Networks and System Administration related stuff. Linux and Windows servers administration material and tutorials.
Wednesday, November 5, 2008
LDAP server on Debian ETCH
INSTALLATION
apt-get install slapd ldap-utils libldap-2.4-2 libdb4.6
During installion it will ask you questions like passwd or domain name (it did not ask my installation)
Administrator password: password
Confirm password: password
CONFIGURATION
Client side : (Remember same system is serving as client and server.)
Edit /et/ldap/ldap.conf
BASE dc=fizaan, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldap://10.0.2.15
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
Server Configuration
These Schemas by default are included, if not make sure they are included.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
Change the log level from 0 to 256
loglevel 256
Data base, you can change if you want different. I m using default.
database bdb
Your domain name, be default
# The base of your directory in database #1
suffix "dc=fizaan,dc=com"
rootdn you will use to access the ldap server, the passwd I changed using slappasswd
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=fizaan,dc=com"
rootpw {MD5}gdyb21LQTcIANtvYMT7QVQ==
Index options, I added index uid eq, you can add more e.g index gid eq
index objectClass eq
index uid eq
CHANGING OWNERSHIP AND RESTART OF SERVER.
sudo invoke-rc.d slapd stop
sudo slapindex
sudo chown openldap:openldap /var/lib/ldap/*
sudo invoke-rc.d slapd start
TESTING LDAP SERVER
type ldapsearch -x, it will show you all ldap entries.
ldap:/home/imran# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# fizaan.com
dn: dc=fizaan,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: fizaan.com
dc: fizaan
.
.
CREATING BASIC DIRECTORY STRUCTURE
Create a file /var/tmp/ou.ldif with these, it will add two organizational unit under you top level domain, add by following command.
ldap:/home/imran# slapadd -c -v -l /var/tmp/ou.ldif
dn: ou=People,dc=fizaan,dc=com
ou: People
objectClass: organizationalUnit
dn: ou=Group,dc=fizaan,dc=com
ou: Group
objectClass: organizationalUnit
CREATION OF USERS/POPULATING DIRECTORY
Create a file with following information, of users and add it with this command
ldap:/home/imran# ldapadd -c -x -D cn=admin,dc=fizaan,dc=com -W -f /var/tmp/user1.ldi
dn: cn=aanish,ou=group,dc=fizaan,dc=com
cn: aanish
gidNumber: 20002
objectClass: top
objectClass: posixGroup
dn: uid=aanish,ou=people,dc=fizaan,dc=com
uid:aanish
uidNumber: 20002
gidNumber: 20002
cn:Aanish
sn:Imran
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/aanish
TESTING OF ADDED USERS
ldap:/home/imran# ldapsearch -x uid=aanish
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=aanish
# requesting: ALL
#
# aanish, people, fizaan.com
dn: uid=aanish,ou=people,dc=fizaan,dc=com
uid: aanish
uidNumber: 20002
gidNumber: 20002
cn: Aanish
sn: Imran
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/aanish
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
ldap:/home/imran#
CLIENT TOOL
1) luma
apt-get install luma
after installation, on command prompt type luma, it will be started.
First add you ldap server by clicking Setting, Edit serve list and ADD, give IP address of your server. After adding the server give the authentication credentials.
(see above Fig1)
2) phpldapadmin is a web based Graphical tool, you can install very easily
apt-get install phpldapadmin
In browser write address of server and login with credential
User :cn=admin,dc=fizaan,dc=com
Passwd:1234
(see above Fig2)
Reference
Ldap Install
Debian ldap
Subscribe to:
Posts (Atom)