Detail
In order to test ldap configurations in Aerospike, we often had to configure an ldap server.Please find below a basic openldap configuration file to get you started.
Answer
a) Sample LDAP server daemon config:
cat /etc/sysconfig/slapd # OpenLDAP server configuration # see 'man slapd' for additional information # Where the server will run (-h option) # - ldapi:/// is required for on-the-fly configuration using client tools # (use SASL with EXTERNAL mechanism for authentication) # - default: ldapi:/// ldap:/// # - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// SLAPD_URLS="ldapi:/// ldap:/// ldaps:///" # Any custom options #SLAPD_OPTIONS="" # Keytab location for GSSAPI Kerberos authentication #KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" TLSCACertificateFile="/etc/openldap/certs/myldap.field.aerospike.com.cert" TLSCertificateFile="/etc/openldap/certs/myldap.field.aerospike.com.cert" TLSCertificateKeyFile="/etc/openldap/certs/myldap.field.aerospike.com.key"
b) LDAP client config:
cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #TLS_CACERTDIR /etc/openldap/certs TLS_CACERT /etc/openldap/certs/myldap.field.aerospike.com.cert TLS_REQCERT allow # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on