Professional Documents
Culture Documents
Please share
OpenLDAP is a free open source Light Weight Directory Access protocol developed by the
OpenLDAP project. It is a platform independent protocol, so that it runs on all Linux/Unix
like systems, Windows, AIX, Solaris and Android.
In this tutorial i am going to describe how to install and configure OpenLDAP in Ubuntu /
Debian server. Due to lack of resources and time, i tested this how-to only on Ubuntu
12.10/13.10 and Debian 7. I hope these steps will work on other version of Ubuntu and
Debian. If you have any issues, do let me know, i will check and update this how-to.
All steps must be done using ‘root’ user or you should use ‘sudo’ in-front of every command.
During the installation it will ask the password for LDAP admin account. Enter your admin
password here.
Re-enter the password.
Configure OpenLDAP
# vi /etc/ldap/ldap.conf
Find, uncomment and edit the lines as shown below with your domain name and IP Address.
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=unixmen,dc=com
URI ldap://server.unixmen.com ldap://server.unixmen.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
# dpkg-reconfigure slapd
The following screen should appear. Select “No” and press Enter.
Enter the LDAP admin password which you created in the earlier step.
Re-enter the password.
Enter the following command “ldapsearch -x”, then you will have the following result.
# ldapsearch -x
Sample output:
# extended LDIF
#
# LDAPv3
# base <dc=unixmen,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# unixmen.com
dn: dc=unixmen,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen
# admin, unixmen.com
dn: cn=admin,dc=unixmen,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
Administration of LDAP server in command mode is quite difficult, so that here i have used a
easier GUI administration tool called “phpldapadmin”.
Install phpLDAPadmin
phpLDAPadmin is a web-based LDAP administration tool for managing your LDAP server.
Using phpLDAPadmin, you can browse your LDAP tree, view LDAP schema, perform
searches, create, delete, copy and edit LDAP entries. You can even copy entries between
servers.
# ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin
and replace the domain names with your own values. Goto “Define LDAP Servers” section
in the config file and edit the following lines as shown below.
[...]
// Uncomment and set your timezone //
$config->custom->appearance['timezone'] = 'Asia/Kolkata';
[...]
// Set your LDAP server name //
$servers->setValue('server','name','Unixmen LDAP Server');
[...]
// Set your LDAP server IP address //
$servers->setValue('server','host','192.168.1.200');
[...]
// Set Server domain name //
$servers->setValue('server','base',array('dc=unixmen,dc=com'));
[...]
// Set Server domain name //
$servers->setValue('login','bind_id','cn=admin,dc=unixmen,dc=com');
[...]
# /etc/init.d/apache2 restart
Make sure that you have opened apache server port “80” and LDAP default port “389” in
your firewall/router configuration.
Test phpLDAPadmin
Now the main console screen of phpldapadmin will open. You can see the LDAP domain
“unixmen.com” will be found there. From here you can add objects such as Organizational
Unit, Users and groups etc.
Sample Configuration
Lets create some sample objects using phpldapadmin interface and check them whether they
are present in the LDAP server configuration.
Click on the “+” sign near the line “dc=unixmen” and click “Create new entry here” link.
Select “Generic-Organizational
Unit” and enter the name of the Organizational unit(Ex.sales) and Click “Create Object”.
And then click “Commit”.
Now the newly created OU will be found under the main ldap domain.
Create Group:
Click on the sales ou tree on the left pane and click on “Create a child entry” link.
In the
next window, Select “Generic: Posix Group”. Enter the name of the group and click Create
Object button. For example here i enter the group name as “sales-group”.
Create User:
Click on the sales-group on the left and select Create a child entry link button.
Select
“Generic: User Account”. Enter the user details such as common name, GID number, last
name, Login shell, user password and user id etc., as shown in the below screen shot and
click Create object. For example here i create a user called “kumar”.
And then Click “Commit” to save the changes.
Now the newly created user “kumar” will be found under “sales-group” object.
Also you can verify using the
command “ldapsearch -x”.
# ldapsearch -x
Sample output:
# extended LDIF
#
# LDAPv3
# base <dc=unixmen,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# unixmen.com
dn: dc=unixmen,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen
# admin, unixmen.com
dn: cn=admin,dc=unixmen,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# sales, unixmen.com
dn: ou=sales,dc=unixmen,dc=com
objectClass: organizationalUnit
objectClass: top
ou: sales
# search result
search: 2
result: 0 Success
# numResponses: 6
# numEntries: 5