26.6. Securing OpenLDAP

Don't forget to immunize important configuration files. The immutable bit can be used to prevent one from accidentally deleting or overwriting a file that must be protected. It also prevents someone from creating a symbolic link to this file. Once your slapd.conf file has been configured, it's a good idea to immunize it with command like:


               [root@deep] /# chattr +i /etc/openldap/slapd.conf
             

Further documentation, for more details there are several man pages you can read:

ldapd(8)

LDAP X.500 Protocol Daemon

ldapdelete(1)

ldap delete entry tool

ldapfilter.conf(5)

configuration file for LDAP get filter routines

ldapfriendly(5)

data file for LDAP friendly routines

ldapmodify, ldapadd(1)

ldap modify entry and ldap add entry tools

ldapmodrdn(1)

ldap modify entry RDN tool

ldappasswd(1)

change the password of an LDAP entry

ldapsearch(1)

ldap search tool

ldapsearchprefs.conf(5)

configuration file for LDAP search preference routines

ldaptemplates.conf(5)

configuration file for LDAP display template routines

ldif(5)

LDAP Data Interchange Format

slapd(8)

Stand-alone LDAP Daemon

slapd.conf(5)

configuration file for slapd, the stand-alone LDAP daemon

slurpd(8)

Standalone LDAP Update Replication Daemon

ud(1)

interactive LDAP Directory Server query program