This is an old revision of the document!
apt-get install slapd ldap-utils ldapvi
By default the server will use cn=config
, you can edit it with ldapvi:
ldapvi -Y EXTERNAL -h ldapi:// -b cn=config
To edit the tree as admin:
ldapvi -h ldap://server -D cn=admin,dc=example,dc=com
Disallow anonymous bind:
0 cn=config [...] olcDisallows: bind_anon
Enable TLS with starttls:
0 cn=config [...] olcTLSCertificateFile: /etc/ldap/ssl/fullchain.pem olcTLSCertificateKeyFile: /etc/ldap/ssl/privkey.pem
Force use of TLS
11 olcDatabase={1}mdb,cn=config [...] olcSecurity: tls=1
You can now connect with tls with:
ldapvi -ZZ -h ldap://server -D cn=admin,dc=example,dc=com
Disable read access to all by dropping the line olcAccess: {2}to * by * read
in olcDatabase={1}mdb,cn=config
slapcat > dump.ldif slapcat -b cn=config > config.ldif