OpenLDAPの最新バージョンを使うためにソースからコンパイルしてインストールします。
構築
apt install make
apt install gcc
apt install libtool
apt install libssl-dev
apt install libwrap0-dev
tar zxf openldap-server-2.4.49.tar.gz
cd openldap-server-2.4.49
./configure \
--localstatedir=/var \
--libdir=/usr/local/lib/openldap \
--enable-dynacl=yes \
--enable-modules=yes \
--enable-overlays=yes \
--disable-bdb \
--disable-hdb \
--enable-ldap=yes \
--enable-meta=yes \
--enable-wrappers
make depend
make
make install
cd contrib/slapd-modules/passwd/sha2
make SLAPD_SHA2_DEBUG=1 all
rm -f /usr/local/libexec/openldap/pw-sha2.a
make SLAPD_SHA2_DEBUG=1 install
strip /usr/local/lib/libexec/openldap/*.so
mkdir -p /var/run/slapd
groupadd -g 389 ldap
useradd -u 389 -g 389 -d /var/lib/ldap -c "OpenLDAP server" -s /usr/sbin/nologin ldap
chown ldap:ldap /var/run/slapd
登録
/etc/systemd/system/slapd.service
SyncReplを使用する場合は必ずServerIDと符合するURIを-hオプションの引数で指定する。
[Unit] Description=OpenLDAP server After=syslog.target network.target Documentation=man:slapd(8) [Service] Type=forking PIDFile=/var/run/slapd/slapd.pid ExecStart=/usr/local/libexec/slapd -u ldap -g ldap -h 'ldap://localhost/ ldap://ldap.example.com/ ldapi:///' ExecReload=/bin/kill -HUP $MAINPID ExecStop=/bin/kill -TERM $MAINPID [Install] WantedBy=multi-user.target
/etc/rsyslog.d/50-default.conf
+ local4.* /var/log/ldap.log
/etc/logrotate.d/slapd
/var/log/ldap.log
{
daily
rotate 30
missingok
notifempty
compress
dateext
dateformat .%Y-%m-%d
}
/etc/rc.local
#!/bin/sh mkdir -p /var/run/slapd chown ldap:ldap /var/run/slapd
/var/spool/cron/crontabs/root
crontab -e
+ @reboot /etc/rc.local
起動
systemctl restart rsyslog systemctl list-unit-files --type=service | grep slapd systemctl enable slapd systemctl start slapd