== Configure LDAP == These instructions assume that the FQDN is console.geni.net and that (based on FQDN) LDAP DN base is '''dc=geni,dc=net'''. [[TOC(WiMAX/dSite*)]] === Setting up LDAP server === 1. Create file '''/etc/ssl/geni-site-ca.info" with: {{{ cn = GENI WiMAX Company ca cert_signing_key }}} 1. Create file '''/etc/ssl/geni-site-console.info''' with (please change console.geni.net to match your FQDN): {{{ organization = Example Company cn = console.geni.net tls_www_server encryption_key signing_key expiration_days = 3650 }}} 1. Execute the following command to create SSL certificates: {{{ /usr/sbin/create_ldap_certificates.sh }}} 1. Create LDIF file for our newly created certificates in the file named /etc/ssl/geni-cer-info.ldif: {{{ dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/console_slapd_cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/console_slapd_key.pem }}} and then execute: {{{ ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/geni-cert-info.ldif }}} 5. Fix the configuration for newly create LDAP for phpldapadmin: {{{ edit /etc/phpldapadmin/config.php and change dc=example,dc=com to dc=geni,dc=net $servers->setValue('server','base',array('dc=geni,dc=net')); $servers->setValue('login','bind_id','cn=admin,dc=geni,dc=net'); }}} 1. Point the Firefox web browser to http:///phpldapadmin. Set password for group admin user (add attribute -> Password -> set password -> update object) 1. Make sure you can access the service with admin credentials: {{{ ldapsearch -x -b "dc=geni,dc=net" "objectClass=organizationalRole" ldapsearch -x -b "dc=geni,dc=net" "objectClass=organizationalUnit" ldapsearch -x -b "dc=geni,dc=net" "objectclass=organizationalUnit" ldapsearch -x -b "dc=geni,dc=net" "objectClass=posixGroup" ldapsearch -x localhost -D "cn=admin,dc=geni,dc=net" -W -b "dc=geni,dc=net" uid=* }}}