AACLS Download and quick install guide

In order to use AACLS backend, you'll have to:

• Download OpenLDAP server package at OpenLDAP version 2.2.23
• Download the corresponding AACLS OpenLDAP patches here

Once you have retrieved the two packages, untar them and apply AACLS patches to the OpenLDAP server source-tree using command (in OpenLDAP source root):

patch -p1 < ../patch-0.7

Configure the package activating aacls backend, using command :

./configure --enable-aacls [your other options] 

If you have trouble with install.sh script, upgrade your autoconf tool and regenerate the configure script with

autoconf

touch build/install.sh

Compile and install the package :

 make depend && make && make install 

Once the package is successfully built and installed, you have to configure the OpenLDAP server.

The OpenLDAP configuration file is located in

$prefix/etc/openldap/slapd.conf

In order to activate the aacls backend, you will have to add the following lines to the configuration file :

• Tells slapd to use the aacls interface :

  database        aacls

• Tells slapd the database suffix

  suffix          "dc=openldap,dc=org" 

• Tells slapd which DN to use for accessing the real LDAP server (un-access controlled)

  binddn          "cn=admin,dc=openldap,dc=org" 

• The password for the above DN

  bindpw          "xxxxxxxx" 

• The base DN where the ACL are stored in the real LDAP server

  base            "ou=AACL,dc=openldap,dc=org"

• The real LDAP server address and port to connect to.

  uri             ldap://ldap-orig:389/ 

Once the configuration file is customised at your wish, you can start the OpenLDAP server with the following command line:

$prefix/bin/slapd -f $prefix/etc/openldap/slapd.conf