zfs create ship/r-ldap mkdir /mnt/ship/r-ldap/openldap mkdir /mnt/ship/r-ldap/openldap-data chown -R 389:389 /mnt/ship/r-ldap/openldap-data
export JAIL=r-ldap export JAILHOSTNAME=ldap export JAILDOMAIN=beyondbell.com export JAILIP=78 export JAILUSER=r export JAILUSERID=2002 export JAILUSERVNC=false /root/FreeBSD/jails/create.sh $JAIL $JAILHOSTNAME $JAILDOMAIN $JAILIP $JAILUSER $JAILUSERID $JAILUSERVNC iocage fstab -a $JAIL /mnt/ship/r-ldap/openldap /usr/local/etc/openldap nullfs rw 0 0 iocage fstab -a $JAIL /mnt/ship/r-ldap/openldap-data /var/db/openldap-data nullfs rw 0 0 iocage fstab -l $JAIL iocage exec $JAIL "pkg install -y openssl" iocage exec $JAIL "pkg install -y -r pkgp121 openldap-sasl-server openldap-sasl-client" iocage exec $JAIL "pkg lock -y openldap-sasl-server" iocage exec $JAIL "pkg lock -y openldap-sasl-client" iocage exec $JAIL "sysrc slapd_enable=YES" iocage exec $JAIL "sysrc slapd_flags='-h "ldapi://%2Fvar%2Frun%2Fopenldap%2Fldapi/ ldap:/// ldaps:///"'" # The above config entry needs to entered manually for now - too many quotes iocage exec $JAIL "sysrc slapd_sockets=/var/run/openldap/ldapi" iocage exec $JAIL "service slapd start"
Debugging:
/usr/local/libexec/slapd -Tt
/usr/local/libexec/slapd -d1
ldapsearch -x -W -D cn=Manager,dc=beyondbell,dc=com
ldapsearch -x -H ldap://ldap.beyondbell.com
ldapsearch -x -H ldaps://ldap.beyondbell.com
ldapsearch -h localhost -D cn=Manager,dc=beyondbell,dc=com -b dc=infra -W
ldapsearch -h ldap.beyondbell.com -D cn=Manager,dc=beyondbell,dc=com -b dc=infra -W
//
#first time
slappasswd -h '{SHA}'
nano /usr/local/etc/openldap/slapd.conf
#include all non wip schema
#Uncomment back_mdb and back_ldap
suffix "dc=beyondbell,dc=com"
rootdn "cn=Manager,dc=beyondbell,dc=com"
#add SHA password from previous command
rootpw {SHA}...
logfile /var/log/slapd.log
loglevel 256
//