Install on Ubuntu 8.04
If you want to run LDAP server on Ubuntu 8.04 you will need to install several programs. slapd and ldap-utils. Use apt-get as root or with sudo for these two programs and it will also install all the dependencies.
# apt-get install slapd ldap-utils
This series of articles will help you understand the benefits of LDAP as well as implementation of LDAP.
LDAP Basics for Ubuntu 8.04
LDAP Server for Ubuntu 8.04
LDAP Client for Ubuntu 8.04
During the installation process you will be asked to supply a password for the Administrator.
After the initial password that you create, whenever you need to create passwords use the slappasswd application which will create an encrypted password for you.
Create a root Password:
# slappasswd
New password:
Re-enter new password:
{SSHA}k1wLLf+cCUArjAt2BuFGe6OYdSiayIZd
For example, if you needed to create a new password for admin user you would use slappasswd and then copy the password that was created and insert it in your /etc/ldap/slapd.conf.
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=example,dc=com"
rootpw {SSHA}k1wLLf+cCUArjAt2BuFGe6OYdSiayIZd
Preparation to Start LDAP
Before starting LDAP you must set your database type for Database #1, the suffix for your domain, set your rootdn, rootdn password and the directory location for you files. Note that example.com is the domain that is used here.
Edit /etc/ldap/slapd.conf and make the necessary changes.
database hdb
suffix "dc=example,dc=com"
rootdn "cn=admin,dc=example,dc=com"
rootpw {SSHA}k1wLLf+cCUArjAt2BuFGe6OYdSiayIZd
directory "/var/lib/ldap"
You will also need to edit the BASE location in your ldap.conf file.
Edit /etc/ldap/ldap.conf
BASE dc=example,dc=com
Add Information to the Tree
In order to use slapadd, slapcat or slapindex the directory must be stopped to preserve the database integrity. Here is the command:
/etc/init.d/slapd stop
Add your init.ltif
Before you can add your init.ltif you need to remove the old directories.
# rm -rf /var/lib/ldap/*
Configure your init.ltif
Here is the init.ltif File
Create this file so you may add the content for your system.
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: Example Dot Com
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: {SSHA}k1wLLf+cCUArjAt2BuFGe6OYdSiayIZd
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=fsmith,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: fsmith
sn: Smith
givenName: Fred
cn: Fred Smith
displayName: Fred Smith
uidNumber: 1001
gidNumber: 1001
userPassword: {SSHA}w5tiDXpVXOWr4cCujbrqUNdlUX+wYPY0
gecos: Fred Smith
loginShell: /bin/bash
homeDirectory: /home/fsmith
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
initials: FS
Add the init.ltif file to LDAP system
# slapadd -l init.ldif
Note that this program must be run as root, however, the server, due to security concerns, runs as the ldap user. Therefore, once you add an ldif file you must change the ownership of the /var/lib/ldap directory.
Change Permissions
chown -R openldap:openldap /var/lib/ldap/
Modify tcp_wrappers
If you are using tcp_wrappers, which you should be, you will need to provide an entry so that your slapd server is available.
Edit tcp_wrappers /etc/hosts.allow
SSHD: ALL
SLAPD: ALL
Start the LDAP Server
# /etc/init.d/slapd start
Note that this program must be run as root, however, the server, due to security concerns, runs as the ldap user. Therefore, once you add an ldif file you must change the ownership of the /var/lib/ldap directory.
Change Permissions
# chown -R openldap:openldap /var/lib/ldap/
Verify that the server started by checking port 389 which is the default port.
netstat -aunt
You should see the port listening like so.
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
Test Your Database
# ldapsearch -xLLL -b "dc=example,dc=com" '(objectclass=*)'
-x perform simple bind (do not use SASL authentication)
LLL do not print
-b "dc=example,dc=com" defines the DN where the search will begin
'(objectclass=*)' search filter, matches any value in objectclass
Example Output:
This example output is from the LDIF file that was created and added above.
ldapsearch -xLLL -b "dc=example,dc=com" '(objectclass=*)'
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: Example Dot Com
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=fsmith,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: fsmith
sn: Smith
givenName: Fred
cn: Fred Smith
displayName: Fred Smith
uidNumber: 1001
gidNumber: 1001
gecos: Fred Smith
loginShell: /bin/bash
homeDirectory: /home/fsmith
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
initials: FS
| < Prev | Next > |
|---|
