#format wiki
#language fr
#acl +All:read

= Installing OpenLdap + Heimdal Kerberos on Debian Stretch with Multiple Realm =

== Setting-up OpenLdap ==

 * `apt install slapd`

 * Define the admin password

 * Run `dpkg-reconfigure slapd` et make initial config. Choose MDB as backend

 * In the following, we suppose you have the root dn of your db in ROOTDN. So if you choose `example.com` as domain in the previous set, set `export ROOTDN="dc=example,dc=com"`

 * Disable anonymous binds et require authentication

{{{
cat <<'EOF' | ldapadd -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon

dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc

dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
EOF
}}}
 * Optionally set a password to access `cn=config` (I use Apache Directory Studio)
{{{
PASSWORD=$(slappasswd -c '$6$rounds=100001$%.16s')
cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: $PASSWORD
EOF
unset PASSWORD
}}}


----
CatégoriePagePublique