setup-ldap.sh is a shell script which configures OpenLDAP server on Red Hat Enterprise Linux 6.3. setup-ldap.sh has 2 options currently to setup as Master (provider) or consumer (slave).
This script uses a sample slapd.conf (sample-slapd.conf) which is converted to cn=config format.
Script uses "cn=config" feature provided with OpenLDAP 2.4 to setup an suffix through LDAP operations. It currently Configures the following the following
- Creates a bdb backend for a suffix
- Configures TLS when certs are provided
- Enables ppolicy.la,syncprov.la,accesslog.la modules on Master
- Configures accesslog (cn=accesslog) on Provider to save all the changes that will be replicated on slave
- When script is run with --slave option it also configures syncreplication agreement with provider server.
In future versions, I would like to add the following:
- Configure a samba PDC
- Configure a Samba BDC
-
Get the latest code from github
git clone [email protected]/mrniranjan/setup-openldap.git -
The following files will be copied
common.sh create\_ou.conf defines.sh README sample-slapd.conf setup-ldap.sh TODO -
Make sure openldap-servers package is installed on RHEL
-
Run the script as:
./setup-ldap.sh --master (To configure provider) ./setup-ldap.sh --slave (To configure consumer) -
when run as ./setup-ldap.sh --master configure cn=config database, suffix (as provided by user) with bdb backend . This backend uses /var/lib/ldap , and also sets up cn=accesslog suffix which uses /var/lib/ldap-accesslog directory
-
When run as ./setup-ldap.sh --slave configures cn=config database, suffix (as provided by user) with bdb backend . This backend uses /var/lib/ldap , and also sets up syncreplication agreement with provider.
-
This script also configure TLS/SSL for slapd when certificate paths are provided