LDAP Server installation and Configuring directory (OpenLDAP Linux)

 

 

 LDAP  Server installation and Configuring directory (OpenLDAP Linux)

 ________________________________________

Follow us on Facebook

Follow us on Google+

________________________________________

 

Présentation:

LDAP server is a database in which information is recorded in the form of a hierarchical tree.

Vérification :

   rpm -q openldap

suppression:

   rpm -e openldap

 

Installation

 

installation from Computer :

   rpm  -ivh openldap

 

installation from Internet:


    yum install openldap



Configuration:

 

We'll just configure the bare minimum for ldap works. We will come back to finish it later conf

So you have to edit the file / etc / ldap / slapd.conf

find rows 

# The base of your directory in database #1
suffix          "blabla"

and replace with

# The base of your directory in database #1
suffix          "dc=domain,dc=net"

By convention we put the same suffix as the dns ldap. As for now we do not have the domain name I took Braveo mdl29

We will activate your account in the ldap admin with the password "password" Note that we keep the good suffix is easier

still in the file / etc / ldap / slapd.conf

rootdn  "cn=admin,dc=domain,dc=net"
rootpw  password

Pabon the password is not clear is terrible we will sha hashed in a console you type

slappasswd -h {sha}

it will ask you the password and reapply

New password: 
Re-enter new password:


if you put password as the password it should give you

{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

You copy the line and paste it into the rootpw slapd.conf file after giving

rootdn  "cn=admin,dc=domain,dc=net"
rootpw  {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

Well, now you'll have to replace all occurrences or appears "cn = admin, dc = lallal" with "cn = admin, dc = domain, dc = net"

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=domain,dc=net" write
        by anonymous auth
        by self write
        by * none


which changes the rights to the ldap userPassword for fields and shadowLastChange. admin has full access, it can read and write the owner can also change their own field and finally no access to the rest of the world

and finally we allow everyone to read the ldap

access to *
        by dn="cn=admin,dc=admin,dc=net" write
        by * read


We'll do a little test connection. On the server we will restart the LDAP so that they take into account our changes.

/etc/init.d/slapd restart


then we will do a search in the ldap connecting with the ldap admin account

ldapsearch -D "cn=admin,dc=domain,dc=net" -x -W


There is one but it does not give error. LDAP works

Now we will add fields in ldap. To do this we will modify the schema by adding the latest version of the qmail.schema It is available at  LDAP

 Must copy it into the directory / etc / ldap / schema.

Then it must be declared in the file / etc / ldap / slapd

after the block is available

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

Must add a line

include         /etc/ldap/schema/qmail.schema

save and reboot
creating users

well our LDP works but it is empty. We'll fill it with a file in ldif format. for example braveo.ldif

er user here has more information than is needed, but it serves to illustrate the content of a ldap

dn: dc=domain,dc=net
objectClass: organizationalUnit
objectClass: dcobject
dc: mdl29
ou: mdl29


dn: ou=Users,dc=mdl29,dc=net
objectClass: organizationalUnit
ou: Users


dn: ou=groups,dc=mdl29,dc=net
objectClass: organizationalUnit
ou: groups


dn: ou=Fonctions,dc=mdl29,dc=net
objectClass: organizationalUnit
ou: Fonctions


dn: ou=Associations,dc=mdl29,dc=net
objectClass: organizationalUnit
ou: Associations

dn: uid=42,ou=Users,dc=mdl29,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectclass: qmailuser
mailhost: mail1.mdl29.net
cn: bjensen
displayName: Babs Jensen
sn: Jensen
givenName: Barbara
initials: BJJ
uid: 42
mail: bjensen@mdl29.net
telephoneNumber: +1 408 555 1862
facsimileTelephoneNumber: +1 408 555 1992
mobile: +1 408 555 1941
roomNumber: 0209
carLicense: 6ABC246
o: Siroe
ou: Product Development
departmentNumber: 2604
employeeNumber: 42
employeeType: full time
preferredLanguage: fr, en-gb;q=0.8, en;q=0.7
userPassword: 123456
labeledURI: http://www.siroe.com/users/bjensen My Home Page

must stop ldap

/etc/init.d/slapd stop
 
delete the file ldap
 
rm -rf /var/lib/ldap/*
 
then populate the ldap
 
slapadd -l braveo.ldif 
 
change the permissions on the directory ldap
 
chown -R openldap:openldap /var/lib/ldap/   

ldap start

/etc/init.d/slapd start
 
 
to test

ldapsearch-x-jensen@domain.net mail = bdc = domain, dc = net-h localhost                                               



 LDAP  Server installation and Configuring directory (OpenLDAP Linux)






 





Libellés : , , , ,