RCDevs LDAP Directory
Installation of RCDevs Directory Server
System requirements:
RCDevs Directory Server (DS) runs on Linux with GLIBC ≥ 2.5. The package contains the required dependencies allowing DS to run on any Linux system without other requirements.
1. Install DS
1.1 Using the Repository
1.1.1 CentOS/RHEL
On a RedHat, CentOS or Fedora system, you can use our repository, which simplifies updates.
Add the repository:
[root@ldap ~]# yum install https://repos.rcdevs.com/redhat/base/rcdevs_release-1.1.1-1.noarch.rpm
Clean yum cache:
[root@ldap ~]# yum clean all
You are now able to install DS on your system:
[root@ldap ~]# yum install slapd
1.1.2 Debian/Ubuntu
Add the repository:
[root@ldap ~]# wget https://repos.rcdevs.com/debian/base/rcdevs-release_1.1.1-1_all.deb
[root@ldap ~]# apt-get install ./rcdevs-release_1.1.1-1_all.deb
Update apt cache:
[root@ldap ~]# apt-get update
Install DS with the apt-get command:
[root@ldap ~]# apt-get install rcdevs-slapd
1.1.3 Setup
The setup script creates the DS system user (slapd), server certificates, filesystem permissions and initializes your LDAP database.
Run the setup script:
[root@ldap ~]# /opt/slapd/bin/setup
Checking system architecture...Ok
Enter the server fully qualified host name (FQDN): ldap.local
Enter your organization name: acme
Is this server a standalone LDAP or a replication peer in an LDAP cluster?
Enter 's' for standalone server or 'r' for a replication peer: s
Enter your Admin password: password
Creating self-signed certificate... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Setting Admin password... Ok
Do you want LDAP Directory to be automatically started at boot (y/n)? y
Adding systemd service... Ok
Do you want to register LDAP Directory logrotate script (y/n)? y
Adding logrotate script... Ok
Do you want to register LDAP Directory DB backup script (y/n)? y
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
1.2 Using the Self-Installer Script
The installation automatically runs the setup script in the /opt/slapd/bin/
directory. This setup script creates the DS system user (slapd), server certificates, filesystem permissions and initializes your LDAP database.
The RCDevs Directory Server can be downloaded on the website.
Unpack and run the installer:
[root@ldap ~]# gunzip slapd-1.0.7-2-x64.sh.gz
[root@ldap ~]# bash slapd-1.0.7-2-x64.sh
RCDevs Directory Server v1.0.7-2 Self Installer
Copyright (c) 2010-2018 RCDevs SA, All rights reserved.
Install RCDevs Directory Server in '/opt/slapd' (y/n)? y
Extracting files, please wait... Ok
Removing temporary files... Ok
Run RCDevs Directory Server setup script now? (y/n)? y
Checking system architecture...Ok
Enter the server fully qualified host name (FQDN): slapd.local
Enter your organization name: acme
Is this server a standalone LDAP or a replication peer in an LDAP cluster?
Enter 's' for standalone server or 'r' for a replication peer: s
Enter your Admin password: password
Creating self-signed certificate... Ok
Creating slapd system user... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Setting Admin password... Ok
Do you want LDAP Directory to be automatically started at boot (y/n)? y
Adding systemd service... Ok
Do you want to register LDAP Directory logrotate script (y/n)? y
Adding logrotate script... Ok
Do you want to register LDAP Directory DB backup script (y/n)? y
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
Please read the README and INSTALL files in /opt/slapd/.
2. Configure RCDevs Directory Server
The configuration is /opt/slapd/conf/slapd.conf
. You should not need to change the default configuration but the administrator password. If you need to modify LDAP configurations, please refer to the OpenLDAP Online documentation.
The default LDAP administrator is cn=admin,o=Root. The default password is password if the setup script is run silently. Change the default password to something else before running DS.
If you need more WebADM administrators, create the administrator users in WebADM and set write permissions for the new administrator DNs in /opt/slapd/conf/slapd.conf
.
3. Configure WebADM for RCDevs Directory Server
The default WebADM configuration works immediately with DS. You only have to set the LDAP server address in /opt/webadm/conf/servers.xml
.
DS supports cleartext and TLS LDAP connections. The LDAP connection encryption mode in WebADM is configurable in the /opt/webadm/conf/servers.xml
. When WebADM and DS are installed on the same host, we recommend using no encryption (encryption=“NONE”). When WebADM and DS are running on different hosts, we recommend using TLS encryption (encryption=“TLS”).
3.1 Password Policy with WebADM and RCDevs Directory Server
The default configuration in /opt/slapd/conf/slapd.conf
defines a password policy object for the directory:
# Password policy object
overlay ppolicy
ppolicy_default "cn=ppolicy,o=Root"
If you wish to define a password policy, you can do it directly from WebADM by creating this object. First, select the o=Root from the LDAP browser in WebADM. Then select “Create child object” followed by object type “Password Policy”.
The “Common Name” must be “ppolicy” to match the setting in slapd.conf
.
4. Upgrade
To upgrade RCDevs Directory Server, do not remove the previous version and proceed as you did for the installation by running the self-installer or upgrade with yum or apt.
The upgrade will not override your current configuration files. Instead, it will create .default configuration files. Please check the content of the default files for changes and modify your current files accordingly.
After an upgrade please read the CHANGELOG and REALEASE_NOTES files to get the list of changes and follow the recommendations if any.
Important: If you upgrade with a package for a different architecture, then the LDAP database will not work correctly with the new binaries. For example, if you are running the 32bit version of RCDevs Directory Server (which was the only available version until October 2014) and you upgrade to the 64bit version, then you MUST export the LDAP database in LDIF format before an upgrade and restore it after an upgrade.
4.1 Backend Migration from BDB to MDB
Since the version 1.0.7 of DS, the data store is changed from BDB to MDB for better performances. However, if you update an old version of DS, you need also to change the backend manually if you want to use MDB. The procedure is pretty easy:
Check the current backend and the data:
[root@ldap ~]# grep "^database" /opt/slapd/conf/slapd.conf
database bdb
[root@ldap ~]# ls /opt/slapd/data
alock cn.bdb __db.001 __db.002 __db.003 DB_ARCH DB_CONFIG dn2id.bdb entryUUID.bdb id2entry.bdb log.0000000001 o.bdb objectClass.bdb
Export the db to an ldif file:
[root@ldap ~]# /opt/slapd/bin/dbdump export.ldif
Backup RCDevs Directory data to export.ldif (y/n)? y
Dumping LDAP data... Ok
Update the configuration:
[root@ldap ~]# vi /opt/slapd/conf/slapd.conf
...
# LDAP database
database mdb ## replace bdb with mdb
maxsize 64000000 ## set the max size of mermory used for mdb in bytes
...
Import the ldif file:
[root@ldap ~]# /opt/slapd/bin/dbload export.ldif
Restore RCDevs Directory Data from export.ldif (y/n)? y
Removing LDAP data... Ok
Restoring LDAP data... Ok
Restoring file permissions... Ok
Check the data and restart slapd:
[root@ldap ~]# ls /opt/slapd/data
data.mdb DB_ARCH DB_TYPE lock.mdb
[root@ldap ~]# /opt/slapd/bin/slapd start
Checking system architecture... Ok
Checking server configuration... Ok
Starting RCDevs LDAP Directory... Ok
5. Backup
You can back up the database and configuration with:
[root@ldap ~]# /opt/slapd/bin/backup mybackup.gz
Are you sure you want to backup RCDevs LDAP Directory (y/n)? y
Adding conf/slapd.conf... Ok
Adding conf/slapd.crt... Ok
Adding conf/slapd.key... Ok
Adding data... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/slapd.csr... Missing
Adding conf/slapd.env... Missing
Compressing backup file... Ok
RCDevs LDAP Directory backup created in mybackup.gz
And you can restore it with:
[root@ldap ~]# /opt/slapd/bin/restore mybackup.gz
Are you sure you want to restore RCDevs LDAP Directory (y/n)? y
Unpacking backup files... Ok
Checking system architecture...Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Setting Admin password... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
RCDevs LDAP Directory backup restored from mybackup.gz