Symas OpenLDAP Knowledge Base

Basic Installation

Packages

Symas OpenLDAP packages are formatted for the standard software maintenance commands that are native to your operating system. The following steps will get you up and running quickly:

Install the Symas OpenLDAP Package desired

  • Symas-OpenLDAP-Client contains only client libraries and commands. Use this on systems where access to Symas OpenLDAP is required, but where the server software is not required.
  • Symas-OpenLDAP-Nonopt removes optimization flags from the standard server/client install. This reduces performance, but increases debugging and troubleshooting abilities.
  • Symas-OpenLDAP (i.e. server installer) contains all client and server components required to stand up a fully functional LDAP directory.
  • Symas-OpenLDAP-Devel can be installed if the purpose is to develop software based on libraries that are a part of Symas-OpenLDAP.

Install Commands

  • Redhat Linux/ CentOS

      sudo yum \--disablerepo=\\\* install symas-openldap-gold-client\*
  sudo yum \--disablerepo=\\\* install symas-openldap-gold.x86_64_nonopt-\*
  sudo yum \--disablerepo=\\\* install symas-openldap-gold.x86_64-2\*
  sudo yum \--disablerepo=\\\* install symas-openldap-gold-devel\*

  • Debian/ Ubuntu

      sudo dpkg -i symas-openldap-gold-client\*
  sudo dpkg -i symas-openldap-gold.amd64_nonopt-\*
  sudo dpkg -i symas-openldap-gold.amd64_2\*
  sudo dpkg -i symas-openldap-gold-devel\*

  • SUSE

      sudo zypper in symas-openldap-gold-client\*
  sudo zypper in symas-openldap-gold.x86_64-2\*
  sudo zypper in symas-openldap-gold-devel\*

  • Oracle Solaris

      sudo pkgadd -d symas-openldap-gold-client\*.pkg 
  sudo pkgadd -d symas-openldap-gold 
  sudo pkgadd -d symas-openldap-gold-auxlibs\*.pkg 
  sudo pkgadd -d symas-openldap-gold-devel\*.pkg

  • FreeBSD

      pkg install -y symas-openldap-gold-client\*.txz 
  pkg install -y symas-openldap-gold.amd64-\*.txz 
  pkg install -y symas-openldap-gold.amd64_nonopt\*.txz 
  pkg install -y symas-openldap-gold-devel.amd64\*.txz

File Locations

The following directories and files will be created: Names ending with a '/' are directories. Names ending with '/...' are directories which have some files and directories in them, but they are not shown. Names in bold blue are executable.

    /etc/init.d/
      **solserver**     (symlink)
    /opt/symas/
      lib64/\... share/\... bin/\...
      ssl/
          openssl.cnf.default
      etc/
          **solserver**   **krbserver**   **kpdserver**   **kadserver**
          heimdal/
                symas-heimdal.conf.default          krb5.conf.default
                **exampledb-krb5.sh**


          openldap/
                symas-openldap.conf.default         slapd.conf.default
                **exampledb.sh**        DB_CONFIG.default
                schema/\...
    /var/symas/
       openldap-data/\...   openldap-logs/\...   run/

Since Symas OpenLDAP is a fully self-contained system, we’ve moved some things around to avoid collisions with other versions of the same software that might have shipped with the operating system.

Reminder: In a production environment the best performance is obtained when the log file directory is on a separate disk from the database directory.

Files must be owned by the user that executes slapd

  • Usually this is root
  • ldap.conf should be public
  • slapd.conf / slapd.d should be private (600)
  • Database directory should be private
  • Certificate files should be public
  • Private keys must be private (600)
  • Unix sockets should be public
Description In Symas OpenLDAP
Service/Process Files /opt/symas/etc
———————– —————-
Release Notes /opt/symas/etc/Symas-OpenLDAP-RelNotes-<version>* .txt, where <version> is the version of Symas OpenLDAP.
————— —————————————————————————————————————–
Licensing Information /opt/symas/etc/Symas-OpenLDAP-Copyrights.txt
———————– ———————————————-
Package daemons and libraries /opt/symas/ <lib> , where <lib> is the location of the libraries for your particular OS.
——————————- ————————————————————————————————–
Package tools and utilities /opt/symas/bin
—————————– —————-
Package manual Pages /opt/symas/share/man
———————- ———————-
OpenLDAP Configuration Files /opt/symas/etc/openldap
—————————— ————————-
OpenLDAP overlays and modules /opt/symas/ <lib> /openldap, where <lib> is the location of the libraries for your particular OS.
——————————- ———————————————————————————————————–
Default OpenLDAP server (slapd) configuration file /opt/symas/etc/openldap/slapd.conf
—————————————————- ————————————
System-wide OpenLDAP library configuration file /opt/symas/etc/openldap/ldap.conf
————————————————- ———————————–
Start/stop OpenLDAP server script /opt/symas/etc/solserver /etc/init.d/solserver (may vary by OS)
———————————– ——————————————————————-
OpenLDAP server startup configuration /opt/symas/etc/openldap/symas-openldap.conf
————————————— ———————————————
OpenLDAP Schema files /opt/symas/etc/openldap/schema
———————– ——————————–
Heimdal Kerberos Configuration Files /opt/symas/etc/heimdal
————————————– ————————
Kerberos Library and Daemon Configuration file /opt/symas/etc/heimdal/krb5.conf
———————————————— ———————————-
Start/stop Kerberos server script /opt/symas/etc/krbserver /etc/init.d/krbserver (may vary by OS)
———————————– ——————————————————————-
OpenSSL database, certificates, and keys /opt/symas/ssli
—————————————— —————–
SASL authentication modules /opt/symas/ <lib> /sasl2, where <lib> is the location of the libraries for your particular OS.
—————————– ——————————————————————————————————–
OpenLDAP server (slapd) SASL configuration file (sets SASL parameters for slapd) /opt/symas/ <lib> /sasl2/slapd.conf, where <lib> is the location of the libraries for your particular OS.
———————————————————————————- ——————————————————————————————————————-
SASL configuration files /opt/symas/ <lib> /sasl2, where <lib> is the location of the
libraries for your particular OS.
————————– ——————————————————————————————————–

Rapid Deployment Scripts

ExampleDB.sh

Executing the /opt/symas/etc/openldap/exampledb.sh script will install an example database, create generic slapd.conf and symas-openldap.conf files and start the slapd process

All commands run from /opt/symas/etc/openldap

    cd /opt/symas/etc/openldap

Add the path to the Symas slap* and ldap* commands to your path

    export PATH=/opt/symas/bin:\$PATH

Execute exampledb.sh, answer yes to all prompts

    sudo ./exampledb.sh
    Type YES in all CAPS when asked to do so

The exampledb.sh script will start the slapd daemon, make sure it is still running

    sudo/opt/symas/etc/solserver status