Differences

This shows you the differences between two versions of the page.

--- openldap_consumer [2015/09/15 06:11] – [Install SSSd client] admin
+++ openldap_consumer [2021/10/09 15:14] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 {{tag>[centos7 linux ldap openldap consumer replication security]}}
-~~TOC~~
 =====CentOS 7 - OpenLDAP 2.4 consumer (slave)=====
@@ Line 27: / Line 26: @@
 Enter password for PKCS12 file:
 pk12util: PKCS12 IMPORT SUCCESSFUL</code>
-  * Import the CA certificate:<code># certutil -A -n "LDAP-CA" -t "TCu,Cu,Cu" -i /tmp/ca.crt -d /etc/openldap/certs -f /etc/openldap/certs/password</code>
+  * Import the CA certificate:<code># certutil -A -n "LDAP-CA" -t "TCu,Cu,Cu" -i /tmp/ca.crt -d /etc/openldap/certs</code>
   * Modify rights so that LDAP can read the NSS database:<code># chmod 440 /etc/openldap/certs/password
 # chown ldap. /etc/openldap/certs/*</code>
@@ Line 105: / Line 104: @@
 add: olcRootPW
 olcRootPW: ${MYHASH}
+EOF
+</code>
+  * **olcDatabase={2}hdb**: configure indexing:<code># ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF
+dn: olcDatabase={2}hdb,cn=config
+changetype: modify
+replace: olcDbIndex
+olcDbIndex: objectClass eq,pres
+olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
+olcDbIndex: uid,memberUid,gidNumber eq
+-
 EOF
 </code>
@@ Line 143: / Line 152: @@
 EOF
 </code>
 ====Open firewall port====
   * Open port 636:<code># firewall-cmd --permanent --zone public --add-service=ldaps