Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
openldap_consumer

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
openldap_consumer [2015/09/15 06:11] – [Install SSSd client] adminopenldap_consumer [2015/09/21 08:46] – [TLS Certificate] admin
Line 27: Line 27:
 Enter password for PKCS12 file:  Enter password for PKCS12 file: 
 pk12util: PKCS12 IMPORT SUCCESSFUL</code> pk12util: PKCS12 IMPORT SUCCESSFUL</code>
-  * Import the CA certificate:<code># certutil -A -n "LDAP-CA" -t "TCu,Cu,Cu" -i /tmp/ca.crt -d /etc/openldap/certs -f /etc/openldap/certs/password</code>+  * Import the CA certificate:<code># certutil -A -n "LDAP-CA" -t "TCu,Cu,Cu" -i /tmp/ca.crt -d /etc/openldap/certs</code>
   * Modify rights so that LDAP can read the NSS database:<code># chmod 440 /etc/openldap/certs/password   * Modify rights so that LDAP can read the NSS database:<code># chmod 440 /etc/openldap/certs/password
 # chown ldap. /etc/openldap/certs/*</code> # chown ldap. /etc/openldap/certs/*</code>
Line 105: Line 105:
 add: olcRootPW add: olcRootPW
 olcRootPW: ${MYHASH} olcRootPW: ${MYHASH}
 +EOF
 +</code>
 +  * **olcDatabase={2}hdb**: configure indexing:<code># ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF
 +dn: olcDatabase={2}hdb,cn=config
 +changetype: modify
 +replace: olcDbIndex
 +olcDbIndex: objectClass eq,pres
 +olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
 +olcDbIndex: uid,memberUid,gidNumber eq
 +-
 EOF EOF
 </code> </code>
Line 143: Line 153:
 EOF EOF
 </code> </code>
- 
 ====Open firewall port==== ====Open firewall port====
   * Open port 636:<code># firewall-cmd --permanent --zone public --add-service=ldaps   * Open port 636:<code># firewall-cmd --permanent --zone public --add-service=ldaps
openldap_consumer.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1