Setup of your CS407

  • ssh login to your CS407
  • ipkg -force-depends install openldap (provided you have configured optware for your CS407) — link
  • cd /opt/etc/openldap/ and edit slapd.conf and add the following lines (take a look at the README to define which schema files are appropriate for your environment) – below listed schema files are made available through the installation process:

include         /opt/etc/openldap/schema/core.schema
include         /opt/etc/openldap/schema/cosine.schema
include         /opt/etc/openldap/schema/inetorgperson.schema
include         /opt/etc/openldap/schema/rfc2307bis.schema
include         /opt/etc/openldap/schema/ppolicy.schema

  • then start the ldap daemon with the following command: /opt/libexec/slapd
  • I use “Apache Directory Studio” (an Eclipse based LDAP Browser and Directory client) to manage and administer the openldap (you should find the credentials in slapd.conf).
  • create your base DN (e.g.: dc=private,dc=lan)
  • once a base DN has been created you should find the following lines in slapd.conf:

##################
# BDB database definitions
##################

database        bdb
suffix          “dc=private,dc=lan”
rootdn          “cn=administrator,dc=private,dc=lan”
rootpw          ***
directory       /opt/var/openldap-data
checkpoint 1024 5
cachesize 10000
# Indices to maintain
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres

  • once your base DN definitions are OK, you can continue creating / importing your user / groups definitions (e.g. by creating ldif files)
  • if you need to add your own objectclass or attribute definitions, take a look at a schema extension file I created to provide basic Lotus Notes/Domino LDAP attributes (attibute definitions must be defined first):

objectidentifier DominoOC 2.16.840.1.113678.2.2.2.1.1
objectidentifier DominoAT 2.16.840.1.113678.2.2.2.2.1

##
## Attribute Section
##

attributetype ( DominoAT:1 NAME ( ‘MailServer’ )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( DominoAT:2 NAME ( ‘MailFile’ )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( DominoAT:3 NAME ( ‘HTTP-HostName’ )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( DominoAT:4 NAME ( ‘HTTP-Port’ )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( DominoAT:5 NAME ( ‘notesDN’ )
DESC ‘attribute to uniquely identify a domino user’
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

##
## Objectclass Section
##

objectclass ( DominoOC:1 NAME ( ‘dominoPerson’ ) SUP top AUXILIARY
DESC ‘represents the dominoPerson object class’
MAY ( notesDN $ MailServer $ MailFile ) )

objectclass ( DominoOC:2 NAME ( ‘dominoServer’ ) SUP top STRUCTURAL
DESC ‘represents the dominoServer object class’
MAY ( cn $ displayName $ description $ HTTP-HostName $ HTTP-Port))

  • add the schema extensions using the include command to your slapd.conf
  • the installation also adds a script to automatically start the ldap daemon when rebooting your cs407 (/opt/etc/init.d/S58slapd)
  • if you need to stop the ldap process: killall slapd