Using an OpenLDAP Server with the Configuration Manager

To use an OpenLDAP server as the repository for the Configuration Manager data, the schema of the server must be extended to feature the object classes and attributes used to store configuration data. A custom schema file named apoc.schema can be found in the openldap subdirectory of the Configuration Manager deployment tool provided in the Java Desktop System Management Tools CD.

This file must be copied in the schema subdirectory of the OpenLDAP configuration directory (/etc/openldap) and added to the OpenLDAP schema by including it in the slapd.conf file located in that directory. This is done by inserting a line that reads include /etc/openldap/schema/apoc.schema at the end of the sequence of schema includes that are present in that file. For more information on extending the schema of an OpenLDAP server, refer to the server's manual.

In order to prepare the OpenLDAP database to store configuration data, the deployment tool provided with the Configuration Manager must be used. The schema having already been extended by the previous step of the installation, only the createServiceTree script needs to be run. The script must be started from the deployment tool directory as any user by the following command: ./createServiceTree. The script prompts the user for the information about the OpenLDAP database as indicated in the deployment tool section of this document. A default mapping file using typical object classes and attributes featured in OpenLDAP is provided in the openldap subdirectory of the deployment tool. The file is called OrganisationalMapping and can be deployed by copying it over the file with the same name in the main deployment tool directory prior to launching createServiceTree.

The Configuration Manager Agent will try and connect to the OpenLDAP server anonymously by providing the DN of the user it requires data for, but no password. This mode of anonymous authentication can be disabled by default in some releases of OpenLDAP servers, in which case it must be enabled by adding a line reading allow bind_anon_cred in the common server parameters defined in the file slapd.conf located in the OpenLDAP configuration directory (/etc/openldap). For more information on that parameter, refer to the server's manual.