From 50fdddaa38662962a5f24381c766c23e74a5712c Mon Sep 17 00:00:00 2001 From: Shawn McKinney Date: Tue, 1 Mar 2022 09:34:13 -0600 Subject: [PATCH] FC-308 - Symas OpenLDAP 2.5 Support --- README-QUICKSTART-SLAPD.md | 73 +++++++++++++++++--------------------- build-config.xml | 1 - ldap/slapd.conf.src | 7 +--- slapd.properties.example | 40 ++++++++------------- 4 files changed, 47 insertions(+), 74 deletions(-) diff --git a/README-QUICKSTART-SLAPD.md b/README-QUICKSTART-SLAPD.md index 97cf9318..d882af3e 100644 --- a/README-QUICKSTART-SLAPD.md +++ b/README-QUICKSTART-SLAPD.md @@ -44,12 +44,18 @@ Minimum software requirements: * RHEL or Debian Machine * Java SDK >= 8 * Apache Maven >= 3 - - *Everything else covered in steps that follow.* + ___________________________________________________________________________________ ## SECTION 2. Apache Fortress Core and OpenLDAP Setup -1. Download the package: +1. Setup your Debian or Rehat Symas OpenLDAP 2.5 package repo: [Symas OpenLDAP 2.5](https://repo.symas.com/soldap2.5/) + setup notes + - Select your distro + - Debian systems must install the gpg key + - Follow steps 1 and 2 (only) to update your repo + - Everything else (install, configure) is covered in the steps that follow + +2. Get the Apache Fortress Core source package: a. from git: ``` @@ -64,7 +70,7 @@ ________________________________________________________________________________ cd fortress-core-2.0.7 ``` -2. Prepare the package: +3. Prepare the Apache Fortress package: ``` cp build.properties.example build.properties @@ -75,44 +81,27 @@ ________________________________________________________________________________ * Learn more about how the config works: [README-CONFIG](README-CONFIG.md). * Learn more about what properties there are: [README-PROPERTIES](README-PROPERTIES.md). -3. Download the latest OpenLDAP binaries for your platform: - [Symas OpenLDAP Silver Edition](https://downloads.symas.com/products/symas-openldap-directory-silver-edition/) - -4. Place either a centos or debian package under the folder named *ldap* : [fortress-core-[VERSION]/ldap](./ldap) - -5. Edit the *slapd.properties* file: +4. Edit the *slapd.properties* file: ``` vi slapd.properties ``` -6. Update the *slapd.properties* file *slapd.install* statement with a reference to the openldap file install downloaded earlier. - - a. For Debian installs: - ``` - slapd.install=dpkg -i symas-openldap-silver.version.platform.deb - ``` - - b. For Centos: - ``` - slapd.install=rpm -i symas-openldap-silver.version.platform.rpm - ``` +5. Choose which package to install Debian or Redhat: -7. Specify whether you want to enable the slapo-rbac overlay: - - a. Yes, I want to enable slapo-rbac: - ``` - rbac.accelerator=true - ``` +``` +#Debian: +slapd.install=apt install symas-openldap-clients symas-openldap-server -y +slapd.uninstall=apt remove symas-openldap-clients symas-openldap-server -y - *To use this option, symas-openldap version 2.4.43++ is required.* +# Or: - b. No, I don't want to enable slapo-rbac: - ``` - rbac.accelerator=false - ``` +# Redhat: +slapd.install=yum install symas-openldap-servers symas-openldap-clients -y +slapd.uninstall=yum remove symas-openldap-servers symas-openldap-clients -y +``` -8. (optional) Specify whether you want to communicate over SSL using LDAPS: +6. (optional) Specify whether you want to communicate over SSL using LDAPS: a. Place .pem files for ca-certificate, server certificate and private key in folder named *certs* : [fortress-core-[VERSION]/src/test/resources/certs](./src/test/resources/certs) @@ -147,14 +136,14 @@ ________________________________________________________________________________ tls.key.file=server-key.pem ``` - more notes + more ldaps notes - whatever used for LDAP host name must match the common name element of the server's certificate - the truststore may be found on the classpath or as a fully qualified file name determined by trust.store.onclasspath. - The LDAP URIs are used by the server listener during startup. -9. Save and exit +7. Save and exit -10. Prepare your terminal for execution of maven commands. +8. Prepare your terminal for execution of maven commands. ``` #!/bin/sh @@ -163,7 +152,7 @@ ________________________________________________________________________________ export PATH=$PATH:$M2_HOME/bin ``` -11. Run the maven install: +9. Run the maven install: a. Java 8 target @@ -173,25 +162,27 @@ a. Java 8 target -- OR -- -b. Java 11 target +b. Java 11++ target ``` mvn clean install -Djava.version=11 ``` -12. Install, configure and load the slapd server: +Where -Djava.version matches the version of Java + +10. Install, configure and load the slapd server: ``` mvn test -Pinit-slapd ``` -13. To start the slapd process: +11. To start the slapd process: ``` mvn test -Pstart-slapd ``` -14. To stop the slapd process: +12. To stop the slapd process: ``` mvn test -Pstop-slapd diff --git a/build-config.xml b/build-config.xml index 3cf29160..1b27a96d 100644 --- a/build-config.xml +++ b/build-config.xml @@ -149,7 +149,6 @@ - diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src index f29bcd6b..2c20952e 100755 --- a/ldap/slapd.conf.src +++ b/ldap/slapd.conf.src @@ -21,7 +21,7 @@ # Note: Directives that begin with '@' are substitution parms that get automatically replaced. include @SCHEMA_PATH@/core.schema -include @SCHEMA_PATH@/ppolicy.schema +#include @SCHEMA_PATH@/ppolicy.schema include @SCHEMA_PATH@/cosine.schema include @SCHEMA_PATH@/inetorgperson.schema include @SCHEMA_PATH@/rfc2307bis.schema @@ -66,7 +66,6 @@ password-hash {SSHA} # Access Log DB Settings ####################################################################### database @DB_TYPE@ -@LOG_RDRS@ @LOG_SIZE@ suffix "@LOG_SUFFIX@" rootdn "@LOG_ROOT_DN@" @@ -78,7 +77,6 @@ index reqDN,reqAuthzID,reqAttr,reqMod,reqResult eq directory "@HISTORY_DB_PATH@" @LOG_DBNOSYNCH@ @LOG_CHECKPOINT@ -@LOG_BDB_CACHE_SIZE@ # Accesslog is readable by replicator and fortress: access to dn.subtree="@LOG_SUFFIX@" @@ -90,7 +88,6 @@ access to dn.subtree="@LOG_SUFFIX@" # Default DB Settings ####################################################################### database @DB_TYPE@ -@DFLT_RDRS@ @DFLT_SIZE@ suffix "@SUFFIX@" rootdn "@ROOT_DN@" @@ -107,8 +104,6 @@ overlay accesslog logdb "@LOG_SUFFIX@" @DFLT_DBNOSYNCH@ @DFLT_CHECKPOINT@ -@DFLT_BDB_CACHE_SIZE@ -@DFLT_BDB_CACHE_IDLE_SIZE@ # The fortress admin needs write access to the whole DIT access to dn.subtree="@SUFFIX@" diff --git a/slapd.properties.example b/slapd.properties.example index f36430e2..5e9c3085 100644 --- a/slapd.properties.example +++ b/slapd.properties.example @@ -159,23 +159,18 @@ rfc2307=false # OpenLDAP MDB Backend config is default setting for Fortress:: db.type=mdb -dflt.rdrs=maxreaders 64 dflt.size=maxsize 1000000000 -log.rdrs=maxreaders 64 log.size=maxsize 1000000000 -dflt.bdb.cache.size= -dflt.bdb.cache.idle.size= -log.bdb.cache.size= # These next params used by 'init-slapd' target to install OpenLDAP to target machine. Do not change any params below this line unless you know what you are doing: ## Symas OpenLDAP on NIX section: openldap.install.artifact.dir=./ldap -db.root=/var/openldap +db.root=/var/symas/openldap-data openldap.root=/opt/symas slapd.dir=${openldap.root}/etc/openldap # to start: -pid.dir=/var/openldap +pid.dir=/var/symas/run db.dir=${db.root}/dflt db.hist.dir=${db.root}/hist db.bak.dir=${db.root}/backup/dflt @@ -187,25 +182,18 @@ dflt.dbnosynch=dbnosync log.checkpoint=checkpoint 64 5 dflt.checkpoint=checkpoint 64 5 -# Each of the options are used for a particular Symas-OpenLDAP platform.Debian 64-bit Silver: - -#Debian 64-bit Silver: -#platform=Debian-Silver-x86-64 -# Note: for Ubuntu installs, remove the file /opt/symas/etc/openldap/symas-openldap.conf before installing new package, to prevent automatic startup after the installation. -#slapd.install=dpkg -i symas-openldap-silver.64_2.4.43-20151204_amd64.deb -#slapd.uninstall=dpkg -r symas-openldap-silver -#install.image.dir=/home/smckinn/archives/debian64 -#slapd.module.dir=${openldap.root}/lib64/openldap -#slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap - -# Redhat 64-bit Silver: -platform=Redhat-Silver-x86-64 -slapd.install=rpm -i symas-openldap-silver.x86_64-2.4.43-1.rpm -slapd.uninstall=rpm -e symas-openldap-silver -slapd.module.dir=${openldap.root}/lib64/openldap -# use the symas openldap startup script: -slapd.start=${openldap.root}/etc/solserver start -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap -#slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap +# Symas-OpenLDAP Configurations: +platform=symas-openldap +slapd.module.dir=${openldap.root}/lib/openldap +slapd.start=${openldap.root}/lib/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf + +#Debian: +#slapd.install=apt install symas-openldap-clients symas-openldap-server -y +#slapd.uninstall=apt remove symas-openldap-clients symas-openldap-server -y + +# Redhat: +#slapd.install=yum install symas-openldap-servers symas-openldap-clients -y +#slapd.uninstall=yum remove symas-openldap-servers symas-openldap-clients -y ######################################################################## # 6. RBAC ACCELERATOR OVERLAY PROPS