The Directory Server app is where you can view and manage your LDAP server settings. If you plan on connecting external applications to access your ClearOS directory, you can control access and find LDAP connection information.
If your system does not have this app available, you can install it via the Marketplace.
You can find this feature in the menu system at the following location:
In the settings widget, the following parameters can be configured:
The mode is shown for convenience only – the setting is part of the Master Slave Synchronization app.
There are two security policies that can be configured:
<note warning>In the interest of security it is always better to use the secure ldaps:// in preference to ldap://. As such it is unlikely that you will want to use the Non-secure options and it is not advised.</note>
<note tip>You can check to see which IP's and ports LDAP is listening on with
netstat -npl | grep slapd
General directory information is shown to help you connect external applications to the ClearOS directory.
<note warning> The bind information and password listed here is critical and sensitive and should be protected. </note>
<note tip>If you are trying to access LDAP from the LAN or externally using LDAPS on TCP port 636, you may need to import the LDAP CA certificate from/etc/openldap/certs/clearos-ca-cert.pem into your client</note>
Webconfig uses the LDAP Directory transparently for many functions. For the most part, adding users, creating groups, setting passwords or changing information about the server will modify the directory in all the ways you need it to without needing to manually enter records.
<note warning> Modifying data in your LDAP directory can break functionality of ClearOS and make it unsupportable! Please be very careful. </note>
You can also use command line tools to manage the directory. For these examples we will use the following data:
A simple search will reveal our entire LDAP directory.
ldapsearch -h localhost -b "dc=clearos,dc=lan" \ -D "cn=manager,ou=internal,dc=clearos,dc=lan" \ -s sub "objectclass=*" -x -w gbGKD86gEWXLYNRm
You can also limit the results to include only specific information. For example, the following show all the groups on the system:
ldapsearch -h localhost -b "dc=clearos,dc=lan" \ -D "cn=manager,ou=internal,dc=clearos,dc=lan" \ -s sub "objectclass=GroupOfNames" -x -w gbGKD86gEWXLYNRm