it's better to pick a big standard right off, than to outgrow
something smaller and need to migrate.
-Gentoo creates the default database directory for you, so you can ignore warnings about needing to create it yourself.
+Gentoo creates the default database directory for you, so you can
+ignore warnings about needing to create it yourself.
Configure LDAP client access. Again, read the docs for details on
adapting this to your particular situation:
port = 636
ssl = yes
+Debian-based systems
+--------------------
+
+I wanted to mirror my home LDAP info on my public Ubuntu server.
+Here's a quick rundown of the Ubuntu setup. Install OpenLDAP:
+
+ $ sudo apt-get install slapd ldap-utils
+
+Don't serve in the clear:
+
+ $ cat /etc/default/slapd
+ ...
+ SLAPD_SERVICES="ldaps:/// ldapi:///"
+ ...
+
+Avoid `Unrecognized database type (hdb)` by loading the `hdb` backend
+module before declaring `hdb` databases:
+
+ $ sudo cat /etc/ldap/slapd.conf
+ ...
+ moduleload back_hdb
+ database hdb
+ ...
+
+Convert the old school `slapd.conf` to the new [slapd.d][]:
+
+ $ sudo mv slapd.d{,.bak}
+ $ sudo mkdir slapd.d
+ $ sudo slaptest -f slapd.conf -F slapd.d
+ ...
+ hdb_db_open: database "dc=example,dc=com": db_open(/var/lib/slapd/id2entry.bdb) failed: No such file or directory (2).
+ ...
+ slap_startup failed (test would succeed using the -u switch)
+ ...
+ $ sudo chown -R openldap.openldap slapd.d
+
+Don't worry about that `db_open` error, the conversion to `slapd.d`
+will have completed successfully.
+
+Set permissions on the database directory (note that the databases
+should be under `/var/lib/ldap` to match Ubuntu's default apparmor
+config. Otherwise you'll see `invalid path: Permission denied` errors
+when `slapd` tries to initialize the databaes).
+
+ $ sudo chown openldap.openldap /var/lib/ldap/
+ $ sudo chmod 750 /var/lib/ldap/
+
+Configure your clients
+
+ $ cat /etc/ldap/ldap.conf
+ BASE dc=example,dc=com
+ URI ldaps://example.com
+ TLS_CACERT /etc/ldap/ssl/ldapserver.crt
+
+Start `slapd` and add it to your default runlevel:
+
+ $ sudo /etc/init.d/slapd start
+ $ sudo update-rc.d slapd defaults
+
+Finally, import your directory data. Dump the data on your master
+server:
+
+ master$ sudo slapcat -b 'dc=example,dc=com' > database.ldif
+
+Load the data on your slave:
+
+ $ sudo /etc/init.d/slapd stop
+ $ sudo slapadd -l database.ldif
+ $ sudo /etc/init.d/slapd start
+
References
----------
[aab]: http://support.apple.com/kb/ht2486
[SSL/TLS]: http://en.wikipedia.org/wiki/Transport_Layer_Security
[certtool]:http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html#Invoking-certtool
+[slapd.d]: http://www.openldap.org/doc/admin24/slapdconf2.html
[schema]: http://www.oreillynet.com/pub/a/sysadmin/2006/11/09/demystifying-ldap-data.html
[[!tag tags/linux]]