[Date Prev][Date Next] [Chronological] [Thread] [Top]

Instructions to configure Fortress with existing OpenLDAP instance

To: openldap-fortress@openldap.org
Subject: Instructions to configure Fortress with existing OpenLDAP instance
From: Shawn McKinney <shawn.mckinney@jts.us>
Date: Thu, 03 Jul 2014 08:25:01 -0500
Organization: JoshuaTree Software
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0

For installing Fortress to use an existing OpenLDAP instance, follow the excerpt below:

(Full instructions are contained within the README.txt)

___________________________________________________________________________________
###################################################################################
# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation.
###################################################################################

a. Install OpenLDAP using your existing package management system.

For example:

+ On Debian systems: http://wiki.debian.org/LDAP/OpenLDAPSetup

+ Ubuntu: https://help.ubuntu.com/community/OpenLDAPServer

+ etc.

b. Copy fortress schema to openldap schema folder:

cp FORTRESS_HOME/ldap/schema/fortress.schema $OPENLDAP_HOME/etc/openldap/schema

c. Enable Fortress schema in slapd.conf:

include FORTRESS_HOME/etc/openldap/schema/fortress.schema

note: for steps b & c above substitute FORTRESS_HOME for root of your OpenLDAP installation.

d. For password policy support, enable pwpolicy overlay in slapd.conf:

moduleload ppolicy.la

e. For Fortress audit support, enable slapoaccesslog in slapd.conf

moduleload accesslog.la

f. Gather the following information about your OpenLDAP instance:

i. suffix
ii. host
iii. port
iv. ldap user account that has read/write priv for default DIT (root works)
v. pw for above
vi. ldap user account that has read/write priv for access log DIT (log root works)
vii. pw for above

g. Example OpenLDAP instance:

i. dc=example, dc=com
ii. myhostname
iii. 389
iv. "cn=Manager,dc=example,dc=com"
v. secret
vi. "cn=Manager,cn=log"
vii. secret

h. Modify the build.properties file with settings

i.
suffix.name=example
suffix.dc=com

ii. ldap.host=myhostname

iii. ldap.port=389

iv. root.dn=cn=Manager,${suffix}

v. root.pw=secret
note: the above may be hased using slappasswd

vi. log.root.dn=cn=Manager,${log.suffix}

vii. secret

i. Create the Fortress DIT:

from the FORTRESS_HOME root folder, enter the following:

>$ANT_HOME/bin/ant load-slapd

j. Proceed to SECTION 8 to regression test Fortress and OpenLDAP

_______________________________________________________________________________
###############################################################################
# SECTION 8. Instructions to test openldap-fortress-core using regression tests
###############################################################################

a. from FORTRESS_HOME enter the following command:

>$ANT_HOME/bin/ant test-full

Notes:
- These tests load tens of thousands of ldap records into your newly installed directory.
- The 'init-slapd' and/or 'test-full' targets may be re-run as often as necessary.
- After regressions testing has completed. you may run the 'init-slapd' target to remove all test data from the directory.
- if you followed steps in, SECTION 6 (existing OpenLDAP server), do NOT run the init-slapd target
- WARNING log messages in test output are good as these are negative tests in action:
- If these test completes without junit or ant ERRORS, Fortress is certified to run on your target ldap server machine.

--
Shawn McKinney
shawn.mckinney@jts.us

Follow-Ups:
- Re: Instructions to configure Fortress with existing OpenLDAP instance
  - From: Shawn McKinney <shawn.mckinney@jts.us>

Next by Date: Re: Instructions to configure Fortress with existing OpenLDAP instance
Index(es):
- Chronological
- Thread