Instal dan Siapkan server OpenLDAP di Ubuntu 22.04

oleh

Dalam tutorial ini, Anda akan belajar cara menginstal dan mengatur Server OpenLDAP di Ubuntu 22.04. Perangkat Lunak OpenLDAP  adalah implementasi open source dari Lkelas berat Ddirektori Aakses Protocol (LDAP), yang merupakan protokol client-server ringan untuk mengakses service direktori, khususnya service direktori berbasis X. 500.

Instal dan Siapkan Server OpenLDAP di Ubuntu 22.04

Jalankan Pembaruan Sistem

Sebelum Anda mulai, pastikan cache paket sistem Anda mutakhir.

apt update

Bangun dan Instal Server OpenLDAP di Ubuntu 22.04

Repositori default Ubuntu 22.04 menyediakan OpenLDAP 2.5.6;

apt-cache policy slapd
slapd: Installed: (none) Candidate: 2.5.6+dfsg-1~exp1ubuntu1 Version table: 2.5.6+dfsg-1~exp1ubuntu1 500 500 http://ke.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

Pada tulisan ini, OpenLDAP 2.6.0 adalah rilis stabil saat ini, sesuai dengan halaman rilis.

Untuk memastikan Anda menjalankan OpenLDAP versi terbaru, Anda perlu membangunnya dari sumbernya.

Buat Akun Sistem OpenLDAP

Buat user sistem yang tidak memiliki hak istimewa untuk menjalankan OpenLDAP.

useradd -r -M -d /var/lib/openldap -s /usr/sbin/nologin ldap

Instal Dependensi yang Diperlukan dan Bangun Alat

Ada cukup banyak dependensi dan alat pembangunan yang diperlukan untuk keberhasilan pembangunan dan kompilasi OpenLDAP dari sumber yang dapat diinstal dengan menjalankan perintah di bawah ini;

apt install libsasl2-dev make libtool libperl-dev  build-essential openssl libevent-dev  libargon2-dev sudo wget pkg-config  wiredtiger libsystemd-dev libssl-dev -y

Download Kode Sumber OpenLDAP

Arahkan ke halaman  downloadan OpenLDAP  dan ambil tarball.

VER=2.6.0
wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-$VER.tgz

Ekstrak Kode Sumber OpenLDAP

Tarball dapat diekstraksi dengan menjalankan perintah;

tar xzf openldap-$VER.tgz

Instal dan Siapkan Server OpenLDAP di Ubuntu 22.04

Kompilasi dan instal server OpenLDAP di Ubuntu 22.04 sebagai berikut;

cd openldap-$VER
./configure --prefix=/usr --sysconfdir=/etc --disable-static  --enable-debug --with-tls=openssl --with-cyrus-sasl --enable-dynamic  --enable-crypt --enable-spasswd --enable-slapd --enable-modules  --enable-rlookups --enable-backends=mod --disable-sql  --enable-ppolicy=mod --enable-syslog --enable-overlays=mod --with-systemd --enable-wt=no

Jika perintah berakhir dengan error, perbaiki sebelum Anda dapat melanjutkan. Jika tidak, tanpa error, perintah harus diakhiri dengan output seperti itu;

Configuring OpenLDAP 2.6.0-Release... checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking target system type... x86_64-pc-linux-gnu checking configure arguments... done checking for cc... cc checking for ar... ar checking for strip... strip checking whether make sets $(MAKE)... yes checking how to print strings... printf checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking for a sed that does not truncate output... /usr/bin/sed checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for fgrep... /usr/bin/grep -F checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop checking for /usr/bin/ld option to reload object files... -r checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for dlltool... no checking how to associate runtime and link libraries... printf %sn checking for archiver @FILE support... @ checking for ranlib... ranlib checking for gawk... no checking for mawk... mawk checking command to parse /usr/bin/nm -B output from cc object... ok checking for sysroot... no checking for a working dd... /usr/bin/dd checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1 checking for mt... mt checking if mt is a manifest tool... no checking how to run the C preprocessor... cc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir....libs checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC -DPIC checking if cc PIC flag -fPIC -DPIC works... yes checking if cc static flag -static works... yes checking if cc supports -c -o file.o... yes checking if cc supports -c -o file.o... (cached) yes checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking for shl_load... no checking for shl_load in -ldld... no checking for dlopen... yes checking whether a program can dlopen itself... yes checking whether a statically linked program can dlopen itself... no checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for perl... /usr/bin/perl checking how to run the C preprocessor... cc -E checking whether we are using MS Visual C++... no checking for windres... no checking for be_app in -lbe... no checking whether we are using the GNU C compiler... (cached) yes checking whether cc accepts -g... (cached) yes checking for cc option to accept ISO C89... (cached) none needed checking for cc depend flag... -M checking for afopen in -ls... no checking ltdl.h usability... yes checking ltdl.h presence... yes checking for ltdl.h... yes checking for lt_dlinit in -lltdl... yes checking for EBCDIC... no checking for ANSI C header files... yes checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking for sys/wait.h that is POSIX.1 compatible... yes checking whether termios.h defines TIOCGWINSZ... no checking whether sys/ioctl.h defines TIOCGWINSZ... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking arpa/nameser.h usability... yes checking arpa/nameser.h presence... yes checking for arpa/nameser.h... yes checking assert.h usability... yes checking assert.h presence... yes checking for assert.h... yes checking bits/types.h usability... yes checking bits/types.h presence... yes checking for bits/types.h... yes checking conio.h usability... no checking conio.h presence... no checking for conio.h... no checking crypt.h usability... yes checking crypt.h presence... yes checking for crypt.h... yes checking direct.h usability... no checking direct.h presence... no checking for direct.h... no checki
ng errno.h usability... yes checking errno.h presence... yes checking for errno.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking filio.h usability... no checking filio.h presence... no checking for filio.h... no checking getopt.h usability... yes checking getopt.h presence... yes checking for getopt.h... yes checking grp.h usability... yes checking grp.h presence... yes checking for grp.h... yes checking io.h usability... no checking io.h presence... no checking for io.h... no checking libutil.h usability... no checking libutil.h presence... no checking for libutil.h... no checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking malloc.h usability... yes checking malloc.h presence... yes checking for malloc.h... yes checking for memory.h... (cached) yes checking psap.h usability... no checking psap.h presence... no checking for psap.h... no checking pwd.h usability... yes checking pwd.h presence... yes checking for pwd.h... yes checking process.h usability... no checking process.h presence... no checking for process.h... no checking sgtty.h usability... yes checking sgtty.h presence... yes checking for sgtty.h... yes checking shadow.h usability... yes checking shadow.h presence... yes checking for shadow.h... yes checking stddef.h usability... yes checking stddef.h presence... yes checking for stddef.h... yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sysexits.h usability... yes checking sysexits.h presence... yes checking for sysexits.h... yes checking sys/file.h usability... yes checking sys/file.h presence... yes checking for sys/file.h... yes checking sys/filio.h usability... no checking sys/filio.h presence... no checking for sys/filio.h... no checking sys/fstyp.h usability... no checking sys/fstyp.h presence... no checking for sys/fstyp.h... no checking sys/errno.h usability... yes checking sys/errno.h presence... yes checking for sys/errno.h... yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking sys/privgrp.h usability... no checking sys/privgrp.h presence... no checking for sys/privgrp.h... no checking sys/resource.h usability... yes checking sys/resource.h presence... yes checking for sys/resource.h... yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking for sys/stat.h... (cached) yes checking sys/syslog.h usability... yes checking sys/syslog.h presence... yes checking for sys/syslog.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking for sys/types.h... (cached) yes checking sys/uio.h usability... yes checking sys/uio.h presence... yes checking for sys/uio.h... yes checking sys/vmount.h usability... no checking sys/vmount.h presence... no checking for sys/vmount.h... no checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking termios.h usability... yes checking termios.h presence... yes checking for termios.h... yes checking for unistd.h... (cached) yes checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking for resolv.h... yes checking for netinet/tcp.h... yes checking for sys/ucred.h... no checking for sigaction... yes checking for sigset... yes checking for fmemopen... yes checking for socket... yes checking for select... yes checking for sys/select.h... (cached) yes checking for sys/socket.h... (cached) yes checking types of arguments for select... int,fd_set *,struct timeval * checking for poll... yes checking poll.h usability... yes checking poll.h presence... yes checking for poll.h... yes checking sys/poll.h usability... yes checking sys/poll.h presence... yes checking for sys/poll.h... yes checking sys/epoll.h usability... yes checking sys/epoll.h presence... yes checking for sys/epoll.h... yes checking for epoll system call... yes checking sys/event.h usability... no checking sys/event.h presence... no checking for sys/event.h... no checking sys/devpoll.h usability... no checking sys/devpoll.h presence... no checking for sys/devpoll.h... no checking for strerror... yes checking for strerror_r... yes checking non-posix strerror_r... no checking for regex.h... yes checking for library containing regfree... none required checking for compatible POSIX regex... yes checking sys/uuid.h usability... no checking sys/uuid.h presence... no checking for sys/uuid.h... no checking uuid/uuid.h usability... no checking uuid/uuid.h presence... no checking for uuid/uuid.h... no checking to see if -lrpcrt4 is needed for win32 UUID support... no checking for resolver link (default)... yes checking for hstrerror... yes checking for getaddrinfo... yes checking for getnameinfo... yes checking for gai_strerror... yes checking for inet_ntop... yes checking INET6_ADDRSTRLEN... yes checking struct sockaddr_storage... yes checking sys/un.h usability... yes checking sys/un.h presence... yes checking for sys/un.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for SSL_export_keying_material_early in -lssl... yes checking for _beginthread... no checking pthread.h usability... yes checking pthread.h presence... yes checking for pthread.h... yes checking POSIX thread version... 10 checking for LinuxThreads pthread.h... no checking for GNU Pth pthread.h... no checking sched.h usability... yes checking sched.h presence... yes checking for sched.h... yes checking for pthread_create in default libraries... yes checking for sched_yield... yes checking for pthread_yield... no checking for thr_yield... no checking for pthread_kill... yes checking for pthread_rwlock_destroy with... yes checking for pthread_detach with... yes checking for pthread_setconcurrency... yes checking for pthread_getconcurrency... yes checking for thr_setconcurrency... no checking for thr_getconcurrency... no checking for pthread_kill_other_threads_np... no checking for LinuxThreads implementation... no checking for LinuxThreads consistency... no checking if pthread_create() works... yes checking if select yields when using pthreads... yes checking for thread specific errno... yes checking for thread specific h_errno... yes checking for ctime_r... yes checking for gmtime_r... yes checking for localtime_r... yes checking for gethostbyname_r... yes checking for gethostbyaddr_r... yes checking number of arguments of ctime_r... 2 checking number of arguments of gethostbyname_r... 6 checking number of arguments of gethostbyaddr_r... 8 checking for openlog... yes checking sasl/sasl.h usability... yes checking sasl/sasl.h presence... yes checking for sasl/sasl.h... yes checking sasl.h usability... no checking sasl.h presence... no checking for sasl.h... no checking for sasl_client_init in -lsasl2... yes checking Cyrus SASL library version... yes checking for sasl_version... yes checking systemd/sd-daemon.h usability... yes checking systemd/sd-daemon.h presence... yes checking for systemd/sd-daemon.h... yes checking for sd_notify in -lsystemd... yes checking fetch(3) library... no checking for crypt... no checking for crypt in -lcrypt... yes checking for crypt_r in -lcrypt... yes checking for mode_t... yes checking for off_t... yes checking for pid_t... yes checking for ssize_t... yes checking for caddr_t... yes checking for size_t... yes checking for long long... yes checking for ptrdiff_t... yes checking for socklen_t... yes checking the type of arg 3 to accept()... socklen_t * checking for sig_atomic_t... yes checking for uid_t in sys/types.h... yes checking for sys/time.h... (cached) yes checking whether struct tm is in sys/time.h or time.h.
.. time.h checking for struct stat.st_blksize... yes checking for struct passwd.pw_gecos... yes checking for struct passwd.pw_passwd... yes checking if toupper() requires islower()... no checking for an ANSI C-conforming const... yes checking if compiler understands volatile... yes checking whether byte ordering is bigendian... no checking size of short... 2 checking size of int... 4 checking size of long... 8 checking size of long long... 8 checking size of wchar_t... 4 checking for working memcmp... yes checking for strftime... yes checking for inet_aton()... yes checking for _spawnlp... no checking for _snprintf... no checking for vsnprintf... yes checking for _vsnprintf... no checking for vprintf... yes checking for _doprnt... no checking for snprintf... yes checking for vsnprintf... (cached) yes checking for bcopy... yes checking for clock_gettime... yes checking for closesocket... no checking for chroot... yes checking for endgrent... yes checking for endpwent... yes checking for fcntl... yes checking for flock... yes checking for fstat... yes checking for getdtablesize... yes checking for geteuid... yes checking for getgrgid... yes checking for gethostname... yes checking for getpassphrase... no checking for getpwuid... yes checking for getpwnam... yes checking for getspnam... yes checking for gettimeofday... yes checking for initgroups... yes checking for inet_ntoa_b... no checking for ioctl... yes checking for lockf... yes checking for memcpy... yes checking for memmove... yes checking for memrchr... yes checking for mkstemp... yes checking for mktemp... yes checking for pipe... yes checking for read... yes checking for recv... yes checking for recvfrom... yes checking for setpwfile... no checking for setgid... yes checking for setegid... yes checking for setsid... yes checking for setuid... yes checking for seteuid... yes checking for signal... yes checking for strdup... yes checking for strpbrk... yes checking for strrchr... yes checking for strsep... yes checking for strstr... yes checking for strtol... yes checking for strtoul... yes checking for strtoq... yes checking for strtouq... yes checking for strtoll... yes checking for strtoull... yes checking for strspn... yes checking for sysconf... yes checking for waitpid... yes checking for wait4... yes checking for write... yes checking for send... yes checking for sendmsg... yes checking for sendto... yes checking for getopt... yes checking for getpeereid... no checking for getpeerucred... no checking for struct msghdr.msg_accrightslen... no checking for struct msghdr.msg_control... yes checking for struct stat.st_fstype... no checking for struct stat.st_vfstype... no configure: creating./config.status config.status: creating Makefile config.status: creating doc/Makefile config.status: creating doc/man/Makefile config.status: creating doc/man/man1/Makefile config.status: creating doc/man/man3/Makefile config.status: creating doc/man/man5/Makefile config.status: creating doc/man/man8/Makefile config.status: creating clients/Makefile config.status: creating clients/tools/Makefile config.status: creating include/Makefile config.status: creating libraries/Makefile config.status: creating libraries/liblber/Makefile config.status: creating libraries/liblber/lber.pc config.status: creating libraries/libldap/Makefile config.status: creating libraries/libldap/ldap.pc config.status: creating libraries/liblunicode/Makefile config.status: creating libraries/liblutil/Makefile config.status: creating libraries/librewrite/Makefile config.status: creating servers/Makefile config.status: creating servers/slapd/Makefile config.status: creating servers/slapd/back-dnssrv/Makefile config.status: creating servers/slapd/back-ldap/Makefile config.status: creating servers/slapd/back-ldif/Makefile config.status: creating servers/slapd/back-mdb/Makefile config.status: creating servers/slapd/back-meta/Makefile config.status: creating servers/slapd/back-asyncmeta/Makefile config.status: creating servers/slapd/back-monitor/Makefile config.status: creating servers/slapd/back-null/Makefile config.status: creating servers/slapd/back-passwd/Makefile config.status: creating servers/slapd/back-perl/Makefile config.status: creating servers/slapd/back-relay/Makefile config.status: creating servers/slapd/back-sock/Makefile config.status: creating servers/slapd/back-sql/Makefile config.status: creating servers/slapd/back-wt/Makefile config.status: creating servers/slapd/slapi/Makefile config.status: creating servers/slapd/overlays/Makefile config.status: creating servers/slapd/pwmods/Makefile config.status: creating servers/lloadd/Makefile config.status: creating servers/lloadd/Makefile.server config.status: creating servers/lloadd/Makefile.module config.status: creating tests/Makefile config.status: creating tests/run config.status: creating tests/progs/Makefile config.status: creating include/portable.h config.status: creating include/ldap_features.h config.status: creating include/lber_types.h config.status: executing libtool commands config.status: executing default commands Making servers/slapd/backends.c Add config... Add ldif... Add monitor... Making servers/slapd/overlays/statover.c Please run "make depend" to build dependencies

Selanjutnya, jalankan  make depend perintah untuk membangun dependensi OpenLDAP.

make depend

Kompilasi OpenLDAP di Ubuntu 22.04.

make
make install

Contoh keluaran instalasi;

---------------------------------------------------------------------- Libraries have been installed in: /usr/libexec/openldap If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the '-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the 'LD_RUN_PATH' environment variable during linking - use the '-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to '/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- make[3]: Leaving directory '/root/openldap-2.6.0/servers/slapd/overlays' cd pwmods && make -w install make[3]: Entering directory '/root/openldap-2.6.0/servers/slapd/pwmods' make[3]: Leaving directory '/root/openldap-2.6.0/servers/slapd/pwmods'../../build/shtool mkdir -p /usr/sbin for i in slapadd slapcat slapdn slapindex slapmodify slappasswd slaptest slapauth slapacl slapschema; do  	rm -f /usr/sbin/$i;  	../../build/shtool mkln -s -f /usr/libexec/slapd /usr/sbin/$i;  done../../build/shtool install -c -m 600 slapd.conf.tmp /etc/openldap/slapd.conf.default if test ! -f /etc/openldap/slapd.conf; then  	echo "installing slapd.conf in /etc/openldap";  	echo "../../build/shtool install -c -m 600 slapd.conf.tmp /etc/openldap/slapd.conf";  	../../build/shtool install -c -m 600 slapd.conf.tmp /etc/openldap/slapd.conf;  else  	echo "PRESERVING EXISTING CONFIGURATION FILE /etc/openldap/slapd.conf" ;  fi installing slapd.conf in /etc/openldap../../build/shtool install -c -m 600 slapd.conf.tmp /etc/openldap/slapd.conf../../build/shtool install -c -m 600 slapd.ldif.tmp /etc/openldap/slapd.ldif.default if test ! -f /etc/openldap/slapd.ldif; then  	echo "installing slapd.ldif in /etc/openldap";  	echo "../../build/shtool install -c -m 600 slapd.ldif.tmp /etc/openldap/slapd.ldif";  	../../build/shtool install -c -m 600 slapd.ldif.tmp /etc/openldap/slapd.ldif;  else  	echo "PRESERVING EXISTING CONFIGURATION FILE /etc/openldap/slapd.ldif" ;  fi installing slapd.ldif in /etc/openldap../../build/shtool install -c -m 600 slapd.ldif.tmp /etc/openldap/slapd.ldif if test -n "/usr/lib/systemd/system" && test ! -f /usr/lib/systemd/system/slapd.service; then  	../../build/shtool mkdir -p /usr/lib/systemd/system;  	echo "installing slapd.service in
/usr/lib/systemd/system";  	echo "../../build/shtool install -c -m 644 slapd.service.tmp /usr/lib/systemd/system/slapd.service";  	../../build/shtool install -c -m 644 slapd.service.tmp /usr/lib/systemd/system/slapd.service;  fi installing slapd.service in /usr/lib/systemd/system../../build/shtool install -c -m 644 slapd.service.tmp /usr/lib/systemd/system/slapd.service../../build/shtool mkdir -p /etc/openldap/schema../../build/shtool install -c -m 444 schema/README /etc/openldap/schema/README../../build/shtool install -c -m 444 schema/collective.ldif /etc/openldap/schema/collective.ldif../../build/shtool install -c -m 444 schema/corba.ldif /etc/openldap/schema/corba.ldif../../build/shtool install -c -m 444 schema/core.ldif /etc/openldap/schema/core.ldif../../build/shtool install -c -m 444 schema/cosine.ldif /etc/openldap/schema/cosine.ldif../../build/shtool install -c -m 444 schema/dsee.ldif /etc/openldap/schema/dsee.ldif../../build/shtool install -c -m 444 schema/duaconf.ldif /etc/openldap/schema/duaconf.ldif../../build/shtool install -c -m 444 schema/dyngroup.ldif /etc/openldap/schema/dyngroup.ldif../../build/shtool install -c -m 444 schema/inetorgperson.ldif /etc/openldap/schema/inetorgperson.ldif../../build/shtool install -c -m 444 schema/java.ldif /etc/openldap/schema/java.ldif../../build/shtool install -c -m 444 schema/misc.ldif /etc/openldap/schema/misc.ldif../../build/shtool install -c -m 444 schema/msuser.ldif /etc/openldap/schema/msuser.ldif../../build/shtool install -c -m 444 schema/namedobject.ldif /etc/openldap/schema/namedobject.ldif../../build/shtool install -c -m 444 schema/nis.ldif /etc/openldap/schema/nis.ldif../../build/shtool install -c -m 444 schema/openldap.ldif /etc/openldap/schema/openldap.ldif../../build/shtool install -c -m 444 schema/pmi.ldif /etc/openldap/schema/pmi.ldif../../build/shtool install -c -m 444 schema/collective.schema /etc/openldap/schema/collective.schema../../build/shtool install -c -m 444 schema/corba.schema /etc/openldap/schema/corba.schema../../build/shtool install -c -m 444 schema/core.schema /etc/openldap/schema/core.schema../../build/shtool install -c -m 444 schema/cosine.schema /etc/openldap/schema/cosine.schema../../build/shtool install -c -m 444 schema/dsee.schema /etc/openldap/schema/dsee.schema../../build/shtool install -c -m 444 schema/duaconf.schema /etc/openldap/schema/duaconf.schema../../build/shtool install -c -m 444 schema/dyngroup.schema /etc/openldap/schema/dyngroup.schema../../build/shtool install -c -m 444 schema/inetorgperson.schema /etc/openldap/schema/inetorgperson.schema../../build/shtool install -c -m 444 schema/java.schema /etc/openldap/schema/java.schema../../build/shtool install -c -m 444 schema/misc.schema /etc/openldap/schema/misc.schema../../build/shtool install -c -m 444 schema/msuser.schema /etc/openldap/schema/msuser.schema../../build/shtool install -c -m 444 schema/namedobject.schema /etc/openldap/schema/namedobject.schema../../build/shtool install -c -m 444 schema/nis.schema /etc/openldap/schema/nis.schema../../build/shtool install -c -m 444 schema/openldap.schema /etc/openldap/schema/openldap.schema../../build/shtool install -c -m 444 schema/pmi.schema /etc/openldap/schema/pmi.schema make[2]: Leaving directory '/root/openldap-2.6.0/servers/slapd' Entering subdirectory lloadd make[2]: Entering directory '/root/openldap-2.6.0/servers/lloadd' make[2]: Nothing to be done for 'install'. make[2]: Leaving directory '/root/openldap-2.6.0/servers/lloadd' make[1]: Leaving directory '/root/openldap-2.6.0/servers' Entering subdirectory tests make[1]: Entering directory '/root/openldap-2.6.0/tests' Making install in /root/openldap-2.6.0/tests Entering subdirectory progs make[2]: Entering directory '/root/openldap-2.6.0/tests/progs' make[2]: Nothing to be done for 'install'. make[2]: Leaving directory '/root/openldap-2.6.0/tests/progs' make[1]: Leaving directory '/root/openldap-2.6.0/tests' Entering subdirectory doc make[1]: Entering directory '/root/openldap-2.6.0/doc' Making install in /root/openldap-2.6.0/doc Entering subdirectory man make[2]: Entering directory '/root/openldap-2.6.0/doc/man' Making install in /root/openldap-2.6.0/doc/man Entering subdirectory man1 make[3]: Entering directory '/root/openldap-2.6.0/doc/man/man1'../../../build/shtool mkdir -p /usr/share/man/man1 PAGES=`cd.; echo *.1`;  for page in $PAGES; do  	echo "installing $page in /usr/share/man/man1";  	rm -f /usr/share/man/man1/$page;  	../../../build/shtool install -c -m 644 $page.tmp /usr/share/man/man1/$page;  	if test -f "./$page.links" ; then  		for link in `cat./$page.links`; do  			echo "installing $link in /usr/share/man/man1 as link to $page";  			rm -f /usr/share/man/man1/$link ;  			../../../build/shtool mkln -s /usr/share/man/man1/$page /usr/share/man/man1/$link;  		done;  	fi;  done installing ldapcompare.1 in /usr/share/man/man1 installing ldapdelete.1 in /usr/share/man/man1 installing ldapexop.1 in /usr/share/man/man1 installing ldapmodify.1 in /usr/share/man/man1 installing ldapadd.1 in /usr/share/man/man1 as link to ldapmodify.1 installing ldapmodrdn.1 in /usr/share/man/man1 installing ldappasswd.1 in /usr/share/man/man1 installing ldapsearch.1 in /usr/share/man/man1 installing ldapurl.1 in /usr/share/man/man1 installing ldapvc.1 in /usr/share/man/man1 installing ldapwhoami.1 in /usr/share/man/man1 make[3]: Leaving directory '/root/openldap-2.6.0/doc/man/man1' Entering subdirectory man3 make[3]: Entering directory '/root/openldap-2.6.0/doc/man/man3'../../../build/shtool mkdir -p /usr/share/man/man3 PAGES=`cd.; echo *.3`;  for page in $PAGES; do  	echo "installing $page in /usr/share/man/man3";  	rm -f /usr/share/man/man3/$page;  	../../../build/shtool install -c -m 644 $page.tmp /usr/share/man/man3/$page;  	if test -f "./$page.links" ; then  		for link in `cat./$page.links`; do  			echo "installing $link in /usr/share/man/man3 as link to $page";  			rm -f /usr/share/man/man3/$link ;  			../../../build/shtool mkln -s /usr/share/man/man3/$page /usr/share/man/man3/$link;  		done;  	fi;  done installing lber-decode.3 in /usr/share/man/man3 installing ber_get_next.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_skip_tag.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_peek_tag.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_scanf.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_int.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_stringa.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_stringb.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_null.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_enum.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_boolean.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_get_bitstring.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_first_element.3 in /usr/share/man/man3 as link to lber-decode.3 installing ber_next_element.3 in /usr/share/man/man3 as link to lber-decode.3 installing lber-encode.3 in /usr/share/man/man3 installing ber_alloc_t.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_flush.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_printf.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_int.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_ostring.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_string.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_null.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_enum.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_start_set.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_seq.3 in /usr/share/man/man3 as link to lber-encode.3 installing ber_put_set.3 in /usr/share/man/man3 as link to lber-encode.3 installing lber-memory.3 in /usr/share/man/man3 installing lber-sockbuf.3 in /usr/share/man/man3 installing lber-types.3 in /usr/share/man/man3 installing ber_bvarray_add.3 in /usr/share/man/man3 as link
 to lber-types.3 installing ber_bvarray_free.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_bvdup.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_bvecadd.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_bvecfree.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_bvfree.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_bvstr.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_bvstrdup.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_dupbv.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_free.3 in /usr/share/man/man3 as link to lber-types.3 installing ber_str2bv.3 in /usr/share/man/man3 as link to lber-types.3 installing ldap.3 in /usr/share/man/man3 installing ldap_abandon.3 in /usr/share/man/man3 installing ldap_abandon_ext.3 in /usr/share/man/man3 as link to ldap_abandon.3 installing ldap_add.3 in /usr/share/man/man3 installing ldap_add_s.3 in /usr/share/man/man3 as link to ldap_add.3 installing ldap_add_ext.3 in /usr/share/man/man3 as link to ldap_add.3 installing ldap_add_ext_s.3 in /usr/share/man/man3 as link to ldap_add.3 installing ldap_bind.3 in /usr/share/man/man3 installing ldap_bind_s.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_simple_bind.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_simple_bind_s.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_sasl_bind.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_sasl_bind_s.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_unbind.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_unbind_ext.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_unbind_s.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_unbind_ext_s.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_set_rebind_proc.3 in /usr/share/man/man3 as link to ldap_bind.3 installing ldap_compare.3 in /usr/share/man/man3 installing ldap_compare_s.3 in /usr/share/man/man3 as link to ldap_compare.3 installing ldap_compare_ext.3 in /usr/share/man/man3 as link to ldap_compare.3 installing ldap_compare_ext_s.3 in /usr/share/man/man3 as link to ldap_compare.3 installing ldap_controls.3 in /usr/share/man/man3 installing ldap_control_create.3 in /usr/share/man/man3 as link to ldap_controls.3 installing ldap_control_find.3 in /usr/share/man/man3 as link to ldap_controls.3 installing ldap_control_dup.3 in /usr/share/man/man3 as link to ldap_controls.3 installing ldap_controls_dup.3 in /usr/share/man/man3 as link to ldap_controls.3 installing ldap_control_free.3 in /usr/share/man/man3 as link to ldap_controls.3 installing ldap_controls_free.3 in /usr/share/man/man3 as link to ldap_controls.3 installing ldap_delete.3 in /usr/share/man/man3 installing ldap_delete_s.3 in /usr/share/man/man3 as link to ldap_delete.3 installing ldap_delete_ext.3 in /usr/share/man/man3 as link to ldap_delete.3 installing ldap_delete_ext_s.3 in /usr/share/man/man3 as link to ldap_delete.3 installing ldap_dup.3 in /usr/share/man/man3 installing ldap_destroy.3 in /usr/share/man/man3 as link to ldap_dup.3 installing ldap_error.3 in /usr/share/man/man3 installing ldap_perror.3 in /usr/share/man/man3 as link to ldap_error.3 installing ld_errno.3 in /usr/share/man/man3 as link to ldap_error.3 installing ldap_result2error.3 in /usr/share/man/man3 as link to ldap_error.3 installing ldap_errlist.3 in /usr/share/man/man3 as link to ldap_error.3 installing ldap_err2string.3 in /usr/share/man/man3 as link to ldap_error.3 installing ldap_extended_operation.3 in /usr/share/man/man3 installing ldap_extended_operation_s.3 in /usr/share/man/man3 as link to ldap_extended_operation.3 installing ldap_first_attribute.3 in /usr/share/man/man3 installing ldap_next_attribute.3 in /usr/share/man/man3 as link to ldap_first_attribute.3 installing ldap_get_attribute_ber.3 in /usr/share/man/man3 as link to ldap_first_attribute.3 installing ldap_first_entry.3 in /usr/share/man/man3 installing ldap_next_entry.3 in /usr/share/man/man3 as link to ldap_first_entry.3 installing ldap_count_entries.3 in /usr/share/man/man3 as link to ldap_first_entry.3 installing ldap_first_message.3 in /usr/share/man/man3 installing ldap_next_message.3 in /usr/share/man/man3 as link to ldap_first_message.3 installing ldap_count_messages.3 in /usr/share/man/man3 as link to ldap_first_message.3 installing ldap_first_reference.3 in /usr/share/man/man3 installing ldap_next_reference.3 in /usr/share/man/man3 as link to ldap_first_reference.3 installing ldap_count_references.3 in /usr/share/man/man3 as link to ldap_first_reference.3 installing ldap_get_dn.3 in /usr/share/man/man3 installing ldap_explode_dn.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_explode_rdn.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_dn2ufn.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_str2dn.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_dnfree.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_dn2str.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_dn2dcedn.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_dcedn2dn.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_dn2ad_canonical.3 in /usr/share/man/man3 as link to ldap_get_dn.3 installing ldap_get_option.3 in /usr/share/man/man3 installing ldap_set_option.3 in /usr/share/man/man3 as link to ldap_get_option.3 installing ldap_get_values.3 in /usr/share/man/man3 installing ldap_get_values_len.3 in /usr/share/man/man3 as link to ldap_get_values.3 installing ldap_value_free.3 in /usr/share/man/man3 as link to ldap_get_values.3 installing ldap_value_free_len.3 in /usr/share/man/man3 as link to ldap_get_values.3 installing ldap_count_values.3 in /usr/share/man/man3 as link to ldap_get_values.3 installing ldap_count_values_len.3 in /usr/share/man/man3 as link to ldap_get_values.3 installing ldap_memory.3 in /usr/share/man/man3 installing ldap_memfree.3 in /usr/share/man/man3 as link to ldap_memory.3 installing ldap_memvfree.3 in /usr/share/man/man3 as link to ldap_memory.3 installing ldap_memalloc.3 in /usr/share/man/man3 as link to ldap_memory.3 installing ldap_memcalloc.3 in /usr/share/man/man3 as link to ldap_memory.3 installing ldap_memrealloc.3 in /usr/share/man/man3 as link to ldap_memory.3 installing ldap_strdup.3 in /usr/share/man/man3 as link to ldap_memory.3 installing ldap_modify.3 in /usr/share/man/man3 installing ldap_modify_s.3 in /usr/share/man/man3 as link to ldap_modify.3 installing ldap_modify_ext.3 in /usr/share/man/man3 as link to ldap_modify.3 installing ldap_modify_ext_s.3 in /usr/share/man/man3 as link to ldap_modify.3 installing ldap_mods_free.3 in /usr/share/man/man3 as link to ldap_modify.3 installing ldap_modrdn.3 in /usr/share/man/man3 installing ldap_modrdn_s.3 in /usr/share/man/man3 as link to ldap_modrdn.3 installing ldap_modrdn2.3 in /usr/share/man/man3 as link to ldap_modrdn.3 installing ldap_modrdn2_s.3 in /usr/share/man/man3 as link to ldap_modrdn.3 installing ldap_open.3 in /usr/share/man/man3 installing ldap_init.3 in /usr/share/man/man3 as link to ldap_open.3 installing ldap_initialize.3 in /usr/share/man/man3 as link to ldap_open.3 installing ldap_set_urllist_proc.3 in /usr/share/man/man3 as link to ldap_open.3 installing ldap_init_fd.3 in /usr/share/man/man3 as link to ldap_open.3 installing ldap_parse_reference.3 in /usr/share/man/man3 installing ldap_parse_result.3 in /usr/share/man/man3 installing ldap_parse_sasl_bind_result.3 in /usr/share/man/man3 as link to ldap_parse_result.3 installing ldap_parse_extended_result.3 in /usr/share/man/man3 as link to ldap_parse_result.3 installing ldap_parse_intermediate.3 in /usr/share/man/man3 as link to ldap_parse_result.3 installing ldap_parse_sort_control.3 in /usr/share/man/man3 installing ldap_parse_vlv_control.3 in /usr/share/man/man3 installing ldap_rename.3 in /usr/share/man/man3 installing ldap_rename_s.3 in /usr/share/man/man3 as link to ldap_rename.3 installing ldap_result.3 in /usr/share/man/man3 installing ldap_msgfree.3 in /
usr/share/man/man3 as link to ldap_result.3 installing ldap_msgtype.3 in /usr/share/man/man3 as link to ldap_result.3 installing ldap_msgid.3 in /usr/share/man/man3 as link to ldap_result.3 installing ldap_schema.3 in /usr/share/man/man3 installing ldap_str2syntax.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_syntax2str.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_syntax2name.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_syntax_free.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_str2matchingrule.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_matchingrule2str.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_matchingrule2name.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_matchingrule_free.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_str2attributetype.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_attributetype2str.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_attributetype2name.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_attributetype_free.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_str2objectclass.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_objectclass2str.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_objectclass2name.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_objectclass_free.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_scherr2str.3 in /usr/share/man/man3 as link to ldap_schema.3 installing ldap_search.3 in /usr/share/man/man3 installing ldap_search_s.3 in /usr/share/man/man3 as link to ldap_search.3 installing ldap_search_st.3 in /usr/share/man/man3 as link to ldap_search.3 installing ldap_search_ext.3 in /usr/share/man/man3 as link to ldap_search.3 installing ldap_search_ext_s.3 in /usr/share/man/man3 as link to ldap_search.3 installing ldap_sort.3 in /usr/share/man/man3 installing ldap_sort_entries.3 in /usr/share/man/man3 as link to ldap_sort.3 installing ldap_sort_values.3 in /usr/share/man/man3 as link to ldap_sort.3 installing ldap_sort_strcasecmp.3 in /usr/share/man/man3 as link to ldap_sort.3 installing ldap_sync.3 in /usr/share/man/man3 installing ldap_tls.3 in /usr/share/man/man3 installing ldap_start_tls.3 in /usr/share/man/man3 as link to ldap_tls.3 installing ldap_start_tls_s.3 in /usr/share/man/man3 as link to ldap_tls.3 installing ldap_tls_inplace.3 in /usr/share/man/man3 as link to ldap_tls.3 installing ldap_install_tls.3 in /usr/share/man/man3 as link to ldap_tls.3 installing ldap_url.3 in /usr/share/man/man3 installing ldap_is_ldap_url.3 in /usr/share/man/man3 as link to ldap_url.3 installing ldap_url_parse.3 in /usr/share/man/man3 as link to ldap_url.3 installing ldap_free_urldesc.3 in /usr/share/man/man3 as link to ldap_url.3 make[3]: Leaving directory '/root/openldap-2.6.0/doc/man/man3' Entering subdirectory man5 make[3]: Entering directory '/root/openldap-2.6.0/doc/man/man5'../../../build/shtool mkdir -p /usr/share/man/man5 PAGES=`cd.; echo *.5`;  for page in $PAGES; do  	echo "installing $page in /usr/share/man/man5";  	rm -f /usr/share/man/man5/$page;  	../../../build/shtool install -c -m 644 $page.tmp /usr/share/man/man5/$page;  	if test -f "./$page.links" ; then  		for link in `cat./$page.links`; do  			echo "installing $link in /usr/share/man/man5 as link to $page";  			rm -f /usr/share/man/man5/$link ;  			../../../build/shtool mkln -s /usr/share/man/man5/$page /usr/share/man/man5/$link;  		done;  	fi;  done installing ldap.conf.5 in /usr/share/man/man5 installing ldif.5 in /usr/share/man/man5 installing lloadd.conf.5 in /usr/share/man/man5 installing slapd-asyncmeta.5 in /usr/share/man/man5 installing slapd-config.5 in /usr/share/man/man5 installing slapd-dnssrv.5 in /usr/share/man/man5 installing slapd-ldap.5 in /usr/share/man/man5 installing slapd-ldif.5 in /usr/share/man/man5 installing slapd-mdb.5 in /usr/share/man/man5 installing slapd-meta.5 in /usr/share/man/man5 installing slapd-monitor.5 in /usr/share/man/man5 installing slapd-null.5 in /usr/share/man/man5 installing slapd-passwd.5 in /usr/share/man/man5 installing slapd-perl.5 in /usr/share/man/man5 installing slapd-relay.5 in /usr/share/man/man5 installing slapd-sock.5 in /usr/share/man/man5 installing slapo-sock.5 in /usr/share/man/man5 as link to slapd-sock.5 installing slapd-sql.5 in /usr/share/man/man5 installing slapd-wt.5 in /usr/share/man/man5 installing slapd.access.5 in /usr/share/man/man5 installing slapd.backends.5 in /usr/share/man/man5 installing slapd.conf.5 in /usr/share/man/man5 installing slapd.overlays.5 in /usr/share/man/man5 installing slapd.plugin.5 in /usr/share/man/man5 installing slapo-accesslog.5 in /usr/share/man/man5 installing slapo-auditlog.5 in /usr/share/man/man5 installing slapo-autoca.5 in /usr/share/man/man5 installing slapo-chain.5 in /usr/share/man/man5 installing slapo-collect.5 in /usr/share/man/man5 installing slapo-constraint.5 in /usr/share/man/man5 installing slapo-dds.5 in /usr/share/man/man5 installing slapo-deref.5 in /usr/share/man/man5 installing slapo-dyngroup.5 in /usr/share/man/man5 installing slapo-dynlist.5 in /usr/share/man/man5 installing slapo-homedir.5 in /usr/share/man/man5 installing slapo-memberof.5 in /usr/share/man/man5 installing slapo-otp.5 in /usr/share/man/man5 installing slapo-pbind.5 in /usr/share/man/man5 installing slapo-pcache.5 in /usr/share/man/man5 installing slapo-ppolicy.5 in /usr/share/man/man5 installing slapo-refint.5 in /usr/share/man/man5 installing slapo-remoteauth.5 in /usr/share/man/man5 installing slapo-retcode.5 in /usr/share/man/man5 installing slapo-rwm.5 in /usr/share/man/man5 installing slapo-sssvlv.5 in /usr/share/man/man5 installing slapo-syncprov.5 in /usr/share/man/man5 installing slapo-translucent.5 in /usr/share/man/man5 installing slapo-unique.5 in /usr/share/man/man5 installing slapo-valsort.5 in /usr/share/man/man5 installing slappw-argon2.5 in /usr/share/man/man5 make[3]: Leaving directory '/root/openldap-2.6.0/doc/man/man5' Entering subdirectory man8 make[3]: Entering directory '/root/openldap-2.6.0/doc/man/man8'../../../build/shtool mkdir -p /usr/share/man/man8 PAGES=`cd.; echo *.8`;  for page in $PAGES; do  	echo "installing $page in /usr/share/man/man8";  	rm -f /usr/share/man/man8/$page;  	../../../build/shtool install -c -m 644 $page.tmp /usr/share/man/man8/$page;  	if test -f "./$page.links" ; then  		for link in `cat./$page.links`; do  			echo "installing $link in /usr/share/man/man8 as link to $page";  			rm -f /usr/share/man/man8/$link ;  			../../../build/shtool mkln -s /usr/share/man/man8/$page /usr/share/man/man8/$link;  		done;  	fi;  done installing lloadd.8 in /usr/share/man/man8 installing slapacl.8 in /usr/share/man/man8 installing slapadd.8 in /usr/share/man/man8 installing slapauth.8 in /usr/share/man/man8 installing slapcat.8 in /usr/share/man/man8 installing slapd.8 in /usr/share/man/man8 installing slapdn.8 in /usr/share/man/man8 installing slapindex.8 in /usr/share/man/man8 installing slapmodify.8 in /usr/share/man/man8 installing slappasswd.8 in /usr/share/man/man8 installing slapschema.8 in /usr/share/man/man8 installing slaptest.8 in /usr/share/man/man8 make[3]: Leaving directory '/root/openldap-2.6.0/doc/man/man8' make[2]: Leaving directory '/root/openldap-2.6.0/doc/man' make[1]: Leaving directory '/root/openldap-2.6.0/doc'

Mengonfigurasi OpenLDAP di Ubuntu 22.04

Buat Direktori Data dan Database

Buat data OpenLDAP dan direktori database

mkdir /var/lib/openldap /etc/openldap/slapd.d

Tetapkan kepemilikan dan izin yang tepat pada direktori OpenLDAP dan file konfigurasi.

chown -R ldap:ldap /var/lib/openldap
chown root:ldap /etc/openldap/slapd.conf
chmod 640 /etc/openldap/slapd.conf

Perbarui Layanan OpenLDAP

Kami akan memperbarui file service OpenLDAP yang dibuat;

mv /lib/systemd/system/slapd.service{,.old}
cat > /etc/systemd/system/slapd.service << 'EOL' [Unit] Description=OpenLDAP Server Daemon After=syslog.target network-online.target Documentation=man:slapd Documentation=man:slapd-mdb [Service] Type=forking PIDFile=/var/lib/openldap/slapd.pid Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" Environment="SLAPD_OPTIONS=-F /etc/openldap/slapd.d" ExecStart=/usr/libexec/slapd -u ldap -g ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS [Install] WantedBy=multi-user.target EOL 


Buat Skema OpenLDAP SUDO


Untuk mengonfigurasi LDAP dengan support  sudo, pertama, instal paket Sudo-ldap.


SUDO_FORCE_REMOVE=yes apt install sudo-ldap -y


Anda kemudian dapat memverifikasi Sudo OpenLDAP.


sudo -V | grep -i "ldap"


Jika sudo mendukung LDAP, Anda akan melihat baris di bawah ini;


Configure options: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --libexecdir=${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking -v --with-all-insults --with-pam --with-ldap --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-exampledir=/usr/share/doc/sudo-ldap/examples --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --disable-setresuid --with-sendmail=/usr/sbin/sendmail --with-rundir=/run/sudo --with-ldap-conf-file=/etc/sudo-ldap.conf --libexecdir=/usr/lib --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --enable-zlib=system --with-selinux --with-linux-audit --enable-tmpfiles.d=yes MVPROG=/bin/mv ldap.conf path: /etc/sudo-ldap.conf ldap.secret path: /etc/ldap.secret 


Periksa apakah skema sudo LDAP tersedia.


find /usr/share/doc/ -iname schema.openldap


/usr/share/doc/sudo-ldap/schema.OpenLDAP


Copy  schema.OpenLDAP ke direktori skema.


cp /usr/share/doc/sudo-ldap/schema.OpenLDAP /etc/openldap/schema/sudo.schema


Selanjutnya, Anda perlu membuat file ldif skema sudo.


Jalankan perintah di bawah ini untuk membuat  sudo.ldif file. File ldif ini diperoleh dari  repositori Lullabot github.


cat << 'EOL' > /etc/openldap/schema/sudo.ldif dn: cn=sudo,cn=schema,cn=config objectClass: olcSchemaConfig cn: sudo olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) ) EOL 


Perbarui Basis Data SLAPD


Edit file SLAPD LDIF,  /etc/openldap/slapd.ldif, dan perbarui sebagai berikut;


mv /etc/openldap/slapd.ldif{,.bak}


cat > /etc/openldap/slapd.ldif << 'EOL' dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/lib/openldap/slapd.args olcPidFile: /var/lib/openldap/slapd.pid dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/libexec/openldap olcModuleload: back_mdb.la include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/sudo.ldif #include: file:///etc/openldap/schema/ppolicy.ldif dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcAccess: to dn.base="cn=Subschema" by * read olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none EOL 


    

  • Untuk memperbarui database SLAPD dari informasi yang diberikan pada file SLAPD LDIF di atas, gunakan  slapadd perintah dengan opsi  -n 0 yang membuat database pertama.
    • 

  • Untuk menentukan direktori konfigurasi, /etc/openldap/slapd.d, gunakan opsi -F dan pilihan -l untuk menentukan lokasi file LDIF di atas.
    • 



Sebelum Anda dapat menulis perubahan ke database, lakukan uji coba kering untuk melihat apa yang akan terjadi. Lulus -u pilihan untuk perintah slapadd.


slapadd -n 0 -F /etc/openldap/slapd.d -l /etc/openldap/slapd.ldif -u


Jika perintah tidak menampilkan error apa pun, maka semuanya baik-baik saja.


Kemudian terapkan perubahan jika semuanya baik-baik saja.


slapadd -n 0 -F /etc/openldap/slapd.d -l /etc/openldap/slapd.ldif


Perintah ini membuat konfigurasi database slapd di bawah  /etc/openldap/slapd.d direktori.


ls /etc/openldap/slapd.d


'cn=config' 'cn=config.ldif'


Setel kepemilikan user dan grup  /etc/openldap/slapd.d direktori dan file di dalamnya ke ldap user.


chown -R ldap:ldap /etc/openldap/slapd.d


Menjalankan Layanan OpenLDAP


Reload konfigurasi systemd dan mulai service OpenLDAP.


systemctl daemon-reload


systemctl enable --now slapd


Periksa statusnya;


systemctl status slapd


● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/etc/systemd/system/slapd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-01-05 20:57:14 EAT; 1s ago Docs: man:slapd man:slapd-mdb Process: 77537 ExecStart=/usr/libexec/slapd -u ldap -g ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 77538 (slapd) Tasks: 2 (limit: 3519) Memory: 3.0M CPU: 28ms CGroup: /system.slice/slapd.service └─77538 /usr/libexec/slapd -u ldap -g ldap -h "ldap:/// ldapi:/// ldaps:///" -F /etc/openldap/slapd.d Jan 05 20:57:14 kifarunix-demo.com systemd[1]: Starting OpenLDAP Server Daemon... Jan 05 20:57:14 kifarunix-demo.com slapd[77537]: @(#) $OpenLDAP: slapd 2.6.0 (Jan 5 2022 20:35:20) $ [email protected]:/root/openldap-2.6.0/servers/slapd Jan 05 20:57:14 kifarunix-demo.com slapd[77538]: slapd starting Jan 05 20:57:14 kifarunix-demo.com systemd[1]: Started OpenLDAP Server Daemon. 


Konfigurasikan OpenLDAP Logging di Ubuntu 22.04


Secara default, tingkat logging OpenLDAP diatur ke  none yang diperlukan untuk hanya memiliki pesan prioritas tinggi yang dicatat.


Anda dapat mengubah ini ke  level log yang berbeda, katakanlah ke  stats level (sambungan log/operasi/hasil), jalankan perintah di bawah ini;


ldapmodify -Y EXTERNAL -H ldapi:/// -Q


Copy dan tempel konten di bawah ini pada permintaan untuk mengubah level log.


dn: cn=config changeType: modify replace: olcLogLevel olcLogLevel: stats


Selanjutnya, tekan ENTERdua kali. Setelah Anda melihat garis,  modifying entry "cn=config", lalu tekan  Ctrl+d.


Anda juga dapat menggunakan file LDIF untuk memperbarui informasi ini jika Anda mau.


Untuk mengkonfirmasi perubahan;


ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config "(objectClass=olcGlobal)" olcLogLevel -LLL -Q


dn: cn=config olcLogLevel: stats


Selanjutnya, Anda perlu menentukan file log untuk OpenLDAP pada konfigurasi Rsyslog. Secara default, OpenLDAP masuk ke  local4 fasilitas, oleh karena itu, untuk mengonfigurasinya untuk masuk  /var/log/slapd.log misalnya, jalankan perintah di bawah ini;


echo "local4.* /var/log/slapd.log" >> /etc/rsyslog.d/51-slapd.conf


Mulai ulang service Rsyslog dan SLAPD


systemctl restart rsyslog slapd


Anda sekarang seharusnya dapat membaca log masuk LDAP,  /var/log/slapd.log.


Anda juga dapat mengonfigurasi rotasi log;


cat > /etc/logrotate.d/slapd << EOL /var/log/slapd.log { rotate 7 daily missingok notifempty delaycompress compress postrotate /usr/lib/rsyslog/rsyslog-rotate endscript } EOL 


Mulai ulang service rotasi log;


systemctl restart logrotate


Buat DN Root Default OpenLDAP


Selanjutnya, buat database MDB yang mendefinisikan root DN serta daftar kontrol akses.


Pertama, buat password DN root.


slappasswd


New password: ENTER PASSWORD Re-enter new password: RE-ENTER PASSWORD {SSHA}mkWcb8AsesQrsmA9ZZNFW4jCMnuHiJaf


Copy dan tempel hash password yang dihasilkan di atas, {SSHA}mkWcb8AsesQrsmA9ZZNFW4jCMnuHiJaf, sebagai nilai olcRootPW dalam file Root DN ldif di bawah ini.


Ganti komponen domain,  dc=ldapmaster,dc=kifarunix-demo,dc=com dengan nama Anda yang sesuai.


cat > rootdn.ldif << 'EOL' dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 42949672960 olcDbDirectory: /var/lib/openldap olcSuffix: dc=ldapmaster,dc=kifarunix-demo,dc=com olcRootDN: cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com olcRootPW: {SSHA}mkWcb8AsesQrsmA9ZZNFW4jCMnuHiJaf olcDbIndex: uid pres,eq olcDbIndex: cn,sn pres,eq,approx,sub olcDbIndex: mail pres,eq,sub olcDbIndex: objectClass pres,eq olcDbIndex: loginShell pres,eq olcDbIndex: sudoUser,sudoHost pres,eq olcAccess: to attrs=userPassword,shadowLastChange,shadowExpire by self write by anonymous auth by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.subtree="ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com" read by * none olcAccess: to dn.subtree="ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com" by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none olcAccess: to dn.subtree="dc=ldapmaster,dc=kifarunix-demo,dc=com" by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by users read by * none EOL 


Baca lebih lanjut tentang ACL di  Kontrol Akses OpenLDAP.


Memperbarui database slapd dengan konten di atas;


ldapadd -Y EXTERNAL -H ldapi:/// -f rootdn.ldif


Contoh keluaran perintah;


SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcDatabase=mdb,cn=config"


Konfigurasikan OpenLDAP dengan SSL/TLS


Untuk mengamankan komunikasi OpenLDAP antara client dan server, konfigurasikan untuk menggunakan sertifikat SSL/TLS.


Dalam panduan ini, kami adalah sertifikat yang ditandatangani sendiri. Anda dapat memilih untuk mendapatkan sertifikat yang ditandatangani secara komersial dan tepercaya dari CA pilihan Anda, untuk lingkungan produksi.


openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout  /etc/ssl/ldapserver.key -out /etc/ssl/ldapserver.crt


chown ldap:ldap /etc/ssl/{ldapserver.crt,ldapserver.key}


Perbarui atribut sertifikat OpenLDAP Server TLS.


cat > tls.ldif << 'EOL' dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/ldapserver.crt - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/ldapserver.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/ldapserver.key EOL 


Perhatikan bahwa kami telah menggunakan sertifikat yang ditandatangani sendiri sebagai sertifikat dan sertifikat CA.


ldapadd -Y EXTERNAL -H ldapi:/// -f tls.ldif


Setelah perintah berjalan, Anda dapat mengonfirmasi pengaturan TLS dengan menjalankan perintah di bawah ini;


slapcat -b "cn=config" | grep olcTLS


olcTLSCACertificateFile: /etc/ssl/ldapserver.crt olcTLSCertificateFile: /etc/ssl/ldapserver.crt olcTLSCertificateKeyFile: /etc/ssl/ldapserver.key


Ubah lokasi sertifikat CA di  /etc/ldap/ldap.conf.


sed -i 's|/etc/ssl/certs/ca-certificates.crt|/etc/ssl/ldapserver.crt|' /etc/ldap/ldap.conf


Buat DN Basis OpenLDAP


Selanjutnya, buat DN dasar Anda atau basis pencarian untuk menentukan struktur dan direktori organisasi Anda.


Ganti komponen domain dan unit organisasi yang sesuai.


cat > basedn.ldif << 'EOL' dn: dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: dcObject objectClass: organization objectClass: top o: Kifarunix-demo dc: ldapmaster dn: ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: organizationalUnit objectClass: top ou: groups dn: ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: organizationalUnit objectClass: top ou: people EOL 


ldapadd -Y EXTERNAL -H ldapi:/// -f basedn.ldif


keluaran sampel;


SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "dc=ldapmaster,dc=kifarunix-demo,dc=com" adding new entry "ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com" adding new entry "ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com" 


Buat Akun Pengguna OpenLDAP


Anda dapat menambahkan user ke server OpenLDAP Anda. Buat file ldif untuk mendefinisikan user Anda sebagai berikut.


cat > users.ldif << 'EOL' dn: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: johndoe cn: John sn: Doe loginShell: /bin/bash uidNumber: 10000 gidNumber: 10000 homeDirectory: /home/johndoe shadowMax: 60 shadowMin: 1 shadowWarning: 7 shadowInactive: 7 shadowLastChange: 0 dn: cn=johndoe,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: posixGroup cn: johndoe gidNumber: 10000 memberUid: johndoe EOL 


Tambahkan user ke database OpenLDAP.


ldapadd -Y EXTERNAL -H ldapi:/// -f users.ldif


Mengatur password untuk Pengguna LDAP


Untuk mengatur password untuk user di atas, jalankan perintah di bawah ini;


ldappasswd -H ldapi:/// -Y EXTERNAL -S "uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com"


Buat OpenLDAP Bind DN dan Bind DN

 User


Bind DN user digunakan untuk melakukan operasi LDAP seperti menyelesaikan ID Pengguna dan ID grup.


Dalam panduan ini, kami membuat DN pengikatan yang disebut  system.


Perhatikan kontrol akses yang terkait dengan ini ou seperti yang didefinisikan pada root DN di atas.


Mencantumkan daftar kontrol Access di database;


ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}mdb)' olcAccess


dn: olcDatabase={1}mdb,cn=config olcAccess: {0}to attrs=userPassword,shadowLastChange,shadowExpire by self writ e by anonymous auth by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=ext ernal,cn=auth" manage by dn.subtree="ou=system,dc=ldapmaster,dc=kifarunix-de mo,dc=com" read by * none olcAccess: {1}to dn.subtree="ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com" by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mana ge by * none olcAccess: {2}to dn.subtree="dc=ldapmaster,dc=kifarunix-demo,dc=com" by dn.sub tree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by user s read by * none 


Buat password user LDAP BindDN.


slappasswd


New password: Re-enter new password: {SSHA}51i5ZSBTbCULaS8IwRrLDnrcsrM00czf


Copy dan Tempel nilai hash password di atas sebagai nilai userPassword atribut dalam file di bawah ini;


cat > bindDNuser.ldif << 'EOL' dn: ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: organizationalUnit objectClass: top ou: system dn: cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: readonly userPassword: {SSHA}51i5ZSBTbCULaS8IwRrLDnrcsrM00czf description: Bind DN user for LDAP Operations EOL 


ldapadd -Y EXTERNAL -H ldapi:/// -f bindDNuser.ldif


Aktifkan Kebijakan Kata Sandi OpenLDAP


Jika Anda ingin menerapkan kebijakan password OpenLDAP, pastikan Skema Kebijakan Kata Sandi diaktifkan.


Untuk mengaktifkan skema Kebijakan password, jalankan perintah di bawah ini;


cat > ppolicy.ldif << 'EOL' dn: cn=ppolicy,cn=schema,cn=config objectClass: olcSchemaConfig cn: ppolicy olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA LITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E QUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.27 SINGLE-VALUE ) olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter val' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L oadable module that instantiates "check_password() function' EQUALITY caseExa ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailur e' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.27 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top AUXILIARY MAY pwdCheckModule ) olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $ pwdMaxRecordedFailure ) ) EOL 


ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicy.ldif


Selanjutnya, baca panduan di bawah ini untuk mempelajari cara menerapkan kebijakan sandi.


Terapkan Kebijakan Kata Sandi OpenLDAP


Izinkan Layanan OpenLDAP di Firewall


Jika UFW sedang berjalan, izinkan akses eksternal OpenLDAP (baik LDAP dan LDAPS);


ufw allow "OpenLDAP LDAP"


ufw allow "OpenLDAP LDAPS"


Otentikasi Melalui OpenLDAP Server


Dan itulah cara install dan setup OpenLDAP Server di Ubuntu 22.04.


Untuk memverifikasi bahwa user benar-benar dapat terhubung ke sistem melalui server OpenLDAP, Anda perlu mengonfigurasi client OpenLDAP pada sistem jarak jauh.


Lihat panduan di bawah ini;


Konfigurasikan SSSD untuk Otentikasi LDAP di Ubuntu 20.04


Konfigurasikan SSSD untuk Otentikasi LDAP di Rocky Linux 8


Instal dan Konfigurasikan SSSD untuk Otentikasi OpenLDAP di Fedora 32/31/30