The translation is temporarily closed for contributions due to maintenance, please come back later.
List of commonly installed additional LDAP packages
|[package]*nss-pam-ldapd*|A package containing `nslcd`, a local LDAP name service that allows a user to perform local LDAP queries.
|[package]*mod_ldap*|A package containing the `mod_authnz_ldap` and `mod_ldap` modules. The `mod_authnz_ldap` module is the LDAP authorization module for the Apache HTTP Server. This module can authenticate users' credentials against an LDAP directory, and can enforce access control based on the user name, full DN, group membership, an arbitrary attribute, or a complete filter string. The `mod_ldap` module contained in the same package provides a configurable shared memory cache, to avoid repeated directory access across many HTTP requests, and also support for SSL/TLS.
To install these packages, use the [command]#dnf# command in the following form:
[command]#dnf# [option]`install` _package_pass:attributes[{blank}]…
For example, to perform the basic LDAP server installation, type the following at a shell prompt as `root`:
~]#{nbsp}dnf install openldap openldap-clients openldap-servers
Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages].
Overview of OpenLDAP Server Utilities
indexterm:[OpenLDAP,utilities] To perform administrative tasks, the [package]*openldap-servers* package installs the following utilities along with the `slapd` service:
List of OpenLDAP server utilities
|[command]#slapacl#|Allows you to check the access to a list of attributes.
|[command]#slapadd#|Allows you to add entries from an LDIF file to an LDAP directory.
|[command]#slapauth#|Allows you to check a list of IDs for authentication and authorization permissions.
|[command]#slapcat#|Allows you to pull entries from an LDAP directory in the default format and save them in an LDIF file.
|[command]#slapdn#|Allows you to check a list of Distinguished Names (DNs) based on available schema syntax.
|[command]#slapindex#|Allows you to re-index the `slapd` directory based on the current content. Run this utility whenever you change indexing options in the configuration file.
|[command]#slappasswd#|Allows you to create an encrypted user password to be used with the [command]#ldapmodify# utility, or in the `slapd` configuration file.
|[command]#slapschema#|Allows you to check the compliance of a database with the corresponding schema.
|[command]#slaptest#|Allows you to check the LDAP server configuration.
For a detailed description of these utilities and their usage, see the corresponding manual pages as referred to in xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation].
Make sure the files have correct owner
Although only `root` can run [command]#slapadd#, the `slapd` service runs as the `ldap` user. Because of this, the directory server is unable to modify any files created by [command]#slapadd#. To correct this issue, after running the [command]#slapadd# utility, type the following at a shell prompt:
[command]#chown -R ldap:ldap /var/lib/ldap#
Stop slapd before using these utilities
To preserve the data integrity, stop the `slapd` service before using [command]#slapadd#, [command]#slapcat#, or [command]#slapindex#. You can do so by typing the following at a shell prompt as `root`:
~]#{nbsp}systemctl stop slapd.service
For more information on how to start, stop, restart, and check the current status of the `slapd` service, see xref:Directory_Servers.adoc#s2-ldap-running[Running an OpenLDAP Server].
Overview of OpenLDAP Client Utilities