Jail

Notes:

Debugging:
/usr/local/libexec/slapd -Tt
/usr/local/libexec/slapd -d1

ldapsearch -x -W -D cn=admin,dc=infra
ldapsearch -x -H ldap://ldap.ahlawat.com
ldapsearch -x -H ldaps://ldap.ahlawat.com

ldapsearch -h localhost -D cn=admin,dc=infra -b dc=infra -W
ldapsearch -h ldap.ahlawat.com -D cn=admin,dc=infra -b dc=infra -W



// First time
slappasswd -h '{SHA}'
nano /usr/local/etc/openldap/slapd.conf
#include all non wip schema
#Uncomment back_mdb and back_ldap
#add SHA password from previous command
rootpw          {SHA}...
logfile /var/log/slapd.log
loglevel 256
//



ldap openldap # diff slapd.conf slapd.conf.sample
5,16c5
< include   /usr/local/etc/openldap/schema/core.schema
< include /usr/local/etc/openldap/schema/cosine.schema
< include /usr/local/etc/openldap/schema/corba.schema
< include /usr/local/etc/openldap/schema/inetorgperson.schema
< include /usr/local/etc/openldap/schema/nis.schema
< include /usr/local/etc/openldap/schema/collective.schema
< include /usr/local/etc/openldap/schema/openldap.schema
< include /usr/local/etc/openldap/schema/duaconf.schema
< include /usr/local/etc/openldap/schema/dyngroup.schema
< include /usr/local/etc/openldap/schema/misc.schema
< include /usr/local/etc/openldap/schema/pmi.schema
< include /usr/local/etc/openldap/schema/ppolicy.schema
---
> include       /usr/local/etc/openldap/schema/core.schema
29,30c18,19
< moduleload    back_mdb
< moduleload    back_ldap
---
> # moduleload  back_mdb
> # moduleload  back_ldap
59,77d47
< #access to attrs=userPassword
< #    by self =wx
< #    by anonymous auth
< #    by users read
< #    by * none
<
< access to attrs=userPassword
<     by self write
<     by * read
<
< #access to *
< #    by self read
< #    by anonymous read
< #    by users read
< #    by * none
<
< access to *
<     by * read
<
84,86c54,55
< suffix        "dc=infra"
< rootdn        "cn=admin,dc=infra"
<
---
> suffix        "dc=my-domain,dc=com"
> rootdn        "cn=Manager,dc=my-domain,dc=com"
90,91c59
< rootpw        {SHA}...
<
---
> rootpw        secret
96d63
<
98,117c65
< index objectClass  eq
< index uid          eq
< index uidNumber    eq
< index uniqueMember eq
< index gidNumber    eq
< index cn           eq
< index memberUid    eq
< index mail         eq
<
< logfile /var/log/slapd.log
< loglevel 256
<
< overlay            memberof
< memberof-dangling  drop
< memberof-refint    TRUE
<
< TLSCertificateFile /mnt/certs/fullchain.pem
< TLSCertificateKeyFile /mnt/certs/privkeyr.pem
< TLSCACertificateFile /mnt/certs/fullchain.pem
< TLSDHParamFile /mnt/certs/dhparam4096.pem
---
> index objectClass eq
ldap openldap #