Scribd
Upload
105 views4 pages

LDAP Server Howto: Install The Packages

In my previous ldap server howto we used 8.04 Hardy Heron. Things have changed quite a bit since then, so I have updated my procedure. The configuration example in the following sections will match the domain name of the server.

Uploaded by

Edwin
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
105 views4 pages

LDAP Server Howto: Install The Packages

In my previous ldap server howto we used 8.04 Hardy Heron. Things have changed quite a bit since then, so I have updated my procedure. The configuration example in the following sections will match the domain name of the server.

Uploaded by

Edwin
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

In my previous LDAP server howto we used 8.04 Hardy Heron.

Things have changed quite a bit


since then, so I have updated my procedure. Most of this is ajust a reproduction of the Ubuntu Doc's
page for LDAP (See references at the end of the article for a link)

PLATFORM:
* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:
* A standard vanilla Ubuntu 10.04 server install.
* An NFS server exporting the users home directorys

Network overview;
* domain name: example.com
* ldap-server 10.1.1.5

Install The Packages

We want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP
management utilities:

sudo apt-get install slapd ldap-utils

Notes:
By default slapd is configured with minimal options needed to run the slapd daemon.

The configuration example in the following sections will match the domain name of the
server. For example, if the machine's Fully Qualified Domain Name (FQDN) is
ldap.example.com, the default suffix will be dc=example,dc=com.

Populating the server


Notes:
OpenLDAP uses a separate directory which contains the cn=config Directory
Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd
daemon, allowing the modification of schema definitions, indexes, ACLs, etc without
stopping the service.

The backend cn=config directory has only a minimal configuration and will need
additional configuration options in order to populate the frontend directory. The
frontend will be populated with a "classical" scheme that will be compatible with
address book applications and with Unix Posix accounts. Posix accounts will allow
authentication to various applications, such as web applications, email Mail Transfer
Agent (MTA) applications, etc.

* For external applications to authenticate using LDAP they will each need to be
specifically configured to do so. Refer to the individual application documentation for
details.

* Remember to change dc=example,dc=com in the following examples to match your


LDAP configuration.
First, some additional schema files need to be loaded. In a terminal enter:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f


/etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f
/etc/ldap/schema/inetorgperson.ldif

Next, create an LDIF file

vi ~/backend.ldif

With the following contents;

# Load dynamic backend modules


dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=tuxnetworks,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=tuxnetworks,dc=com
olcRootPW: mypassword
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by
dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by
self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by *
read
* Change olcRootPW: mypassword to a password of your choosing.

* Change dc=example,dc=com to suit your own domain details.

Now add the LDIF to the directory:


sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif

The frontend directory is now ready to be populated. Create a frontend.ldif file

vi ~/frontend.ldif

Enter the following contents, once again making the necessary changes to suit your own network:

# Create top-level object in domain


dn: dc=tuxnetworks,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Tuxnetworks
dc: Tuxnetworks
description: LDAP Server

# Admin user.
dn: cn=admin,dc=tuxnetworks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: mypassword

dn: ou=people,dc=tuxnetworks,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=tuxnetworks,dc=com
objectClass: organizationalUnit
ou: groups

dn: uid=brettg,ou=people,dc=tuxnetworks,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: brettg
sn: Glasson
givenName: Brett
cn: Brett Glasson
displayName: Brett Glasson
uidNumber: 1000
gidNumber: 10000
userPassword: mypassword
gecos: Brett Glasson
loginShell: /bin/bash
homeDirectory: /home/brettg
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: [email protected]
postalCode: 31000
l: Melbourne
o: tuxnetworks
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: BG

dn: cn=users,ou=groups,dc=tuxnetworks,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
Notes:
In this example the directory structure, a user, and a group have been setup. In other
examples you might see the objectClass: top added in every entry, but that is the default
behaviour so you do not have to add it explicitly.

Add the entries to the LDAP directory:

sudo ldapadd -x -D cn=admin,dc=tuxnetworks,dc=com -W -f


frontend.ldif

We can check that the content has been correctly added with the ldapsearch utility. Execute a search
of the LDAP directory:

ldapsearch -xLLL -b "dc=tuxnetworks,dc=com" uid=brettg sn


givenName cn

Which should return something like this;

dn: uid=brettg,ou=people,dc=,dc=com
cn: Brett Glasson
sn: Glasson
givenName: Brett

Next, you should go ahead and install phpLDAPadmin, add Samba support or configure a client

References:
Ubuntu Docs

You might also like