How to setup an OpenLDAP server on Debian or Ubuntu

Rumi,

Most enterprises use LDAP as interface to their company structure database. In the Microsoft world is Active Directory the implementation for LDAP. Under Linux is OpenLDAP the common choice for admins. Such LDAP directories are tree based. OpenLDAP is the reference implementation for LDAP v3.

The JNDI API inside the Java SDK is usable as implementation to access such LDAP directories. With Spring LDAP is more sophisticated API available.

My first code sample works in the company against their OpenLDAP server. For security reasons is the access not possible from outside. So my JUNIT Tests was code red after running in my homeoffice. Maven standard is to run all test prior to build a package like a J2EE war or ear file. So i decided to setup a OpenLDAP server inside my ubuntu 8.10 server vmware server vm.

First step is to retrieve and install the openldap package as root:

 

  • sudo su –
  • apt-get install slapd ldap-utils nmap php5-ldap db4.2-util

You have to set a password during installation for the OpenLDAP server. Keep that in mind!
Now run the configuration assistant:

 

  • dpkg-reconfigure slapd

Wizard steps:

  1. omit openldap server configuration? – no
  2. dns domain name? vm.example.org
  3. organization name? myCompany
  4. database backend to use? hdb
  5. do you want the database to be removed when slapd is purged? yes
  6. may be the question: move old database? yes
  7. administrator password? the same one as entered during installation
  8. confirm password? see last step
  9. allow LDAPv2 protocol? no

Now edit the /etc/ldap/ldap.conf file for the client side configuration:

 

ldap_version 3
URI ldap://localhost:389
SIZELIMIT 0
TIMELIMIT 0
DEREF never
BASE dc=vm,dc=example, dc=org

With the command “ldapsearch -x” you should see the following output:

 

# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# vm.example.org
dn: dc=vm,dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: myCompany
dc: vm

# admin, vm.example.org
dn: cn=admin,dc=vm,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

For easier admininstration exist a php admin ui called phpldapadmin and can be installed with:

 

  • apt-get install phpldapadmin
  • ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin

Open now the config file /etc/phpldapadmin/config.php with joe (a editor) and change the line with the ldap node info to:

 

view plaincopy to clipboardprint?

  1. /* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin 
  2.    auto-detect it for you. */  
  3. $ldapservers->SetValue($i,'server','base',array('dc=vm,dc=example,dc=org'));  
  4. …  
  5. $ldapservers->SetValue($i,'login','dn','cn=admin,dc=vm,dc=example,dc=org');  

Check your PHP5 memory settings in /etc/php5/apache2/php.ini:

 

memory_limit = 64M      ; Maximum amount of memory a script may consume (16MB)

Restart the apache to use this changed configuration

 

  • /etc/init.d/apache2 restart

and go to:

 

http://your.vm.ip/phpldapadmin

Click on the login link on the left side and enter as “login dn”:

 

  • cn=admin,dc=vm,dc=example,dc=org

and your password in mind. First step is now to enter a “organisational unit”:

  • click on the left side on the link beside the world icon “dc=vm…”
  • click on “create a child entry here”
  • choose “organisational unit” as template
  • enter “people” and click on “create object”
  • click on this new orginsational unit people in the tree
  • click on “create a child entry here”
  • choose “Address Book Entry (mozillaOrgPerson)” as template
  • enter “John” as “first name”
  • enter “Doe” as “last name”
  • go to common name (cn) and enter “John Doe”
  • click on “create object”

Now check with “ldapsearch -x” if everything is ok:

 

# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# vm.example.org
dn: dc=vm,dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: myCompany
dc: vm

# admin, vm.example.org
dn: cn=admin,dc=vm,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# people, vm.example.org
dn: ou=people,dc=vm,dc=example,dc=org
objectClass: organizationalUnit
objectClass: top
ou: people

# John Doe, people, vm.example.org
dn: cn=John Doe,ou=people,dc=vm,dc=example,dc=org
objectClass: inetOrgPerson
objectClass: top
givenName: John
sn: Doe
cn: John Doe

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

Your LDAP server is now running and you can easily configure it inside your favorite browser.

 

 

 

 

 

 

 

Src: http://ralf.schaeftlein.de/2009/02/04/howto-setup-a-openldap-server-for-ubuntu-810/

Configurations (Linux)

Leave a Reply

Your email address will not be published. Required fields are marked *