Wednesday, November 5, 2008

LDAP server on Debian ETCH




INSTALLATION
apt-get install slapd ldap-utils libldap-2.4-2 libdb4.6

During installion it will ask you questions like passwd or domain name (it did not ask my installation)
Administrator password: password
Confirm password: password

CONFIGURATION

Client side : (Remember same system is serving as client and server.)
Edit /et/ldap/ldap.conf

BASE dc=fizaan, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldap://10.0.2.15

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never


Server Configuration

These Schemas by default are included, if not make sure they are included.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema


Change the log level from 0 to 256

loglevel 256

Data base, you can change if you want different. I m using default.

database bdb

Your domain name, be default
# The base of your directory in database #1
suffix "dc=fizaan,dc=com"

rootdn you will use to access the ldap server, the passwd I changed using slappasswd
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=fizaan,dc=com"
rootpw {MD5}gdyb21LQTcIANtvYMT7QVQ==


Index options, I added index uid eq, you can add more e.g index gid eq
index objectClass eq
index uid eq


CHANGING OWNERSHIP AND RESTART OF SERVER.

sudo invoke-rc.d slapd stop
sudo slapindex
sudo chown openldap:openldap /var/lib/ldap/*
sudo invoke-rc.d slapd start


TESTING LDAP SERVER
type ldapsearch -x, it will show you all ldap entries.

ldap:/home/imran# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# fizaan.com
dn: dc=fizaan,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: fizaan.com
dc: fizaan
.
.


CREATING BASIC DIRECTORY STRUCTURE

Create a file /var/tmp/ou.ldif with these, it will add two organizational unit under you top level domain, add by following command.

ldap:/home/imran# slapadd -c -v -l /var/tmp/ou.ldif

dn: ou=People,dc=fizaan,dc=com
ou: People
objectClass: organizationalUnit

dn: ou=Group,dc=fizaan,dc=com
ou: Group
objectClass: organizationalUnit



CREATION OF USERS/POPULATING DIRECTORY

Create a file with following information, of users and add it with this command
ldap:/home/imran# ldapadd -c -x -D cn=admin,dc=fizaan,dc=com -W -f /var/tmp/user1.ldi


dn: cn=aanish,ou=group,dc=fizaan,dc=com
cn: aanish
gidNumber: 20002
objectClass: top
objectClass: posixGroup

dn: uid=aanish,ou=people,dc=fizaan,dc=com
uid:aanish
uidNumber: 20002
gidNumber: 20002
cn:Aanish
sn:Imran
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/aanish


TESTING OF ADDED USERS
ldap:/home/imran# ldapsearch -x uid=aanish
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=aanish
# requesting: ALL
#

# aanish, people, fizaan.com
dn: uid=aanish,ou=people,dc=fizaan,dc=com
uid: aanish
uidNumber: 20002
gidNumber: 20002
cn: Aanish
sn: Imran
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/aanish

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
ldap:/home/imran#


CLIENT TOOL
1) luma
apt-get install luma
after installation, on command prompt type luma, it will be started.
First add you ldap server by clicking Setting, Edit serve list and ADD, give IP address of your server. After adding the server give the authentication credentials.
(see above Fig1)

2) phpldapadmin is a web based Graphical tool, you can install very easily
apt-get install phpldapadmin

In browser write address of server and login with credential
User :cn=admin,dc=fizaan,dc=com
Passwd:1234
(see above Fig2)

Reference
Ldap Install
Debian ldap