Red Hat Enterprise Linux 5 Administration Unleashed

276CHAPTER 12Identity ManagementStarting and Stopping the LDAP ServerAs previously mentioned, to start the LDAP server daemon, slapd, execute service ldapstart as root.The following commands can also be run from the initialization script in the formatservice ldap :. configtest: Test for common configuration errors.. start: Start slapd.. stop: Stop slapd.. status: Show whether the service is running.. restart: Stop and then start slapd.. condrestart: If slapd is already running, restart it. Otherwise, do nothing.Be sure to execute chkconfig ldap on as root to make sure the daemon is started automaticallyat boot time.Connecting to the LDAP ServerClients wishing to connect to an OpenLDAP server must have the openldap-clients andnss_ldap packages installed. These clients can run the available remote OpenLDAP utilitiessuch as ldapadd and ldapsearch. They can also connect to the directory from a userendapplication such as the Evolution email application.To configure a Red Hat Enterprise Linux system as an LDAP client, configure the followingoptions in /etc/openldap/ldap.conf and /etc/ldap.conf (replace withthe IP address of the LDAP server):URI ldap:///BASE dc=example,dc=comIf TLS encryption is to be used, also add the following line to /etc/openldap/ldap.confand copy the certificate files in the defined directory:TLS_CACERTDIR /etc/openldap/cacertsTIPAdditional options for ldap.conf can be found in the ldap.conf man page.To use LDAP for login user authentication, edit /etc/nsswitch.conf as root and add ldapto the passwd, shadow, and group lines:passwd: files ldapshadow: files ldapgroup: files ldap