[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Instructions to configure Fortress with existing OpenLDAP instance
- To: openldap-fortress@openldap.org
- Subject: Instructions to configure Fortress with existing OpenLDAP instance
- From: Shawn McKinney <shawn.mckinney@jts.us>
- Date: Thu, 03 Jul 2014 08:25:01 -0500
- Organization: JoshuaTree Software
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
For installing Fortress to use an existing OpenLDAP instance, follow the excerpt below:
(Full instructions are contained within the README.txt)
___________________________________________________________________________________
###################################################################################
# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation.
###################################################################################
a. Install OpenLDAP using your existing package management system.
For example:
+ On Debian systems: http://wiki.debian.org/LDAP/OpenLDAPSetup
+ Ubuntu: https://help.ubuntu.com/community/OpenLDAPServer
+ etc.
b. Copy fortress schema to openldap schema folder:
cp FORTRESS_HOME/ldap/schema/fortress.schema $OPENLDAP_HOME/etc/openldap/schema
c. Enable Fortress schema in slapd.conf:
include FORTRESS_HOME/etc/openldap/schema/fortress.schema
note: for steps b & c above substitute FORTRESS_HOME for root of your OpenLDAP installation.
d. For password policy support, enable pwpolicy overlay in slapd.conf:
moduleload ppolicy.la
e. For Fortress audit support, enable slapoaccesslog in slapd.conf
moduleload accesslog.la
f. Gather the following information about your OpenLDAP instance:
i. suffix
ii. host
iii. port
iv. ldap user account that has read/write priv for default DIT (root works)
v. pw for above
vi. ldap user account that has read/write priv for access log DIT (log root works)
vii. pw for above
g. Example OpenLDAP instance:
i. dc=example, dc=com
ii. myhostname
iii. 389
iv. "cn=Manager,dc=example,dc=com"
v. secret
vi. "cn=Manager,cn=log"
vii. secret
h. Modify the build.properties file with settings
i.
suffix.name=example
suffix.dc=com
ii. ldap.host=myhostname
iii. ldap.port=389
iv. root.dn=cn=Manager,${suffix}
v. root.pw=secret
note: the above may be hased using slappasswd
vi. log.root.dn=cn=Manager,${log.suffix}
vii. secret
i. Create the Fortress DIT:
from the FORTRESS_HOME root folder, enter the following:
>$ANT_HOME/bin/ant load-slapd
j. Proceed to SECTION 8 to regression test Fortress and OpenLDAP
_______________________________________________________________________________
###############################################################################
# SECTION 8. Instructions to test openldap-fortress-core using regression tests
###############################################################################
a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant test-full
Notes:
- These tests load tens of thousands of ldap records into your newly installed directory.
- The 'init-slapd' and/or 'test-full' targets may be re-run as often as necessary.
- After regressions testing has completed. you may run the 'init-slapd' target to remove all test data from the directory.
- if you followed steps in, SECTION 6 (existing OpenLDAP server), do NOT run the init-slapd target
- WARNING log messages in test output are good as these are negative tests in action:
- If these test completes without junit or ant ERRORS, Fortress is certified to run on your target ldap server machine.
--
Shawn McKinney
shawn.mckinney@jts.us