Understanding LDAP
What is LDAP
?
LDAP stands for
lightweight directory access protocol, a widely-accepted standard for
locating organizations, individuals, and other resources such as
files and devices in a network (public or private). The technology
originated at the University of Michigan, and is endorsed by most
leading companies worldwide. In the networking world, most major
products (Cisco, Novell, etc.) are designed to work with LDAP and its
organizing and locating services.
The Basic
Need of LDAP
LDAP
servers typically allow information to be read very quickly at the
expense of writing. The basic functionality of an LDAP server is
similar to that of a database, but more like a database designed for
fast reads of relatively static information. Passwords and groups are
good examples of relatively static information that needs to be read
quickly. OpenLDAP
is a free software implementation of the LDAP protocol. Installing
OpenLDAP gives you everything needed to present and store data
through LDAP.
LDAP Configuration
1. The LDAP RPM
can be downloaded from the internet
The following
command is used to install the LDAP package
rpm
–ihv
Edit the configuration file.
Use your favorite
editor to edit the provided slapd.conf(5) example (usually
installed as /usr/local/etc/openldap/slapd.conf)
to contain a BDB database definition of the form:
database bdb
suffix "dc=<MY-DOMAIN>,dc=<COM>"
rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"
rootpw secret
directory /usr/local/var/openldap-data
suffix "dc=<MY-DOMAIN>,dc=<COM>"
rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"
rootpw secret
directory /usr/local/var/openldap-data
Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. For example, for example.com, use:
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
If your domain contains additional components, such as eng.uni.edu.eu, use:
database bdb
suffix "dc=eng,dc=uni,dc=edu,dc=eu"
rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"
rootpw secret
directory /usr/local/var/openldap-data
suffix "dc=eng,dc=uni,dc=edu,dc=eu"
rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"
rootpw secret
directory /usr/local/var/openldap-data
Details regarding configuring slapd(8) can be found in the slapd.conf(5) manual page and the The slapd Configuration File chapter of this document. Note that the specified directory must exist prior to starting slapd(8).
- Start SLAPD.
You are now ready to start the Standalone LDAP Daemon, slapd(8), by running the command:
su root -c
/usr/local/libexec/slapd
To check to see if the server is running and configured correctly, you can run a search against it with ldapsearch(1). By default, ldapsearch is installed as /usr/local/bin/ldapsearch:
ldapsearch -x -b ''
-s base '(objectclass=*)' namingContexts
Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:
dn:
namingContexts: dc=example,dc=com
namingContexts: dc=example,dc=com
Details regarding running slapd(8) can be found in the slapd(8) manual page and the Running slapd chapter of this document.
- Add initial entries to your directory.
You can use ldapadd(1) to add entries to your LDAP directory. ldapadd expects input in LDIF form. We'll do it in two steps:
- create an LDIF file
- run ldapadd
Use your favorite editor and create an LDIF file that contains:
dn:
dc=<MY-DOMAIN>,dc=<COM>
objectclass: dcObject
objectclass: organization
o: <MY ORGANIZATION>
dc: <MY-DOMAIN>
dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
objectclass: organizationalRole
cn: Manager
objectclass: dcObject
objectclass: organization
o: <MY ORGANIZATION>
dc: <MY-DOMAIN>
dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
objectclass: organizationalRole
cn: Manager
Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. <MY ORGANIZATION> should be replaced with the name of your organization. When you cut and paste, be sure to trim any leading and trailing whitespace from the example.
dn:
dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager
Now, you may run ldapadd(1) to insert these entries into your directory.
ldapadd -x -D
"cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" -W -f
example.ldif
Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain components of your domain name. You will be prompted for the "secret" specified in slapd.conf. For example, for example.com, use:
ldapadd -x -D
"cn=Manager,dc=example,dc=com" -W -f example.ldif
where example.ldif is the file you created above.
Additional information regarding directory creation can be found in the Database Creation and Maintenance Tools chapter of this document.
- See if it works.
Now we're ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example uses the ldapsearch(1) tool. Remember to replace dc=example,dc=com with the correct values for your site:
ldapsearch -x -b
'dc=example,dc=com' '(objectclass=*)'
The
Logs can be viewed in /var/log for entries added on the LDAP server
**********
Debugging session beginning at: Tue Mar 11 04:36:28 2008
Arguments
1-2:
::ffff:10.5.5.15
389
Environment
variables:
BASE=dc=example,dc=com
DEBUG=yes
FILTER=objectclass=dcObject
MANDATORYATTRS=yes
MON_TMPL_NAME=srinildap
NODE_IP=::ffff:10.5.5.15
NODE_PORT=389
PASSWORD=secret
SECURITY=none
USERNAME=cn=Manager,dc=example,dc=com
Host
URL: ldap://[::ffff:10.5.5.15]:389
Up:
1 entries found.
No comments:
Post a Comment