Thursday, January 23, 2014

LDAP Configuration


Understanding LDAP
What is LDAP ?
LDAP stands for lightweight directory access protocol, a widely-accepted standard for locating organizations, individuals, and other resources such as files and devices in a network (public or private). The technology originated at the University of Michigan, and is endorsed by most leading companies worldwide. In the networking world, most major products (Cisco, Novell, etc.) are designed to work with LDAP and its organizing and locating services.
The Basic Need of LDAP
LDAP servers typically allow information to be read very quickly at the expense of writing. The basic functionality of an LDAP server is similar to that of a database, but more like a database designed for fast reads of relatively static information. Passwords and groups are good examples of relatively static information that needs to be read quickly. OpenLDAP is a free software implementation of the LDAP protocol. Installing OpenLDAP gives you everything needed to present and store data through LDAP.

LDAP Configuration

1. The LDAP RPM can be downloaded from the internet
The following command is used to install the LDAP package
 rpm –ihv

  Edit the configuration file
Use your favorite editor to edit the provided slapd.conf(5) example (usually installed as /usr/local/etc/openldap/slapd.conf) to contain a BDB database definition of the form:
database bdb
suffix "dc=<MY-DOMAIN>,dc=<COM>"
rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"
rootpw secret
directory /usr/local/var/openldap-data

Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. For example, for example.com, use:
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data

If your domain contains additional components, such as eng.uni.edu.eu, use:
database bdb
suffix "dc=eng,dc=uni,dc=edu,dc=eu"
rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"
rootpw secret
directory /usr/local/var/openldap-data

Details regarding configuring slapd(8) can be found in the slapd.conf(5) manual page and the The slapd Configuration File chapter of this document. Note that the specified directory must exist prior to starting slapd(8).
 
  1. Start SLAPD.
    You are now ready to start the Standalone LDAP Daemon, slapd(8), by running the command:
su root -c /usr/local/libexec/slapd

To check to see if the server is running and configured correctly, you can run a search against it with ldapsearch(1). By default, ldapsearch is installed as /usr/local/bin/ldapsearch:
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:
dn:
namingContexts: dc=example,dc=com

Details regarding running slapd(8) can be found in the slapd(8) manual page and the Running slapd chapter of this document.
 
  1. Add initial entries to your directory.
    You can use ldapadd(1) to add entries to your LDAP directory. ldapadd expects input in LDIF form. We'll do it in two steps:
  1. create an LDIF file
  2. run ldapadd

Use your favorite editor and create an LDIF file that contains:
dn: dc=<MY-DOMAIN>,dc=<COM>
objectclass: dcObject
objectclass: organization
o: <MY ORGANIZATION>
dc: <MY-DOMAIN>

dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
objectclass: organizationalRole
cn: Manager

Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. <MY ORGANIZATION> should be replaced with the name of your organization. When you cut and paste, be sure to trim any leading and trailing whitespace from the example.
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager

Now, you may run ldapadd(1) to insert these entries into your directory.
ldapadd -x -D "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" -W -f example.ldif

Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. You will be prompted for the "secret" specified in slapd.conf. For example, for example.com, use:
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif

where example.ldif is the file you created above.

Additional information regarding directory creation can be found in the Database Creation and Maintenance Tools chapter of this document.
 
  1. See if it works.
    Now we're ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example uses the ldapsearch(1) tool. Remember to replace dc=example,dc=com with the correct values for your site:
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

The Logs can be viewed in /var/log for entries added on the LDAP server

********** Debugging session beginning at: Tue Mar 11 04:36:28 2008

Arguments 1-2:
::ffff:10.5.5.15
389

Environment variables:
BASE=dc=example,dc=com
DEBUG=yes
FILTER=objectclass=dcObject
MANDATORYATTRS=yes
MON_TMPL_NAME=srinildap
NODE_IP=::ffff:10.5.5.15
NODE_PORT=389
PASSWORD=secret
SECURITY=none
USERNAME=cn=Manager,dc=example,dc=com
Host URL: ldap://[::ffff:10.5.5.15]:389
Up: 1 entries found.