Basic Installation
Packages
Symas OpenLDAP packages are formatted for the standard software maintenance commands that are native to your operating system. The following steps will get you up and running quickly:
Install the Symas OpenLDAP Package desired
- Symas-OpenLDAP-Client contains only client libraries and commands. Use this on systems where access to Symas OpenLDAP is required, but where the server software is not required.
- Symas-OpenLDAP-Nonopt removes optimization flags from the standard server/client install. This reduces performance, but increases debugging and troubleshooting abilities.
- Symas-OpenLDAP (i.e. server installer) contains all client and server components required to stand up a fully functional LDAP directory.
- Symas-OpenLDAP-Devel can be installed if the purpose is to develop software based on libraries that are a part of Symas-OpenLDAP.
Install Commands
Redhat Linux/ CentOS
sudo yum \--disablerepo=\\\* install symas-openldap-gold-client\* sudo yum \--disablerepo=\\\* install symas-openldap-gold.x86_64_nonopt-\* sudo yum \--disablerepo=\\\* install symas-openldap-gold.x86_64-2\* sudo yum \--disablerepo=\\\* install symas-openldap-gold-devel\*
Debian/ Ubuntu
sudo dpkg -i symas-openldap-gold-client\* sudo dpkg -i symas-openldap-gold.amd64_nonopt-\* sudo dpkg -i symas-openldap-gold.amd64_2\* sudo dpkg -i symas-openldap-gold-devel\*
SUSE
sudo zypper in symas-openldap-gold-client\* sudo zypper in symas-openldap-gold.x86_64-2\* sudo zypper in symas-openldap-gold-devel\*
Oracle Solaris
sudo pkgadd -d symas-openldap-gold-client\*.pkg sudo pkgadd -d symas-openldap-gold sudo pkgadd -d symas-openldap-gold-auxlibs\*.pkg sudo pkgadd -d symas-openldap-gold-devel\*.pkg
FreeBSD
pkg install -y symas-openldap-gold-client\*.txz pkg install -y symas-openldap-gold.amd64-\*.txz pkg install -y symas-openldap-gold.amd64_nonopt\*.txz pkg install -y symas-openldap-gold-devel.amd64\*.txz
File Locations
The following directories and files will be created: Names ending with a '/' are directories. Names ending with '/...' are directories which have some files and directories in them, but they are not shown. Names in bold blue are executable.
/etc/init.d/
**solserver** (symlink)
/opt/symas/
lib64/\... share/\... bin/\...
ssl/
openssl.cnf.default
etc/
**solserver** **krbserver** **kpdserver** **kadserver**
heimdal/
symas-heimdal.conf.default krb5.conf.default
**exampledb-krb5.sh**
openldap/
symas-openldap.conf.default slapd.conf.default
**exampledb.sh** DB_CONFIG.default
schema/\...
/var/symas/
openldap-data/\... openldap-logs/\... run/
Since Symas OpenLDAP is a fully self-contained system, we’ve moved some things around to avoid collisions with other versions of the same software that might have shipped with the operating system.
Reminder: In a production environment the best performance is obtained when the log file directory is on a separate disk from the database directory.
Files must be owned by the user that executes slapd
- Usually this is root
- ldap.conf should be public
- slapd.conf / slapd.d should be private (600)
- Database directory should be private
- Certificate files should be public
- Private keys must be private (600)
- Unix sockets should be public
Description | In Symas OpenLDAP |
---|---|
Service/Process Files | /opt/symas/etc |
———————– | —————- |
Release Notes | /opt/symas/etc/Symas-OpenLDAP-RelNotes-<version>* .txt, where <version> is the version of Symas OpenLDAP. |
————— | —————————————————————————————————————– |
Licensing Information | /opt/symas/etc/Symas-OpenLDAP-Copyrights.txt |
———————– | ———————————————- |
Package daemons and libraries | /opt/symas/ <lib> , where <lib> is the location of the libraries for your particular OS. |
——————————- | ————————————————————————————————– |
Package tools and utilities | /opt/symas/bin |
—————————– | —————- |
Package manual Pages | /opt/symas/share/man |
———————- | ———————- |
OpenLDAP Configuration Files | /opt/symas/etc/openldap |
—————————— | ————————- |
OpenLDAP overlays and modules | /opt/symas/ <lib> /openldap, where <lib> is the location of the libraries for your particular OS. |
——————————- | ———————————————————————————————————– |
Default OpenLDAP server (slapd) configuration file | /opt/symas/etc/openldap/slapd.conf |
—————————————————- | ———————————— |
System-wide OpenLDAP library configuration file | /opt/symas/etc/openldap/ldap.conf |
————————————————- | ———————————– |
Start/stop OpenLDAP server script | /opt/symas/etc/solserver /etc/init.d/solserver (may vary by OS) |
———————————– | ——————————————————————- |
OpenLDAP server startup configuration | /opt/symas/etc/openldap/symas-openldap.conf |
————————————— | ——————————————— |
OpenLDAP Schema files | /opt/symas/etc/openldap/schema |
———————– | ——————————– |
Heimdal Kerberos Configuration Files | /opt/symas/etc/heimdal |
————————————– | ———————— |
Kerberos Library and Daemon Configuration file | /opt/symas/etc/heimdal/krb5.conf |
———————————————— | ———————————- |
Start/stop Kerberos server script | /opt/symas/etc/krbserver /etc/init.d/krbserver (may vary by OS) |
———————————– | ——————————————————————- |
OpenSSL database, certificates, and keys | /opt/symas/ssli |
—————————————— | —————– |
SASL authentication modules | /opt/symas/ <lib> /sasl2, where <lib> is the location of the libraries for your particular OS. |
—————————– | ——————————————————————————————————– |
OpenLDAP server (slapd) SASL configuration file (sets SASL parameters for slapd) | /opt/symas/ <lib> /sasl2/slapd.conf, where <lib> is the location of the libraries for your particular OS. |
———————————————————————————- | ——————————————————————————————————————- |
SASL configuration files | /opt/symas/ <lib> /sasl2, where <lib> is the location of the |
libraries for your particular OS. | |
————————– | ——————————————————————————————————– |
Rapid Deployment Scripts
ExampleDB.sh
Executing the /opt/symas/etc/openldap/exampledb.sh script will install an example database, create generic slapd.conf and symas-openldap.conf files and start the slapd process
All commands run from /opt/symas/etc/openldap
cd /opt/symas/etc/openldap
Add the path to the Symas slap* and ldap* commands to your path
export PATH=/opt/symas/bin:\$PATH
Execute exampledb.sh, answer yes to all prompts
sudo ./exampledb.sh
Type YES in all CAPS when asked to do so
The exampledb.sh script will start the slapd daemon, make sure it is still running
sudo/opt/symas/etc/solserver status