January 2009
export PKG_PATH=http://osis.service.rug.nl/pub/os/bsd/openbsd/4.4/packages/i386/
sudo pkg_add openldap-server
cyrus-sasl-2.1.22p4: complete
openldap-client-2.3.43: complete
openldap-server-2.3.43: complete
--- openldap-server-2.3.43 -------------------
To start slapd, configure it in /etc/openldap/slapd.conf then add the following line to /etc/rc.conf.local
:
slapd_flags="-u _openldap"
and to /etc/rc.local
(be sure to start it _before_ any daemon that may need it):
if [ "$slapd_flags" != "NO" -a -x /usr/local/libexec/slapd ]; then install -d -o _openldap /var/run/openldap /usr/local/libexec/slapd $slapd_flags echo -n ' slapd' fi
Do as it says.
Into /etc/rc.local
goes:
if [ "$slapd_flags" != "NO" -a -x /usr/local/libexec/slapd ]; then install -d -o _openldap /var/run/openldap /usr/local/libexec/slapd $slapd_flags -h "$slapd_URLs" echo -n ' slapd' fi
And into /etc/rc.conf.local
:
slapd_URLs="ldap://127.0.0.1 ldaps://127.0.0.1 ldap://10.0.12.1 ldaps://10.0.12.1 ldap://10.0.13.1 ldaps://10.0.13.1" slapd_flags="-u _openldap -g _openldap -4"
Note | |
---|---|
Note that the separation of flags and URLs is a trick to make slapd behave as it should.
I haven't figured it out yet, but it seems to me that the routine used to parse the command line (
However, when run fro a script, both versions fail. The first case hasn't changed, and in the second case, |
Now configure in /etc/openldap/slapd.conf
:
include /etc/openldap/schema/core.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database ldbm suffix "dc=mydomain" rootdn "cn=boss,dc=mydomain" rootpw secret directory /var/openldap-data index objectClass eq loglevel 239
Edit /etc/pf.conf
:
pass in log on $intranet_if proto {tcp, udp} from $intranet to $intranet_if:0 port { ldap, ldaps }
and restart the firewall: sudo pfctl -f /etc/pf.conf
On the client:
ldapsearch -x -H ldap://firewall
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
On the client, try:
ldapsearch -x -H ldap://firewall -D"cn=admin,dc=intranet" -W
If that succeeds, pick the entry method of your choice.
I'm using luma
.