Skip to content
Permalink
Browse files
FC-308 - Symas OpenLDAP 2.5 Support
  • Loading branch information
shawnmckinney committed Mar 2, 2022
1 parent 9de78b4 commit 50fdddaa38662962a5f24381c766c23e74a5712c
Showing 4 changed files with 47 additions and 74 deletions.
@@ -44,12 +44,18 @@ Minimum software requirements:
* RHEL or Debian Machine
* Java SDK >= 8
* Apache Maven >= 3

*Everything else covered in steps that follow.*

___________________________________________________________________________________
## SECTION 2. Apache Fortress Core and OpenLDAP Setup

1. Download the package:
1. Setup your Debian or Rehat Symas OpenLDAP 2.5 package repo: [Symas OpenLDAP 2.5](https://repo.symas.com/soldap2.5/)
setup notes
- Select your distro
- Debian systems must install the gpg key
- Follow steps 1 and 2 (only) to update your repo
- Everything else (install, configure) is covered in the steps that follow

2. Get the Apache Fortress Core source package:

a. from git:
```
@@ -64,7 +70,7 @@ ________________________________________________________________________________
cd fortress-core-2.0.7
```

2. Prepare the package:
3. Prepare the Apache Fortress package:

```
cp build.properties.example build.properties
@@ -75,44 +81,27 @@ ________________________________________________________________________________
* Learn more about how the config works: [README-CONFIG](README-CONFIG.md).
* Learn more about what properties there are: [README-PROPERTIES](README-PROPERTIES.md).

3. Download the latest OpenLDAP binaries for your platform:
[Symas OpenLDAP Silver Edition](https://downloads.symas.com/products/symas-openldap-directory-silver-edition/)

4. Place either a centos or debian package under the folder named *ldap* : [fortress-core-[VERSION]/ldap](./ldap)

5. Edit the *slapd.properties* file:
4. Edit the *slapd.properties* file:

```
vi slapd.properties
```

6. Update the *slapd.properties* file *slapd.install* statement with a reference to the openldap file install downloaded earlier.

a. For Debian installs:
```
slapd.install=dpkg -i symas-openldap-silver.version.platform.deb
```

b. For Centos:
```
slapd.install=rpm -i symas-openldap-silver.version.platform.rpm
```
5. Choose which package to install Debian or Redhat:

7. Specify whether you want to enable the slapo-rbac overlay:

a. Yes, I want to enable slapo-rbac:
```
rbac.accelerator=true
```
```
#Debian:
slapd.install=apt install symas-openldap-clients symas-openldap-server -y
slapd.uninstall=apt remove symas-openldap-clients symas-openldap-server -y
*To use this option, symas-openldap version 2.4.43++ is required.*
# Or:
b. No, I don't want to enable slapo-rbac:
```
rbac.accelerator=false
```
# Redhat:
slapd.install=yum install symas-openldap-servers symas-openldap-clients -y
slapd.uninstall=yum remove symas-openldap-servers symas-openldap-clients -y
```

8. (optional) Specify whether you want to communicate over SSL using LDAPS:
6. (optional) Specify whether you want to communicate over SSL using LDAPS:

a. Place .pem files for ca-certificate, server certificate and private key in folder named *certs* : [fortress-core-[VERSION]/src/test/resources/certs](./src/test/resources/certs)

@@ -147,14 +136,14 @@ ________________________________________________________________________________
tls.key.file=server-key.pem
```

more notes
more ldaps notes
- whatever used for LDAP host name must match the common name element of the server's certificate
- the truststore may be found on the classpath or as a fully qualified file name determined by trust.store.onclasspath.
- The LDAP URIs are used by the server listener during startup.

9. Save and exit
7. Save and exit

10. Prepare your terminal for execution of maven commands.
8. Prepare your terminal for execution of maven commands.

```
#!/bin/sh
@@ -163,7 +152,7 @@ ________________________________________________________________________________
export PATH=$PATH:$M2_HOME/bin
```

11. Run the maven install:
9. Run the maven install:

a. Java 8 target

@@ -173,25 +162,27 @@ a. Java 8 target

-- OR --

b. Java 11 target
b. Java 11++ target

```
mvn clean install -Djava.version=11
```

12. Install, configure and load the slapd server:
Where -Djava.version matches the version of Java

10. Install, configure and load the slapd server:

```
mvn test -Pinit-slapd
```

13. To start the slapd process:
11. To start the slapd process:

```
mvn test -Pstart-slapd
```

14. To stop the slapd process:
12. To stop the slapd process:

```
mvn test -Pstop-slapd
@@ -149,7 +149,6 @@
<replace file="${target.slapd.conf}" token="@LOG_RDRS@" value="${log.rdrs}"/>
<replace file="${target.slapd.conf}" token="@LOG_SIZE@" value="${log.size}"/>
<replace file="${target.slapd.conf}" token="@LOG_BDB_CACHE_SIZE@" value="${log.bdb.cache.size}"/>
<replace file="${target.slapd.conf}" token="@DFLT_RDRS@" value="${dflt.rdrs}"/>
<replace file="${target.slapd.conf}" token="@DFLT_SIZE@" value="${dflt.size}"/>
<replace file="${target.slapd.conf}" token="@DFLT_BDB_CACHE_SIZE@" value="${dflt.bdb.cache.size}"/>
<replace file="${target.slapd.conf}" token="@DFLT_BDB_CACHE_IDLE_SIZE@" value="${dflt.bdb.cache.idle.size}"/>
@@ -21,7 +21,7 @@
# Note: Directives that begin with '@' are substitution parms that get automatically replaced.

include @SCHEMA_PATH@/core.schema
include @SCHEMA_PATH@/ppolicy.schema
#include @SCHEMA_PATH@/ppolicy.schema
include @SCHEMA_PATH@/cosine.schema
include @SCHEMA_PATH@/inetorgperson.schema
include @SCHEMA_PATH@/rfc2307bis.schema
@@ -66,7 +66,6 @@ password-hash {SSHA}
# Access Log DB Settings
#######################################################################
database @DB_TYPE@
@LOG_RDRS@
@LOG_SIZE@
suffix "@LOG_SUFFIX@"
rootdn "@LOG_ROOT_DN@"
@@ -78,7 +77,6 @@ index reqDN,reqAuthzID,reqAttr,reqMod,reqResult eq
directory "@HISTORY_DB_PATH@"
@LOG_DBNOSYNCH@
@LOG_CHECKPOINT@
@LOG_BDB_CACHE_SIZE@

# Accesslog is readable by replicator and fortress:
access to dn.subtree="@LOG_SUFFIX@"
@@ -90,7 +88,6 @@ access to dn.subtree="@LOG_SUFFIX@"
# Default DB Settings
#######################################################################
database @DB_TYPE@
@DFLT_RDRS@
@DFLT_SIZE@
suffix "@SUFFIX@"
rootdn "@ROOT_DN@"
@@ -107,8 +104,6 @@ overlay accesslog
logdb "@LOG_SUFFIX@"
@DFLT_DBNOSYNCH@
@DFLT_CHECKPOINT@
@DFLT_BDB_CACHE_SIZE@
@DFLT_BDB_CACHE_IDLE_SIZE@

# The fortress admin needs write access to the whole DIT
access to dn.subtree="@SUFFIX@"
@@ -159,23 +159,18 @@ rfc2307=false

# OpenLDAP MDB Backend config is default setting for Fortress::
db.type=mdb
dflt.rdrs=maxreaders 64
dflt.size=maxsize 1000000000
log.rdrs=maxreaders 64
log.size=maxsize 1000000000
dflt.bdb.cache.size=
dflt.bdb.cache.idle.size=
log.bdb.cache.size=

# These next params used by 'init-slapd' target to install OpenLDAP to target machine. Do not change any params below this line unless you know what you are doing:

## Symas OpenLDAP on NIX section:
openldap.install.artifact.dir=./ldap
db.root=/var/openldap
db.root=/var/symas/openldap-data
openldap.root=/opt/symas
slapd.dir=${openldap.root}/etc/openldap
# to start:
pid.dir=/var/openldap
pid.dir=/var/symas/run
db.dir=${db.root}/dflt
db.hist.dir=${db.root}/hist
db.bak.dir=${db.root}/backup/dflt
@@ -187,25 +182,18 @@ dflt.dbnosynch=dbnosync
log.checkpoint=checkpoint 64 5
dflt.checkpoint=checkpoint 64 5

# Each of the options are used for a particular Symas-OpenLDAP platform.Debian 64-bit Silver:

#Debian 64-bit Silver:
#platform=Debian-Silver-x86-64
# Note: for Ubuntu installs, remove the file /opt/symas/etc/openldap/symas-openldap.conf before installing new package, to prevent automatic startup after the installation.
#slapd.install=dpkg -i symas-openldap-silver.64_2.4.43-20151204_amd64.deb
#slapd.uninstall=dpkg -r symas-openldap-silver
#install.image.dir=/home/smckinn/archives/debian64
#slapd.module.dir=${openldap.root}/lib64/openldap
#slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap

# Redhat 64-bit Silver:
platform=Redhat-Silver-x86-64
slapd.install=rpm -i symas-openldap-silver.x86_64-2.4.43-1.rpm
slapd.uninstall=rpm -e symas-openldap-silver
slapd.module.dir=${openldap.root}/lib64/openldap
# use the symas openldap startup script:
slapd.start=${openldap.root}/etc/solserver start -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
#slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
# Symas-OpenLDAP Configurations:
platform=symas-openldap
slapd.module.dir=${openldap.root}/lib/openldap
slapd.start=${openldap.root}/lib/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf

#Debian:
#slapd.install=apt install symas-openldap-clients symas-openldap-server -y
#slapd.uninstall=apt remove symas-openldap-clients symas-openldap-server -y

# Redhat:
#slapd.install=yum install symas-openldap-servers symas-openldap-clients -y
#slapd.uninstall=yum remove symas-openldap-servers symas-openldap-clients -y

########################################################################
# 6. RBAC ACCELERATOR OVERLAY PROPS

0 comments on commit 50fddda

Please sign in to comment.