OpenLDAP Installation and Configuration in Ubuntu 12.10 Server / Debian 6
http://www.unixmen.com/openldap-installation-configuration-ubuntu-12-1013-0413-10-debian-67-2/
OpenLDAP Installation and Configuration in Ubuntu 12.10 Server / Debian 6
by SK
OpenLDAP is a free open source Light Weight Directory Access protocol developed by the OpenLDAP project. It is a platform independent protocol, so that it runs on all Linux/Unix like systems, Windows, AIX, Solaris and Android.
In this tutorial i am gonna to show you how to install and configure OpenLDAP server in Ubuntu 12.10 server. Though it is tested on Ubuntu 12.10, it may work on Debian too. In this how-to my testbox details are given below.
Operating System : Ubuntu 12.10 Server Hostname : server.unixmen.com IP Address : 192.168.1.200
Replace the above values with your own scenario.
Install OpenLDAP in Ubuntu 12.10 server
unixmen@server:~$ sudo apt-get install slapd ldap-utils
During the installtion it will ask the password for LDAP admin account. Enter your admin password here.
Re-enter the password.
Configure OpenLDAP
Open the “/etc/ldap/ldap.conf” file and find and edit the lines as shown below with your domain name and IP Address.
unixmen@server:~$ sudo vi /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=unixmen,dc=com URI ldap://192.168.1.200 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never # TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Run the Configuration assistant.
unixmen@server:~$ sudo dpkg-reconfigure slapd
The following screen should appear. Select “No” and press Enter.
Enter the DNS domain name.
Enter the Organization name(i.e your company name).
Enter the LDAP admin password which you created in the earlier step.
Re-enter the password.
Select the backend database.
Select Yes to delete the database automatically when we are planning to remove LDAP server.
.
Select Yes to move old database.
Select No and Press Enter.
LDAP server is up and running now.
Test LDAP server
Enter the following command “ldapsearch -x”, then you will have the following result.
unixmen@server:~$ ldapsearch -x # extended LDIF # # LDAPv3 # base <dc=unixmen,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # unixmen.com dn: dc=unixmen,dc=com objectClass: top objectClass: dcObject objectClass: organization o: unixmen dc: unixmen # admin, unixmen.com dn: cn=admin,dc=unixmen,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
LDAP Server Administration
Administration of LDAP server in command mode is quite difficult, so that here i have used a easier GUI administration tool called “phpldapadmin”.
Install phpldapadmin
unixmen@server:~$ sudo apt-get install phpldapadmin
Create a symbolic link for phpldapadmin directory.
unixmen@server:~$ sudo ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin
Now open the “/etc/phpldapadmin/config.php” file and replace the domain names with your own values. Goto “Define LDAP Servers” section in the config file and edit the following lines as shown below.
unixmen@server:~$ sudo vi /etc/phpldapadmin/config.php
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','Unixmen LDAP Server');
$servers->setValue('server','host','192.168.1.200');
$servers->setValue('server','base',array('dc=unixmen,dc=com'));
$servers->setValue('login','bind_id','cn=admin,dc=unixmen,dc=com');Restart the apache service.
unixmen@server:~$ sudo /etc/init.d/apache2 restart
Make sure that you have opened apache server port “80” and LDAP default port “389” in your firewall/router configuration.
unixmen@server:~$ sudo ufw allow 80 Rules updated Rules updated (v6) unixmen@server:~$ sudo ufw allow 389 Rules updated Rules updated (v6)
Now point your web browser with “http://192.168.1.200/phpldapadmin”. The following screen should appear.
Click “login” on the left pane and make sure the domain details are correct and enter ldap admin password which you have created in the previous steps and press “Authenticate”.
Now the main console screen of phpldapadmin will open. You can see the LDAP domain “unixmen.com” will be found there. Here you can add objects such as Organizational Unit, Users and groups etc.
Sample Configuration
Lets create some sample objects using phpldapadmin interface and check them whether they are presented in the LDAP server configuration.
Click on the “+” sign near the line “dc=unixmen” and click “Create new entry here” link.
Select “Generic-Organizational Unit” and enter the name of the Organizational unit(Ex.sales) and Click “Create Object”.
Click “Commit”.
Now the newly created OU will be found under the main ldap domain.
Click on the sales ou tree on the left pane and click on “Create a child entry”.
Select “Generic:Address book entry”. Enter firstname as “senthil”, last name as “kumar” and Common name(cn) as “senthil kumar” and click “Create Object”.
Click “Commit”.
Now the newly created user “senthil kumar” will be found under “sales” ou.
Also you can verify using the command “ldapsearch -x”.
unixmen@server:~$ ldapsearch -x # extended LDIF # # LDAPv3 # base <dc=unixmen,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # unixmen.com dn: dc=unixmen,dc=com objectClass: top objectClass: dcObject objectClass: organization o: unixmen dc: unixmen # admin, unixmen.com dn: cn=admin,dc=unixmen,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # sales, unixmen.com dn: ou=sales,dc=unixmen,dc=com objectClass: organizationalUnit objectClass: top ou: sales # senthil kumar, sales, unixmen.com dn: cn=senthil kumar,ou=sales,dc=unixmen,dc=com cn: senthil kumar givenName: senthil sn: kumar objectClass: inetOrgPerson objectClass: top # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4