From 689417687caa918da9b078fca5de08e3c6ceadfc Mon Sep 17 00:00:00 2001 From: Ryan Haggerty Date: Thu, 27 Oct 2005 18:56:20 +0000 Subject: [PATCH] adding ldap configuration files and README. --- testing/ldap_config_files/README.etc.openldap | 23 +++++ .../ldap_config_files/etc.openldap.slap.conf | 98 +++++++++++++++++++ testing/ldap_config_files/remove_all.ldif | 8 ++ testing/ldap_config_files/root.ldif | 5 + testing/ldap_config_files/users.ldif | 23 +++++ 5 files changed, 157 insertions(+) create mode 100644 testing/ldap_config_files/README.etc.openldap create mode 100644 testing/ldap_config_files/etc.openldap.slap.conf create mode 100644 testing/ldap_config_files/remove_all.ldif create mode 100644 testing/ldap_config_files/root.ldif create mode 100644 testing/ldap_config_files/users.ldif diff --git a/testing/ldap_config_files/README.etc.openldap b/testing/ldap_config_files/README.etc.openldap new file mode 100644 index 00000000..f2d0d09e --- /dev/null +++ b/testing/ldap_config_files/README.etc.openldap @@ -0,0 +1,23 @@ +The most important file is slapd.conf. it has some quick configs necisarry for testing. +the file etc.openldap.slapd.conf belongs at /etc/openldap/slapd.conf + +install the packages if they are not already + yum -y install openldap-server openldap-clients + +add the root dn + slapadd -v -l root.ldif + +start the service + /etc/init.d/ldap start + +add some test entries (service must be running) + ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -a -v -f users.ldif + +remove them + ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -v -f remove_all.ldif + +read them with slapcat + slapcat + +or read them with a client tool + ldapsearch -x -b "dc=plainjoe,dc=org" "(objectclass=*)" diff --git a/testing/ldap_config_files/etc.openldap.slap.conf b/testing/ldap_config_files/etc.openldap.slap.conf new file mode 100644 index 00000000..96a0177b --- /dev/null +++ b/testing/ldap_config_files/etc.openldap.slap.conf @@ -0,0 +1,98 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/nis.schema + +# Allow LDAPv2 client connections. This is NOT the default. +allow bind_v2 + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /var/run/slapd.pid +argsfile /var/run/slapd.args + +# Load dynamic backend modules: +# modulepath /usr/sbin/openldap +# moduleload back_bdb.la +# moduleload back_ldap.la +# moduleload back_ldbm.la +# moduleload back_passwd.la +# moduleload back_shell.la + +# The next three lines allow use of TLS for encrypting connections using a +# dummy test certificate which you can generate by changing to +# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on +# slapd.pem so that the ldap user or group can read it. Your client software +# may balk at self-signed certificates, however. +# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt +# TLSCertificateFile /etc/pki/tls/certs/slapd.pem +# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +#just allow anyone to do whatever for testing purposes +access to * + by * write + +####################################################################### +# ldbm and/or bdb database definitions +####################################################################### + +database bdb +suffix "dc=plainjoe,dc=org" +rootdn "cn=Manager,dc=plainjoe,dc=org" +# Cleartext passwords, especially for the rootdn, should +# be avoided. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +# rootpw secret +# rootpw {crypt}ijFYNcSNctBYg +rootpw {SSHA}3Q3i+6viSPu3ZIso9ta6cYtNS4TEAXuO + +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/ldap + +# Indices to maintain for this database +index objectClass eq,pres +index ou,cn,mail,surname,givenname eq,pres,sub +index uidNumber,gidNumber,loginShell eq,pres +index uid,memberUid eq,pres,sub +index nisMapName,nisMapEntry eq,pres,sub + +# Replicas of this database +#replogfile /var/lib/ldap/openldap-master-replog +#replica host=ldap-1.example.com:389 starttls=critical +# bindmethod=sasl saslmech=GSSAPI +# authcId=host/ldap-master.example.com@EXAMPLE.COM diff --git a/testing/ldap_config_files/remove_all.ldif b/testing/ldap_config_files/remove_all.ldif new file mode 100644 index 00000000..499713e3 --- /dev/null +++ b/testing/ldap_config_files/remove_all.ldif @@ -0,0 +1,8 @@ +dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org +changetype: delete + +dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org +changetype: delete + +dn: ou=people,dc=plainjoe,dc=org +changetype: delete diff --git a/testing/ldap_config_files/root.ldif b/testing/ldap_config_files/root.ldif new file mode 100644 index 00000000..a376ce8d --- /dev/null +++ b/testing/ldap_config_files/root.ldif @@ -0,0 +1,5 @@ +dn: dc=plainjoe,dc=org +dc: plainjoe +objectClass: dcObject +objectClass: organizationalUnit +ou: PlainJoe Dot Org diff --git a/testing/ldap_config_files/users.ldif b/testing/ldap_config_files/users.ldif new file mode 100644 index 00000000..3ac0e273 --- /dev/null +++ b/testing/ldap_config_files/users.ldif @@ -0,0 +1,23 @@ +dn: ou=people,dc=plainjoe,dc=org +ou: people +objectClass: organizationalUnit + +dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org +cn: Some Guy +sn: Guy +mail: sguy@place.com +mail: sguy@otherplace.com +labeledURI: http://www.place.com/sguy/index.php +roomNumber: 1234 his room +departmentNumber: sw devel +pager: 555-666-7777 +mobile: 898-898-8989 +objectClass: inetOrgPerson + +dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org +cn: Other Guy +sn: Guy +mail: oguy@place.com +departmentNumber: hw devel +mobile: 898-898-9999 +objectClass: inetOrgPerson