks

    Uploaded by

    João Borges
    gg

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    OpenLDAP replication

    -------------------From OpenLDAP news group:


    I tried to set up classic replication with my openldap servers, I had some succe
    ss,
    however I wasn't able to get control over replication as I can with syncrepl mod
    ule.
    After some days trying, I dropped the idea of classic replication, and moved to
    syncrepl
    module, and I strongly recommend it.
    On master:
    ######
    overlay syncprov
    syncprov-checkpoint 5 3
    syncprov-sessionlog 100
    ######
    and on slave(s):
    #####
    syncrepl
    rid=123
    provider=ldap://aa.bb.cc.dd:389/
    bindmethod=simple
    binddn="cn=master-superuser,dc=uk"
    credentials=secretpassword
    type=refreshAndPersist
    searchbase="dc=uk"
    schemachecking=on
    interval=00:00:02:00
    retry="60 +"
    scope=sub
    attributes="*"
    ############
    and that's all :) and it works fine :) One should also note, that user speci
    fied on slave,
    should have implicit read rights for specified replication base dn, like this:
    on master:
    access to *
    by dn="cn=master-superuser,dc=uk" read
    see man slapd.conf for explanation of syncrepl configuration options.
    Regards,
    DT.
    Using SerialNumber in LDAP DN
    ----------------------------Modify /etc/ldap/schema/inetorgperson.schema and add serialNumber as a MAY attri
    bute.
    After restarting slapd you can now construct an LDAP DN like:
    serialNumber=12345,dc=company,dc=com
    This may be useful if you use serialNumber as the unique identifyer in your DNs.

    # The inetOrgPerson represents people who are associated with an


    # organization in some way. It is a structural class and is derived
    # from the organizationalPerson which is defined in X.521 [X521].
    objectclass
    ( 2.16.840.1.113730.3.2.2
    NAME 'inetOrgPerson'
    DESC 'RFC2798: Internet Organizational Person'
    SUP organizationalPerson
    STRUCTURAL
    MAY (
    serialNumber $ audio $ businessCategory $ carLicense $ departmen
    tNumber $
    displayName $ employeeNumber $ employeeType $ givenName $
    homePhone $ homePostalAddress $ initials $ jpegPhoto $
    labeledURI $ mail $ manager $ mobile $ o $ pager $
    photo $ roomNumber $ secretary $ uid $ userCertificate $
    x500uniqueIdentifier $ preferredLanguage $
    userSMIMECertificate $ userPKCS12 )
    )

    You might also like