Basic OpenLdap Tutorial
Uploaded by
Haldar RajarshiBasic OpenLdap Tutorial
Uploaded by
Haldar Rajarshifollow the steps described below for openldap installation as and configurations 1.
Installationinstall the following rpms from fedora cd/dvd. It will be best if you make a yum repo before installation that way you can avoid any dependency error during installations install the following rpms openldap-xx.rpm openldap-clients-xxxx.rpm openldap-servers-xxx.rpm openldap-devel-xxx.rpm x = version numbers 2. configurations There are two catagories of commands a. offline commands: these command are used when ldap server service is not running. e.g. slapadd/slapcat etc b. online commands : these command are used when ldap server service is running. e.g. ldapadd/ldapmodify/ldapdelete/ldapsearch etc Remember one thing ldap is a protocol and openldap is a software that implements ldap protocol. it actually holds all the objects of your domain e.g. printers/users/organistational units of the domain. Another important point is that ldap holds its data like a tree. e.g. lets say the domain abc.com contains 2 ou (organistational units) sales.abc.com and tech.abc.com. Now sales.abc.com contains 2 users x and y. Similarly tech.abc.com contains 2 users m and n. refer to the pic1.jpg. In ldap terms we will call abc.com as dc=abc,dc=com tech.abc.com as ou=tech,dc=abc.com sales.abc.com as ou=sales,dc=abc,dc=abc,dc=com x as dn: cn=x, ou=sales, dc=abc,dc=com here dc : domain component ou : organisational unit cn: common name (basically full name) sn : surname
uid : user id now let us implement this abc.com domain in openldap few important directories /etc/openldap/ : contains openldap configurations files /var/lib/ldap/ : contains databases of data which is added to openldap via ldapadd/slapadd command ----now follow the steps below cd /etc/openldap/ cp slapd.conf slapd.conf.bak vim slapd.conf database suffix rootdn rootpw bdb "dc=abc,dc=com" "cn=Manager,dc=abc,dc=com" password
remember to remove the space before rootpw. $$$$$$$$$$$$$$$$$$$$$ here Manager is our ldap administrator. adminstrator has the privilage to read/write/modify/delete any data. now start ldap service /etc/init.d/ldap start add root domain for this we will create a file named abc.ldif ( name and extension has no effect but it is standard to maintain ldif extension). enter attributes of root domain one per line as described below. vim abc.ldif dn: dc=abc,dc=com dc: cms description: Root LDAP entry for cms objectClass: dcObject objectClass: organizationalUnit
objectClass: domainRelatedObject ou: rootObject save and exit now create another 2 files for sales (sales.ldif) and tech (tech.ldif) vim sales.ldif dn: dc=sales,dc=abc,dc=com dc: sales description: organisational unit of sales Department objectClass: dcObject objectClass: organizationalUnit objectClass: domainRelatedObject ou: rootObject save and exit vim tech.ldif dn: dc=tech,dc=abc,dc=com dc: tech description: orgainsational unit of tech Department objectClass: dcObject objectClass: organizationalUnit objectClass: domainRelatedObject ou: rootObject save and exit now create another 2 files for user x and a vim x.ldif dn: cn=x,dc=sales,dc=abc,dc=com cn: x sn: x objectClass: top objectClass: person objectClass: posixAccount objectClass: inetOrgPerson mail: x@abc.com uid: x uidNumber: 1000 gidNumber: 1000
homeDirectory: /home/x userPassword: pass$123 save and exit vim a.ldif dn: cn=a,dc=tech,dc=abc,dc=com cn: a sn: a objectClass: top objectClass: person objectClass: posixAccount objectClass: inetOrgPerson mail: a@abc.com uid: a uidNumber: 10001 gidNumber: 1000 homeDirectory: /home/a userPassword: pass$123 save and exit now we will add these data to ldap. a. add root domain ldapadd -x -W -D "cn=Manager,dc=abc,dc=com" -f abc.ldif it will ask for password. enter "password" as password. b. add sales ou. ldapadd -x -W -D "cn=Manager,dc=abc,dc=com" -f sales.ldif it will ask for password. enter "password" as password. c. add tech ou. ldapadd -x -W -D "cn=Manager,dc=abc,dc=com" -f tech.ldif it will ask for password. enter "password" as password. d. add user x. ldapadd -x -W -D "cn=Manager,dc=abc,dc=com" -f x.ldif it will ask for password. enter "password" as password.
e. add user a. ldapadd -x -W -D "cn=Manager,dc=abc,dc=com" -f a.ldif it will ask for password. enter "password" as password. now our ldap is holding the domain abc.com and it's objects. now we can use this database to authenticate any service. let us search for data ldapsearch -x -b "dc=abc,dc=com" "(uid=*)" ldapsearch -x -b "dc=abc,dc=com" "(uid=x)"
