include <LDAP_DIR>/etc/openldap/schema/core.schema include <LDAP_DIR>/etc/openldap/schema/cosine.schema include <LDAP_DIR>/etc/openldap/schema/nis.schema
access to attr=userPassword by self write # for user password change by anonymous auth # for authentication bind by * none # no anonymous access to password
index default pres,eq index objectClass pres,eq index cn,uid pres,eq,sub index uidnumber,gidnumber pres,eq
Instalation:
access to attr=userPassword by self write by sockurl="^ldapi://.*$" * write by anonymous auth by * none access to * by sockurl="^ldapi://.*$" * write by * read
dn: dc=uni,dc=torun,dc=pl objectClass: top dn: dc=mat,dc=uni,dc=torun,dc=pl objectClass: top dn: ou=People,dc=mat,dc=uni,dc=torun,dc=pl ou: People objectClass: top objectClass: organizationalUnit dn: ou=Hosts,dc=mat,dc=uni,dc=torun,dc=pl ou: Hosts objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=mat,dc=uni,dc=torun,dc=pl ou: Group objectClass: top objectClass: organizationalUnit
sub _connect { my ($ldap, $host, $arg) = @_; if (defined $arg->{unix_socket}) { $ldap->{net_ldap_socket} = IO::Socket::UNIX->new($host) } else { $ldap->{net_ldap_socket} = IO::Socket::INET->new( PeerAddr => $host, PeerPort => $arg->{port} || '389', Proto => 'tcp', Timeout => defined $arg->{timeout} ? $arg->{timeout} : 120 ); } }
dn: cn=Replicator,dc=mat,dc=uni,dc=torun,dc=pl objectClass: top objectClass: person userPassword: {crypt}<CRYPTED PASSWORD> cn: Replicator sn: ReplicatorAdd the following lines to <LDAP_DIR>/etc/openldap/slapd.conf.
access to * by dn="cn=Replicator,dc=mat,dc=uni,dc=torun,dc=pl" write by * read updatedn "cn=Replicator,dc=mat,dc=uni,dc=torun,dc=pl"
replica host=<IP OF REPLICA> binddn="cn=Replicator,dc=mat,dc=uni,dc=torun,dc=pl" bindmethod=simple credentials=secretAfter making changes you should start slapd and also slurpd - replication daemon.
Configuration:
--with-tls
(Transport Layer Security)
TLSCertificateFile /path/to/certificates/ldap_cert.pem TLSCertificateKeyFile /path/to/certificates/ldap_key.pem TLSCACertificateFile /path/to/certificates/cacert.pem
/etc/ldap.conf
file you have to set
ssl start_tls
option.
include /opt/ldap/etc/openldap/schema/sendmail.schema
dn: ou=mail-aliases, dc=mat, dc=uni, dc=torun, dc=pl objectClass: top objectClass: organizationalUnit ou: sendmail-mapsand some alias, for example:
dn: sendmailMTAKey=mailtest, ou=mail-aliases, dc=mat, dc=uni, dc=torun, dc=pl objectClass: sendmailMTA objectClass: sendmailMTAAlias objectClass: sendmailMTAAliasObject sendmailMTAAliasGrouping: aliases sendmailMTACluster: mat-servers sendmailMTAKey: mailtest sendmailMTAAliasValue: rafmet
APPENDDEF(`confLIBS', `-lldap -llber') APPENDDEF(`confINCDIRS', `-I/path/to/ldap/include') APPENDDEF(`confLIBDIRS', `-L/path/to/ldap/lib -R/path/to/ldap/lib')and recompile sendmail. If LDAP libraries are in standard locations last two lines are not needed.
dnl LDAP support define(`confLDAP_DEFAULT_SPEC', `-h "jowita.mat.uni.torun.pl ldap2.studmat.uni.torun.pl" -b ou=mail-aliases,dc=mat,dc=uni,dc=torun,dc=pl') define(`confLDAP_CLUSTER', `mat-servers') define(`ALIAS_FILE', `/etc/mail/aliases,ldap:')
include /opt/ldap/etc/openldap/schema/autofs.schema
dn: ou=auto.master,dc=mat,dc=uni,dc=torun,dc=pl objectClass: automountMap ou: auto.master dn: cn=/home,ou=auto.master,dc=mat,dc=uni,dc=torun,dc=pl objectClass: automount automountInformation: ldap:ou=auto.home,dc=mat,dc=uni,dc=torun,dc=pl --timeout 360 cn: /home
dn: ou=auto.home,dc=mat,dc=uni,dc=torun,dc=pl objectClass: top objectClass: automountMap ou: auto.home dn: cn=login,ou=auto.home,dc=mat,dc=uni,dc=torun,dc=pl objectClass: top objectClass: automount cn: login automountInformation: fileserver:/export/home/login
/etc/nsswitch.conf add
automount: files ldap