Red Hat Enterprise Linux 5 Administration Unleashed

Enabling LDAP 267Level and Firewall from the System menu on the top panel of the desktop or by executingthe system-config-securitylevel command. Enter the root password when prompted ifrunning as a non-root user. Click Add next to the Other ports table to add a port.Configuring the LDAP ServerOn Red Hat Enterprise Linux, OpenLDAP is used to implement an LDAP server.OpenLDAP is an open source implementation of LDAP. The openldap and openldapserversRPM packages must be installed on the system to configure it as an LDAP server.12Setting Up the LDAP Configuration FilesThe LDAP daemon, slapd, uses /etc/openldap/slapd.conf as its main configuration file.There are many configuration options available for slapd.conf. Refer to the slapd.confman page for a complete list. At a minimum, the following need to be set:. At least one suffix must be defined with the domain for which the LDAP directory isproviding entries. Replace the sample suffix line with the information for yourdomain, such as the following for example.com:suffix“dc=example,dc=com”. Define a user who has complete control over the directory. This user is not subjectto access control or other restrictions. Replace the sample rootdn line with the superuserfor LDAP and the domain name for the directory such as the following:rootdn“cn=root,dc=example,dc=com”. If you plan to perform maintenance on the directory remotely, an encrypted passwordcan be set so the user defined with the rootdn option has to provide a passwordbefore modifying the database. If you don’t need remote maintenance, thisoption is not necessary. To generate the encrypted version of the password, executethe slappasswd command. Be sure to copy and paste the entire output as the valueof the rootpw option, including the encryption method such as the following:rootpw{SSHA}vhSdnGD3mNZpvxF63OmuaAUlNF16yVVTEven though the password is encrypted in the configuration file, it is still sent unencryptedfrom the client to the server unless encryption is enabled. Refer to the “EnablingTLS Encryption for LDAP” section for details.Also create a DB_CONFIG file in the /var/lib/ldap/ directory (or the directory definedwith the directory option in slapd.conf). This file contains tuning options for the directory.The example file, /etc/openldap/DB_CONFIG.example is included with the openldapserverspackage. Use it as a starting point and modify the settings for your LDAPdirectory environment. If this file doesn’t exist, an error message such as the following isshown each time slapcat, slapadd, and other administrative utilities are run:bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)Expect poor performance for suffix dc=example,dc=com.