This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
soft:openldap [2019/07/14 22:26] phil created |
soft:openldap [2019/11/10 15:51] phil |
||
---|---|---|---|
Line 11: | Line 11: | ||
</ | </ | ||
+ | By default the server will use '' | ||
+ | < | ||
+ | ldapvi -Y EXTERNAL -h ldapi:// -b cn=config | ||
+ | </ | ||
+ | |||
+ | |||
+ | To edit the tree as admin: | ||
+ | |||
+ | < | ||
+ | ldapvi -h ldap:// | ||
+ | </ | ||
+ | |||
+ | ===== Security ===== | ||
+ | |||
+ | Disallow anonymous bind: | ||
+ | |||
+ | < | ||
+ | 0 cn=config | ||
+ | [...] | ||
+ | olcDisallows: | ||
+ | </ | ||
+ | |||
+ | Enable TLS with starttls: | ||
+ | |||
+ | < | ||
+ | 0 cn=config | ||
+ | [...] | ||
+ | olcTLSCertificateFile: | ||
+ | olcTLSCertificateKeyFile: | ||
+ | </ | ||
+ | |||
+ | Force use of TLS | ||
+ | |||
+ | < | ||
+ | 11 olcDatabase={1}mdb, | ||
+ | [...] | ||
+ | olcSecurity: | ||
+ | </ | ||
+ | |||
+ | You can now connect with tls with: | ||
+ | |||
+ | < | ||
+ | ldapvi -ZZ -h ldap:// | ||
+ | </ | ||
+ | |||
+ | Disable read access to all by dropping the line '' | ||
+ | |||
+ | ===== Replication ===== | ||
+ | |||
+ | Reset replication and copy whole database from a given server (rid) | ||
+ | |||
+ | < | ||
+ | slapd -d sync -u openldap -g openldap -h ldap:// | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Backup ===== | ||
+ | |||
+ | < | ||
+ | slapcat > dump.ldif | ||
+ | slapcat -b cn=config > config.ldif | ||
+ | </ |