2.3. Setup LDAP

[TOP]

2.3.1. Multiple LDAP repositories

By default this test suite provides three LDAP repositories using OpenLDAP and virtual host function.

2.3.2. Installed Files and Directories


/etc/init.d/cpkildap

/usr/local/etc/openldap/cpki_slapd1.conf

/usr/local/etc/openldap/cpki_slapd2.conf

/usr/local/etc/openldap/cpki_slapd3.conf

/var/lib/ldap1

/var/lib/ldap2

/var/lib/ldap3

2.3.3. When the LDAP server is already running

You must stop existing ldap service. If the LDAP service automatically runs while boot, you may change the settings with 'chkconfig' command.


% /etc/init.d/ldap stop

% /sbin/chkconfig --list ldap

2.3.4. If you want to change the number of running LDAP repositories

Edit '/etc/init.d/cpkildap' then comment out the line begins with 'daemon ${sldapd}'.

2.3.5. Startup Multiple LDAP services

Type following as root.


% /etc/init.d/cpkildap start

2.3.6. Check Multiple LDAP services

Type following and confirm that you get 'Success'.


% ldapsearch -h ldap1

% ldapsearch -h ldap2

% ldapsearch -h ldap3

2.3.7. Stop Multiple LDAP services

Type following as root.


% /etc/init.d/cpkildap stop

2.3.8. Regist LDIF file

To regist LDIF file into LDAP repository use the following command.


% cpki_ldapadd -h LDAP_HOST -f LDAP_LDIF

2.3.9. Clean LDAP repository

Type following.


% cpki_ldapclean -h LDAP_HOST

2.3.10. List of Utility Commands

command	description
cpki_ldapadd	regist LDIF file to the LDAP repository.
cpki_ldapclean	delete all nodes of the LDAP repository.

The 'rootdn' and 'passwd' value will be refered from '/usr/local/cpki/bin/cpki_ldapconf.pl' to access LDAP repository.

2.3.11. Administrator's Password and RootDN

This information can be found in the following files.


/usr/local/etc/openldap/cpki_slapd*.conf

/usr/local/cpki/bin/cpki_ldapconf.pl

You should modify and set permission of above files if you care about LDAP security.