In this article I will be covering how to install and configure basic OpenLDAP. Many people have asked me regarding this and yes there are many tutorials available on internet. No one is bound to use or follow this article.
I have tried to make things as easy as possible in covering all aspects of this subject.
Lets Start...
Basic Assumptions:
root@diglinux.com:~# apt-get update
I have tried to make things as easy as possible in covering all aspects of this subject.
Lets Start...
Basic Assumptions:
- We will be using freshly installed Ubuntu Server 10.04.2 LTS.
- We will be using root account to install and configure OpenLDAP and related services.
- We will be using "diglinux.com" as our Domain.
- Admin user for managing OpenLDAP structure will be "Admin".
- Password for Admin user will be "diglinux".
- Internet is properly configured and working on the machine that we will be configuring OpenLDAP.
root@diglinux.com:~# apt-get update
root@diglinux.com:~# apt-get install slapd ldap-utils
Package "slapd" is used to install OpenLDAP on Ubuntu and package "ldap-utils" installs some useful scripts to play around with LDAP without restarting LDAP server.
Step2: Importing Basic LDAP Schema
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
By default OpenLDAP comes with some basic predefined data types, by importing these schemas we add more data types are more often used.
Step3: Creating Basic Backend OpenLDAP Structure
Here we will be creating the basic back-end structure for out OpenLDAP Server.
First we will create a file, you can name it what ever you want, here I will name it as "diglinux.backend.ldif"
root@diglinux.com:~# vim diglinux.backend.ldif
Now copy and paste below lines in this file. Make sure that you replace "diglinux" with your domain and password with the password that you want to set.
--------------------------------------------------------------------------------------------------
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=diglinux,dc=com
olcRootDN: cn=Admin,dc=diglinux,dc=com
olcRootPW: diglinux
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Admin,dc=diglinux,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Admin,dc=diglinux,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=Admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: diglinux
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
Package "slapd" is used to install OpenLDAP on Ubuntu and package "ldap-utils" installs some useful scripts to play around with LDAP without restarting LDAP server.
Step2: Importing Basic LDAP Schema
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
By default OpenLDAP comes with some basic predefined data types, by importing these schemas we add more data types are more often used.
Step3: Creating Basic Backend OpenLDAP Structure
Here we will be creating the basic back-end structure for out OpenLDAP Server.
First we will create a file, you can name it what ever you want, here I will name it as "diglinux.backend.ldif"
root@diglinux.com:~# vim diglinux.backend.ldif
Now copy and paste below lines in this file. Make sure that you replace "diglinux" with your domain and password with the password that you want to set.
--------------------------------------------------------------------------------------------------
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=diglinux,dc=com
olcRootDN: cn=Admin,dc=diglinux,dc=com
olcRootPW: diglinux
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Admin,dc=diglinux,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Admin,dc=diglinux,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=Admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: diglinux
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
--------------------------------------------------------------------------------------------------
Once this file is created, you will need to import this in LDAP to create basic structure and add LDAP Admin User.
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f diglinux.backend.ldif
Step4: Creating Basic OU Structure
Here we will be creating two basic OU's. This is pretty much like default in OpenLDAP, almost all tutorials on internet plays around with the same OU's.
You can change them as per your needs, but remember whatever you create here, you should have a good idea what you are doing.
We will create a file, you can name it what ever you want, here I will name it as "diglinux.ou.ldif"
Now copy and paste below lines in this file. Make sure that you replace "diglinux" with your domain and password with the password that you want to set.
--------------------------------------------------------------------------------------------------
Once this file is created, you will need to import this in LDAP to create basic structure and add LDAP Admin User.
root@diglinux.com:~# ldapadd -Y EXTERNAL -H ldapi:/// -f diglinux.backend.ldif
Step4: Creating Basic OU Structure
Here we will be creating two basic OU's. This is pretty much like default in OpenLDAP, almost all tutorials on internet plays around with the same OU's.
You can change them as per your needs, but remember whatever you create here, you should have a good idea what you are doing.
We will create a file, you can name it what ever you want, here I will name it as "diglinux.ou.ldif"
Now copy and paste below lines in this file. Make sure that you replace "diglinux" with your domain and password with the password that you want to set.
--------------------------------------------------------------------------------------------------
# Tree root
dn: dc=diglinux,dc=com
objectClass: dcObject
objectclass: organization
o: diglinux
dc: diglinux
description: Tree root
# Creating Admin User
dn: cn=Admin,dc=diglinux,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: diglinux
description: LDAP administrator
# Creating an OU named "people"
dn: ou=people,dc=diglinux,dc=com
ou: people
objectClass: organizationalUnit
objectClass: top
# Creating an OU named "groups"
dn: ou=groups,dc=diglinux,dc=com
ou: groups
objectClass: organizationalUnit
objectClass: top
#Adding a test user name "diglinux"
dn: uid=diglinux,ou=people,dc=diglinux,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: diglinux
sn: com
givenName: DigLinux
cn: DigLinux
displayName: DigLinux
uidNumber: 1002
gidNumber: 1000
userPassword: diglinux
gecos: DigLinux
loginShell: /bin/bash
homeDirectory: /home/diglinux
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: info@diglinux.com
postalCode: 31000
l: Karachi
o: diglinux
mobile: +92 123 1234567
homePhone: +92 123 1234567
title: System Administrator
postalAddress:
initials: DL
--------------------------------------------------------------------------------------------------
Make sure that you make required changes in this file. Once all changes are done, save and exit.
Now its time to import these settings.
root@diglinux.com:~# ldapadd -x -D "cn=Admin,dc=diglinux,dc=com" -W -f diglinux.backend.ldif
Once you execute this command, this will ask for a password. And in our backend file we set the password as "diglinux", if you have changed the password, you will need to enter the same password here.
Now if everything goes fine and without any errors, you should have a running OpenLDAP server with basic structure.
You can verify this by using JXplorer a free windows based utility for managing OpenLDAP. This application can be downloaded from http://www.jxplorer.org/
Below is the snapshot of JXplorer connection settings to connect to LDAP server.
 |
| JXplorer Connection Settings |
0 comments:
Post a Comment