Configure domain database to store domain users and groups

Directory Services

 

This stage should be repeated for each domain you want Axigen to synchronize to LDAP.

1. First of all get a view of your current openLDAP:

As you can see, there is one DB configured: dn: olcDatabase={2}hdb,cn=config. In this database, you can see a domain database configured which has its data stored in /var/lib/ldap.

2. We now want to configure a new domain with its data stored in /data/ldap.db/mydomain.com/. Please note that this is different than the default my-domain.com as it contains no '-' in the domain name.

3. Choose an LDAP database location! If it is different than /var/lib/ldap, then SELinux should be disabled (not recommended) or reconfigured.

4. From now, we will work with a custom OpenLDAP database location. We will use /data/ldap.db/. In it, we will create another subfolder to host the data of our first domain: mydomain.com

5. Please note the mydomain.com subfolder. This is chosen to be the location for database used by mydomain.com example domain. If you have multiple domains that you would like to store under the /data/ldap.db directory you will need to have multiple folders.

6. Copy a sample DB_CONFIG file to the new mydomain.com LDAP data directory:

7. Set LDAP ownership to folders and the configuration file:

8. Define a password for the Manager of this domain and encrypt it with slappasswd:

9. Create a new file mydomain.com.db.ldif for configuring the database for this domain:

10. Now, attempt to configure this new database holding the domain mydomain.com:

This attempt failed because the openLDAP server is not permitted access to write to the database location of our choosing and this is caused by the SELinux engine.

First of all let's check the status of SELinux:

Now, gather the info for performing the configuration:

For helping further install:

The policycoreutils-python package installs the audit2allow utility. Now, set the new directory with the values of the default /var/lib/ldap directory:

Now store this configuration:

Alternatively, for more information, you could use sealert (from setroubleshoot-server package):

Which may show something like:

11. Now re-attempt to apply the database config for mydomain.com:

12. Now, check what databases are configured on the system:

Please note olcDatabase={3}hdb,cn=config. Now see the details of this new database:

13. Now add the memberof and syncprov modules on the mydomain.com database:

In order to verify that the overlays are installed on your database, issue the following command after the above overlays provisioning on database:

14. Now, we have to create the Users and Groups leafs:

15. And add it to LDAP:

Please note that you will have to connect with the password you defined for the cn=Manager,dc=mydomain,dc=com administrative (see step 8)

16. And a final check search:

Now you have an OLC configured LDAP with a custom location database for the mydomain.com domain.