RCDevs LDAP Directory
LDAP SLAPD OpenLDAP RCDevs Directory

Download PDF

Installation of RCDevs Directory Server

System requirements:

RCDevs Directory Server (DS) runs on Linux with GLIBC ≥ 2.5. The package contains the required dependencies allowing DS to run on any Linux system without other requirements.

1. Install DS

1.1 Using the Repository

1.1.1 CentOS/RHEL

On a RedHat, CentOS or Fedora system, you can use our repository, which simplifies updates.

Add the repository:

[root@ldap ~]# yum install https://repos.rcdevs.com/redhat/base/rcdevs_release-1.1.1-1.noarch.rpm

Clean yum cache:

[root@ldap ~]# yum clean all

You are now able to install DS on your system:

[root@ldap ~]# yum install slapd

1.1.2 Debian/Ubuntu

Add the repository:

[root@ldap ~]# wget https://repos.rcdevs.com/debian/base/rcdevs-release_1.1.1-1_all.deb
[root@ldap ~]# apt-get install ./rcdevs-release_1.1.1-1_all.deb

Update apt cache:

[root@ldap ~]# apt-get update

Install DS with the apt-get command:

[root@ldap ~]# apt-get install rcdevs-slapd

1.1.3 Setup

The setup script creates the DS system user (slapd), server certificates, filesystem permissions and initializes your LDAP database.

Run the setup script:

[root@ldap ~]# /opt/slapd/bin/setup

Checking system architecture...Ok
Enter the server fully qualified host name (FQDN): ldap.local
Enter your organization name: acme
Is this server a standalone LDAP or a replication peer in an LDAP cluster?
Enter 's' for standalone server or 'r' for a replication peer: s
Enter your Admin password: password
Creating self-signed certificate... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Setting Admin password... Ok
Do you want LDAP Directory to be automatically started at boot (y/n)? y
Adding systemd service... Ok
Do you want to register LDAP Directory logrotate script (y/n)? y
Adding logrotate script... Ok
Do you want to register LDAP Directory DB backup script (y/n)? y
Adding DB backup script... Ok
LDAP Directory has successfully been setup.

1.2 Using the Self-Installer Script

The installation automatically runs the setup script in the /opt/slapd/bin/ directory. This setup script creates the DS system user (slapd), server certificates, filesystem permissions and initializes your LDAP database.

The RCDevs Directory Server can be downloaded on the website.

Unpack and run the installer:

[root@ldap ~]# gunzip slapd-1.0.7-2-x64.sh.gz
[root@ldap ~]# bash slapd-1.0.7-2-x64.sh

RCDevs Directory Server v1.0.7-2 Self Installer
Copyright (c) 2010-2018 RCDevs SA, All rights reserved.

Install RCDevs Directory Server in '/opt/slapd' (y/n)? y
Extracting files, please wait... Ok
Removing temporary files... Ok
Run RCDevs Directory Server setup script now? (y/n)? y
Checking system architecture...Ok
Enter the server fully qualified host name (FQDN): slapd.local
Enter your organization name: acme
Is this server a standalone LDAP or a replication peer in an LDAP cluster?
Enter 's' for standalone server or 'r' for a replication peer: s
Enter your Admin password: password
Creating self-signed certificate... Ok
Creating slapd system user... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Setting Admin password... Ok
Do you want LDAP Directory to be automatically started at boot (y/n)? y
Adding systemd service... Ok
Do you want to register LDAP Directory logrotate script (y/n)? y
Adding logrotate script... Ok
Do you want to register LDAP Directory DB backup script (y/n)? y
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
Please read the README and INSTALL files in /opt/slapd/.

2. Configure RCDevs Directory Server

The configuration is /opt/slapd/conf/slapd.conf. You should not need to change the default configuration but the administrator password. If you need to modify LDAP configurations, please refer to the OpenLDAP Online documentation.

The default LDAP administrator is cn=admin,o=Root. The default password is password if the setup script is run silently. Change the default password to something else before running DS.

If you need more WebADM administrators, create the administrator users in WebADM and set write permissions for the new administrator DNs in /opt/slapd/conf/slapd.conf.

3. Configure WebADM for RCDevs Directory Server

The default WebADM configuration works immediately with DS. You only have to set the LDAP server address in /opt/webadm/conf/servers.xml.

DS supports cleartext and TLS LDAP connections. The LDAP connection encryption mode in WebADM is configurable in the /opt/webadm/conf/servers.xml. When WebADM and DS are installed on the same host, we recommend using no encryption (encryption=“NONE”). When WebADM and DS are running on different hosts, we recommend using TLS encryption (encryption=“TLS”).

3.1 Password Policy with WebADM and RCDevs Directory Server

The default configuration in /opt/slapd/conf/slapd.conf defines a password policy object for the directory:

# Password policy object
overlay		ppolicy
ppolicy_default	"cn=ppolicy,o=Root"

If you wish to define a password policy, you can do it directly from WebADM by creating this object. First, select the o=Root from the LDAP browser in WebADM. Then select “Create child object” followed by object type “Password Policy”.

The “Common Name” must be “ppolicy” to match the setting in slapd.conf.

4. Upgrade

To upgrade RCDevs Directory Server, do not remove the previous version and proceed as you did for the installation by running the self-installer or upgrade with yum or apt.

The upgrade will not override your current configuration files. Instead, it will create .default configuration files. Please check the content of the default files for changes and modify your current files accordingly.

After an upgrade please read the CHANGELOG and REALEASE_NOTES files to get the list of changes and follow the recommendations if any.

Important: If you upgrade with a package for a different architecture, then the LDAP database will not work correctly with the new binaries. For example, if you are running the 32bit version of RCDevs Directory Server (which was the only available version until October 2014) and you upgrade to the 64bit version, then you MUST export the LDAP database in LDIF format before an upgrade and restore it after an upgrade.

4.1 Backend Migration from BDB to MDB

Since the version 1.0.7 of DS, the data store is changed from BDB to MDB for better performances. However, if you update an old version of DS, you need also to change the backend manually if you want to use MDB. The procedure is pretty easy:

Check the current backend and the data:

[root@ldap ~]# grep "^database" /opt/slapd/conf/slapd.conf
database	bdb
[root@ldap ~]# ls /opt/slapd/data
alock  cn.bdb  __db.001  __db.002  __db.003  DB_ARCH  DB_CONFIG  dn2id.bdb  entryUUID.bdb  id2entry.bdb  log.0000000001  o.bdb  objectClass.bdb

Export the db to an ldif file:

[root@ldap ~]# /opt/slapd/bin/dbdump export.ldif
Backup RCDevs Directory data to export.ldif (y/n)? y
Dumping LDAP data... Ok

Update the configuration:

[root@ldap ~]# vi  /opt/slapd/conf/slapd.conf

...
# LDAP database
database mdb      ## replace bdb with mdb
maxsize 64000000  ## set the max size of mermory used for mdb in bytes
...

Import the ldif file:

[root@ldap ~]# /opt/slapd/bin/dbload export.ldif
Restore RCDevs Directory Data from export.ldif (y/n)? y
Removing LDAP data... Ok
Restoring LDAP data... Ok
Restoring file permissions... Ok

Check the data and restart slapd:

[root@ldap ~]# ls /opt/slapd/data
data.mdb  DB_ARCH  DB_TYPE  lock.mdb
[root@ldap ~]# /opt/slapd/bin/slapd start
Checking system architecture... Ok
Checking server configuration... Ok
Starting RCDevs LDAP Directory... Ok

5. Backup

You can back up the database and configuration with:

[root@ldap ~]# /opt/slapd/bin/backup mybackup.gz
Are you sure you want to backup RCDevs LDAP Directory (y/n)? y
Adding conf/slapd.conf... Ok
Adding conf/slapd.crt... Ok
Adding conf/slapd.key... Ok
Adding data... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/slapd.csr... Missing
Adding conf/slapd.env... Missing
Compressing backup file... Ok

RCDevs LDAP Directory backup created in mybackup.gz

And you can restore it with:

[root@ldap ~]# /opt/slapd/bin/restore mybackup.gz
Are you sure you want to restore RCDevs LDAP Directory (y/n)? y
Unpacking backup files... Ok
Checking system architecture...Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Setting Admin password... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
Adding DB backup script... Ok
LDAP Directory has successfully been setup.

RCDevs LDAP Directory backup restored from mybackup.gz

This manual was prepared with great care. However, RCDevs Security S.A. and the author cannot assume any legal or other liability for possible errors and their consequences. No responsibility is taken for the details contained in this manual. Subject to alternation without notice. RCDevs Security S.A. does not enter into any responsibility in this respect. The hardware and software described in this manual is provided on the basis of a license agreement. This manual is protected by copyright law. RCDevs Security S.A. reserves all rights, especially for translation into foreign languages. No part of this manual may be reproduced in any way (photocopies, microfilm or other methods) or transformed into machine-readable language without the prior written permission of RCDevs Security S.A. The latter especially applies for data processing systems. RCDevs Security S.A. also reserves all communication rights (lectures, radio and television). The hardware and software names mentioned in this manual are most often the registered trademarks of the respective manufacturers and as such are subject to the statutory regulations. Product and brand names are the property of RCDevs Security. © 2023 RCDevs Security S.A., All Rights Reserved

RCDevs LDAP Directory LDAP SLAPD OpenLDAP RCDevs Directory Download PDF