37.5 Configuring an LDAP Server with YaST
Use YaST to set up an LDAP server. Typical use cases for LDAP servers
include the management of user account data and the configuration of mail,
DNS, and DHCP servers.
To set up an LDAP server for user account data, proceed as
follows:
-
Log in as root.
-
Start YaST and select .
-
Set LDAP to be started at system boot.
-
If the LDAP server should announce its services via SLP, check
.
-
Select to configure and .
To configure the of your LDAP
server, proceed as follows:
-
Accept or modify the schema files included in the server's
configuration by selecting in
the left part of the dialog.
The default selection of schema files applies to the server providing
a source of YaST user account data.
-
With , configure the degree of
logging activity (verbosity) of the LDAP server. From the predefined list,
select or deselect the logging options according to your needs. The more
options are enabled, the larger your log files grow.
-
Determine the connection types the LDAP
server should allow. Choose from:
- bind_v2
-
This option enables connection requests (bind requests) from clients
using the previous version of the protocol (LDAPv2).
- bind_anon_cred
-
Normally the LDAP server denies any authentication attempts with empty
credentials (DN or password). Enabling this option, however, makes it
possible to connect with a password and no DN to establish an anonymous
connection.
- bind_anon_dn
-
Enabling this option makes it possible to connect without
authentication (anonymously) using a DN but no password.
- update_anon
-
Enabling this option allows nonauthenticated (anonymous) update
operations. Access is restricted according to ACLs and other rules (see
Section 37.3.1,
Global Directives in slapd.conf).
-
To configure secure communication between client and server, proceed
with :
-
Set to to
enable TLS and SSL encryption of the client/server communication.
-
Click and determine how to obtain
a valid certificate. Choose
(import certificate from external source)
or (use the
certificate created upon installation of SUSE® Linux Enterprise Server).
-
If you opted for importing a certificate, YaST prompts you
to specify the exact path to its location.
-
If you opted for using the common server certificate and it has
not been created during installation, it is subsequently created.
To configure the databases managed by your LDAP server, proceed as
follows:
-
Select the item in the left part of the
dialog.
-
Click to add the new database.
-
Enter the requested data:
-
Enter the base DN of your LDAP server.
-
Enter the DN of the administrator in charge of the server. If you
check , only provide the
cn of the administrator and the system fills in the
rest automatically.
- LDAP Password
-
Enter the password for the database administrator.
- Encryption
-
Determine the encryption algorithm to use to secure the password of
Root DN. Choose ,
, , or
.
The dialog also includes a option to
enable the use of plain text passwords, but enabling this is not
recommended for security reasons. To confirm your settings and return
to the previous dialog, select .
To edit a previously created database, select its base DN in the tree to the
left. In the right part of the window, YaST displays a dialog similar to
the one used for the creation of a new database—with the main
difference that the base DN entry is grayed out and cannot be changed.
After leaving the LDAP server configuration by selecting
, you are ready to go with a basic working
configuration for your LDAP server. To fine-tune this setup, edit the file
/etc/openldap/slapd.conf accordingly then restart the
server.