A SERVICE OF

logo

Open as PDF
next previous
42
OSD Operation (continued)
OpenLDAP Server Configuration
The main OpenLDAP configuration file, slapd.conf, has to be
customizedbeforelaunchingtheserver.Themodicationstothe
configuration file will do the following:
• SpecifytheUnicodedatadirectory.Thedefaultis./ucdata.
• ChoosetherequiredLDAPschemas.Thecoreschemais
mandatory.
• CongurethepathfortheOpenLDAPpid and args start up files.
The first contains the server pid, the second includes command line
arguments.
• Choosethedatabasetype.Thedefaultisbdb (Berkeley DB).
• Specifytheserversufx.Allentriesinthedirectorywillhavethis
suffix, which represents the root of the directory tree. For example,
with suffix dc=tripplite,dc=com, the fully qualified name of all
entries in the database will end with dc=tripplite,dc=com.
• Denethenameoftheadministratorentryfortheserver(rootdn),
along with its password (rootpw). This is the server’s super user.
The rootdn name must match the suffix defined above. (Since all
entry names must end with the defined suffix, and the rootdn is an
entry)
An example configuration file is provided in the figure, below:
Starting the OpenLDAP Server
To start the OpenLDAP Server, run slapd (the OpenLDAP Server
executable file) from the command line. slapd supports a number of
command line options, the most important option is the d switch that
triggers debug information. For example, a command of slapd -d 256
would start OpenLDAP with a debug level of 256, as shown in the
following screenshot:
Note: For details about slapd options and their meanings, refer to the
OpenLDAP documentation.
Customizing the OpenLDAP Schema
The schema that slapd uses may be extended to support additional
syntaxes, matching rules, attribute types, and object classes. In the
case of the B064-Series KVM Switch, the B064-Series KVM Switch
User class and the permission attribute are extended to define a new
schema.Theextendedschemaleusedtoauthenticateandauthorize
users logging in to the B064-Series KVM Switch is shown in the
figure, below:
LDAP DIT Design and LDIF File
LDAP Data Structure
An LDAP Directory stores information in a tree structure known
as the Directory Information Tree (DIT). The nodes in the tree are
directory entries, and each entry contains information in attribute-
value form. An example of the LDAP directory tree for the B064-
Series KVM Switch is shown in the figure below:
Advanced Network Management Settings (continued)