Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
Adding a schema
Schemas can only be added to cn=config if they are in LDIF format. If not, they will first have to be converted. You can find unconverted schemas in addition to converted ones in the /etc/ldap/schema directory. 192 Note It is not trivial to remove a schema from the slapd-config database. Practice adding schemas on a test system. In the following example we’ll add the password policy (ppolicy) schema. This schema exists in both converted (.ldif ) and native (.schema) formats, so we don’t have to convert it and can use ldapadd directly: $ sudo ldapadd −Q −Y EXTERNAL −H l d a p i : / / / −f / e t c / l d a p / schema / p p o l i c y . l d i f adding new e n t r y ” cn=p p o l i c y , cn=schema , cn=c o n f i g ” If the schema you want to add does not exist in LDIF format, a nice conversion tool that can be used is provided in the schema2ldif package. Logging Activity logging for slapd is very useful when implementing an OpenLDAP-based solution yet it must be manually enabled after software installation. Otherwise, only rudimentary messages will appear in the logs. Logging, like any other such configuration, is enabled via the slapd-config database. OpenLDAP comes with multiple logging levels with each one containing the lower one (additive). A good level to try is stats. The slapd-config man page has more to say on the different subsystems. Create the file logging . ldif with the following contents: dn : cn=c o n f i g changetype : modify r e p l a c e : o l c L o g L e v e l o l c L o g L e v e l : s t a t s Implement the change: sudo l d a p m o d i f y −Q −Y EXTERNAL −H l d a p i : / / / −f l o g g i n g . l d i f This will produce a significant amount of logging and you will want to throttle back to a less verbose level once your system is in production. While in this verbose mode your host’s syslog engine (rsyslog) may have a hard time keeping up and may drop messages: r s y s l o g d −2177: imuxsock l o s t 228 m es s ag es from p i d 2547 due t o r a t e −l i m i t i n g You may consider a change to rsyslog’s configuration. In /etc/rsyslog .conf, put: # D i s a b l e r a t e l i m i t i n g # ( d e f a u l t i s 200 me s sag es i n 5 s e c o n d s ; below we make t h e 5 become 0 ) $ S y s t e m L o g R a t e L i m i t I n t e r v a l 0 And then restart the rsyslog daemon: sudo s y s t e m c t l r e s t a r t s y s l o g . s e r v i c e Download 1.27 Mb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling