ldap_local.rst 1.96 KB
Newer Older
Francesc Guasch's avatar
Francesc Guasch committed
1
2
How to Install a LDAP Server
============================
fv3rdugo's avatar
fv3rdugo committed
3

4
Install 389-ds
fv3rdugo's avatar
fv3rdugo committed
5
6
----------------------------

Fernando Verdugo's avatar
Fernando Verdugo committed
7
.. prompt:: bash
fv3rdugo's avatar
fv3rdugo committed
8

Fernando Verdugo's avatar
Fernando Verdugo committed
9
    sudo apt-get install 389-ds-base
10
11
12
13
14
15
16
17
18
19
20
21
22

Configure directory server
--------------------------

Release 1.3 [old]
~~~~~~~~~~~~~~~~~

This is the configuration tool for older releases of 389 directory server.
If there is no setup-ds tool in your system you probably have the new release,
skip to Release 1.4 instruction bellow.

.. prompt:: bash

Fernando Verdugo's avatar
Fernando Verdugo committed
23
    sudo setup-ds
fv3rdugo's avatar
fv3rdugo committed
24

25
26
27
28
29
30
When requested the server name, answer with the full qualified
domain name of the host: hostname.domainname.
In the next step you must supply the domain name as base for the
configuration. So if your domain name is "foobar.com", the base
will be "dc=foobar,dc=com".

31
32
33
34
Release 1.4 [new]
~~~~~~~~~~~~~~~~~

From release 1.4 we provide an example configuration file for
Francesc Guasch's avatar
Francesc Guasch committed
35
36
creating the new directory instance.

Francesc Guasch's avatar
Francesc Guasch committed
37
.. literalinclude:: ds389.conf
Francesc Guasch's avatar
Francesc Guasch committed
38
39

After you set a password and correct suffix create a LDAP instance with *dscreate*:
40
41
42

.. prompt:: bash

Francesc Guasch's avatar
Francesc Guasch committed
43
    sudo dscreate from-file ds389.conf
44
45
46
47
48
49
50
51
52

Enable and Start the service
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. prompt:: bash

   sudo systemctl start dirsrv@localhost
   sudo systemctl enable dirsrv@localhost

fv3rdugo's avatar
fv3rdugo committed
53
54
55
56
57
58
59
60
61
62
63
Add a LDAP section in the config file
-------------------------------------

The config file usually is /etc/ravada.conf. Add this configuration:

::

    ldap:
        admin_group: test.admin.group
        admin_user:
            dn: cn=Directory Manager
64
65
            password: 12345678
        base: 'dc=example,dc=com'
fv3rdugo's avatar
fv3rdugo committed
66

67
68
69
70
71
72
73
Then restart the services:

.. prompt:: bash

    sudo systemctl restart rvd_back
    sudo systemctl restart rvd_front

fv3rdugo's avatar
fv3rdugo committed
74
75
76
77
78
Insert one test user
--------------------

The ravada backend script allows creating users in the LDAP

Fernando Verdugo's avatar
Fernando Verdugo committed
79
.. prompt:: bash
fv3rdugo's avatar
fv3rdugo committed
80

frankiejol's avatar
frankiejol committed
81
82
83
84
85
86
    sudo rvd_back --add-user-ldap jimmy.mcnulty

There are more commands to easily manage LDAP entries. Check the
`LDAP section from the CLI  <http://ravada.readthedocs.io/en/latest/docs/CLI.html>`_
documentation.