Skip to content

Commit

Permalink
Switch from BDB to MDB database backend
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiomt committed Jan 25, 2019
1 parent 8dd8f50 commit 56851e8
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 26 deletions.
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -854,7 +854,11 @@ server are both running on the same machine.

[Installation Script](vagrant-setup/openldap24.sh)

OpenLDAP is compiled with TCP Wrappers and using Berkeley DB 6.2 as database.
OpenLDAP is compiled with TCP Wrappers and using MDB as database.

Berkeley DB 6.2 (HDB) can also be used by editing [slapd2.ldif](vagrant-setup/ldap/slapd2.ldif) and [ppolicyoverlay.ldif](vagrant-setup/ldap/ppolicyoverlay.ldif).

A password policy is set with an SSHA password hashing scheme.

If HTTPD is installed then OpenLDAP script installs phpLDAPAdmin as well
which can be accessed through:
Expand Down
14 changes: 12 additions & 2 deletions vagrant-setup/ldap/init.d/slapd
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,21 @@ echo "starting slapd server"
;;
stop)
echo "stopping slapd server"
kill -INT `cat /usr/local/var/run/slapd.pid`
if [ -f "cat /usr/local/var/run/slapd.pid" ]
then
kill -INT `cat /usr/local/var/run/slapd.pid`
else
kill -9 `pidof slapd`
fi
;;
restart)
echo "stopping slapd server"
kill -INT `cat /usr/local/var/run/slapd.pid`
if [ -f "cat /usr/local/var/run/slapd.pid" ]
then
kill -INT `cat /usr/local/var/run/slapd.pid`
else
kill -9 `pidof slapd`
fi
echo "starting slapd server"
/usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d
;;
Expand Down
4 changes: 2 additions & 2 deletions vagrant-setup/ldap/ppolicyoverlay.ldif
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=Policies,dc=auth,dc=com
olcPPolicyHashCleartext: FALSE
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE
73 changes: 53 additions & 20 deletions vagrant-setup/ldap/slapd2.ldif
Original file line number Diff line number Diff line change
Expand Up @@ -26,33 +26,66 @@ include: file:///usr/local/etc/openldap/schema/core.ldif
include: file:///usr/local/etc/openldap/schema/ppolicy.ldif

#######################################################################
# BDB database definitions
# BDB/HDB database definitions
#######################################################################

dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcSuffix: dc=auth,dc=com
olcRootDN: cn=Manager,dc=auth,dc=com
olcRootPW: secret
olcDbDirectory: /usr/local/var/auth-data
olcDbCachesize: 1000
olcDbIDLcacheSize: 3000
olcDbSearchStack: 8
olcDbIndex: objectClass,ou,cn,sn,uid,email eq
olcAccess: to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=auth,dc=com" write
by * none
# dn: olcDatabase=bdb,cn=config
# objectClass: olcDatabaseConfig
# objectClass: olcBdbConfig
# olcDatabase: bdb
# olcSuffix: dc=auth,dc=com
# olcRootDN: cn=Manager,dc=auth,dc=com
# olcRootPW: secret
# olcDbDirectory: /usr/local/var/auth-data
# olcDbCachesize: 1000
# olcDbIDLcacheSize: 3000
# olcDbSearchStack: 8
# olcDbIndex: objectClass,ou,cn,sn,uid,email eq
# olcAccess: to attrs=userPassword
# by self write
# by anonymous auth
# by dn.base="cn=Manager,dc=auth,dc=com" write
# by * none
# olcAccess: to *
# by self write
# by anonymous search
# by dn.base="cn=Manager,dc=auth,dc=com" write
# by * read

# dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
# objectclass: olcPPolicyConfig
# olcOverlay: ppolicy
# olcPPolicyDefault: cn=passwordDefault,ou=Policies,dc=auth,dc=com

#######################################################################
# MDB database definitions
#######################################################################

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: dc=auth,dc=com
olcDbDirectory: /usr/local/var/auth-data
olcRootDN: cn=Manager,dc=auth,dc=com
olcRootPW: secret
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcMonitoring: TRUE
olcDbEnvFlags: writemap
olcDBNoSync: TRUE
olcAccess: to *
by self write
by anonymous search
by dn.base="cn=Manager,dc=auth,dc=com" write
by * read
by * read
olcAccess: to attrs=userPassword
by dn="cn=Manager,dc=auth,dc=com" write
by anonymous auth
by self write
by * none

dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
objectclass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=passwordDefault,ou=Policies,dc=auth,dc=com
2 changes: 1 addition & 1 deletion vagrant-setup/openldap24.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ else
export LD_LIBRARY_PATH="/usr/share/$BDB/build_unix/.libs"

# ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib --disable-static --disable-debug --with-tls=openssl --with-cyrus-sasl --enable-dynamic --enable-crypt --enable-spasswd --enable-slapd --enable-modules --enable-rlookups --enable-backends=mod --disable-ndb --disable-sql --disable-shell --disable-bdb --disable-hdb --enable-overlays=mod
./configure --enable-wrappers --enable-ppolicy --disable-hdb --disable-mdb --disable-ndb --disable-sql
./configure --enable-wrappers --enable-ppolicy --enable-mdb --disable-bdb --disable-hdb --disable-sql
make depend
make
make install
Expand Down

0 comments on commit 56851e8

Please sign in to comment.