October 30, 2012

Create multiple databases to OpenLDAP

Perform the following action at creating a new other database if a database is already existed.

Setting of OpenLDAP

$ sudo mkdir /var/lib/ldap2
$ sudo chown openldap:openldap /var/lib/ldap2
$ sudo ldapvi -Y EXTERNAL -h ldapi:/// -b cn=config

Append lines as follow to last lines with a blank line.

add olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap2
olcSuffix: dc=example,dc=org
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=org" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=org
olcRootPW: {SSHA}AWtw2vmrYibntFzTJrcxjW13A3xlI+ck
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq

(save then,)
add: 1, rename: 0, modify: 0, delete: 0
Action? [yYqQvVebB*rsf+?] y
Done

Generate password for rootdn of a new database

$ slappasswd
New password:
Re-enter new password:
{SSHA}3n2Z4m3XfLFMV6wK+neR8bGlptUHJpJC

Add new entries to new database

You should use ‘-A’ option, this option start with an empty file without searcing.

$ sudo ldapvi -D cn=admin,dc=example,dc=org -A

--- Login
Type M-h for help on key bindings.

Filter or DN: cn=admin,dc=example,dc=org
Password: ********

Example entries is follow

add dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: example.org
dc: example

add cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: {SSHA}3n2Z4m3XfLFMV6wK+neR8bGlptUHJpJC

add ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People

(save, then)
add: 3, rename: 0, modify: 0, delete: 0
Action? [yYqQvVebB*rsf+?] y
Done

At this point, you will be able to do the entry in the same way as the existing LDAP database.

投稿者 mkouhei

カテゴリー: Ops

タグ: OpenLDAP, ldapvi

• « Postfix with LDAP for Dovecot
• OpenSSH LDAP public key »

最近の投稿

• LEGO 展示棚を設置しました
• Google Nest Hub, Google Home mini 復活
• ABUS Bordo Lite Mini 6055/60
• ヘッドライトとリアライト
• Brompton M6L を入手しました
• pipenv 環境でのコマンドを直接実行する
• 2017年の振り返りと2018年の抱負
• 再びpython-debianのお話
• VirtualBoxをPowerShellで操作する
• ThinkPad T470sに乗り換え

Search

カテゴリー

• ansible (2)
• Bike (3)
• book (23)
• cat (63)
• Celery (1)
• Cloud (1)
• computer (195)
• CouchDB (35)
• Debian (425)
• Dev (26)
• emacs (1)
• error (74)
• gadget (117)
• Git (14)
• git-buildpackage (1)
• Golang (2)
• Kids (1)
• LDAP (3)
• life (798)
• lint (1)
• MacBook (137)
• meeting (107)
• network (84)
• nonsense (208)
• Ops (90)
• Packaging (3)
• PowerDNS (1)
• programming (7)
• Python (19)
• Ruby (2)
• security (54)
• TeX (13)
• Unix/Linux (238)
• virt. (109)
• Windows (1)
• work (261)

タグ

ansible (2), Ansible (2), ansible galaxy (1), Apache (1), AppArmor (1), apt (3), Armadillo-9 (1), auto install (1), b-mobile WiFi (1), Bash (1), blockdiag (3), blog (1), bootstrap-py (1), Brompton (3), C (1), Cat (1), Celery (3), CentOS (3), Cisco ASA (1), ClamAV (1), CouchDB (4), CouchDB JP (1), daemontools (1), Debian (48), Debian Pure Blend (1), DebianUbuntuAdvent2012 (1), DebianUbuntuAdvent2013 (5), DebianUbuntuAdvent2017 (1), debsign (1), Display manager (1), dnsmasq (2), Dovecot (1), dovecot (1), dvipdfmx (1), e-Tax (2), El Capitan (1), emacs (2), Erlang (4), fastcgi (1), fetchmail (1), gdm (1), Genenga (1), Git (9), git-filter-branch (1), GitLab (2), GitPython (1), Gmail (1), GNU/Linux (1), GnuPG (1), Golang (3), Google Home mini (1), Google Nest Hub (1), Gosh (2), GPT (1), grub2 (3), grubs (1), hddtemp (1), Heroku (1), Hiki (1), hiki (1), i2c-tools (1), include_csv (1), iori (1), IPv6 (2), iPXE (1), Jenkins (5), JetDrive (1), JSON (1), lambda (1), ldapvi (2), LEGO (1), Lenny (4), libvirt (1), lighttpd (4), Linkdraw (1), lint (1), Linux (3), lm-sensors (1), Lua (1), lv (1), lxc (5), MacBook (4), MacBookPro (3), make-jpkg (1), Mercurial (2), mkpasswd (1), mock (1), MVNO (1), MySQL (2), net-tools (1), nginx (2), Nginx (3), nslcd (1), nwfilter (1), omame (3), OpenBlockS (3), OpenConnect (1), OpenLDAP (14), OpenMicroServer (2), OpenSSH (3), openssh-lpk (3), OpenStack (3), Oracle (1), OS X (2), packaging (1), pbuilder (1), pep8 (1), Perl (1), PHP (1), pidgin (1), pipenv (1), piuparts (1), PlantUML (1), plantuml-mode (1), PoE (1), Postfix (2), Power unit (1), PowerDNS (2), PowerShell (1), Precise (1), preseed (2), procmail (1), pylibmc (1), Pyramid (1), pystache (1), Python (16), python (4), python-debian (1), Python-LDAP (1), Python2.6 (1), Python2.7 (1), python_debian (1), python_gnupg (1), RabbitMQ (1), Redmine (1), redmine (1), REPL (1), reportbug (1), reprepro (2), rpm (1), RSA SecurID (1), rsyslog (1), RTX830 (1), Ruby (2), Scratch (1), Sendmail (1), Sid (1), Sinatra (1), slim (1), smbclient (1), sphinx (2), Sphinx (2), Squeeze (1), SSD/Linux (1), sshd (1), sudo (1), Swift (1), Switch (1), Sylpheed (1), sysbench (1), systemd (1), sysvinit (1), TACACS+ (1), td2planet (3), ThinkPad (1), tinkerer (7), Tomcat (1), TonicDNS (3), trac (1), Ubuntu (11), upstart (1), uscan (1), vi (1), virt-manager (1), VirtualBox (3), Vyatta (2), Wheezy (3), wheezy (1), wifi (1), Windows (1), Windows 10 (1), Windows 8.1 (1), work (3), yrmcds (1), ブログ移行 (1), 個人番号カード (2), 確定申告 (2), 自宅サーバの思い出 Advent Calendar 2016 (1)