Owner: SANDEEP KUMAR JHA (NP000615)

2. Extended LDAP
2.1. Objective
DIT is a structure which is presented in a structural, tree-like hierarchy within the LDAP
database, and its full-form is “Directory Information Tree” (Burgess, 2004). Numerous DITs
could be administered via OpenLDAP. Generally, the qualities that characterize the Directory
Information Tree's foundation or root are Organizational(o) and (dc) domain component) (DIT).
The Directory Information Tree (DIT) and the default schema are the two features that come
with LDAP name services by default. User accounts, passwords, and shadow account
information are stored in a structure called ou=people. The ou=host container's outputs offer
information about the network's systems. One item would represent each of the object types
posixAccount and shadowAccount in the ou=people container. The default DIT, which adheres
to open standards, utilizes a well-organized directory structure.

Figure: Example of DIT

2.2. Setting Configurations
To create the 1st DIT or domain of the LDAP service using the "o=" format, we need to make

changes to the below mentioned ways:

 Figure: making changes to topclass-o.ldif

1. must create the second domain with the "dc=" format once the first DIT or domain has
been introduced to the system. - have accomplished it by editing the

Figure: editing topclass-dc. ldif

1. This code snippet targets the user who is accessing the LDAP service.
2. UsersNetB and UsersNetC consist of the same sections as UserNetA.

3. -The user account information has to be updated to use the same "dc=" format as the second
DIT. This may be done by making the following changes to the "etc/openldap/userdata.ldif"
file:

Figure: editing userdata-dc.ldif

Figure: editing userdata-dc.ldif

4. The first step is to halt the slapd service on the LDAP-Server since slapd will not start if any
of the databases in slapd.conf are not correctly set. We just employ this command to
stop LDAP. We shall use “KILL PROCESS” in HTOP since it might damage our database.

Figure: configuring OpenLDAP stop

5. In order to read the database in access mode auth should be changed to read, hence we need
to update the slapd.conf file. In order to support PLA, we need to set up anonymous access.
Modify dn = "cn=LDAPAdmin, dc=tinynet,dc=edu" in slapd.conf as previously.
 Figure: configuring slapd.conf
6. The database structure will be added as the next phase. To do this, there are two sets of tools:
a set of ldap commands to use while slapd is active, and a set of slap commands to use while
it is not. Let's continue to stop it:
All newly formed database files will be owned and sorted by the respective system account
when you enter chown ldap:ldap /var/ldapdata/dc_tinynet/* command. And ls -l for to retrieve
the command, modify it. Keep in mind that if you forget to do this and the database files are
owned by the incorrect person, slapd won't start and you'll see an error message like this,
which is often cryptic.
 Figure: configuring ls -l
7. The data may now be added. To change the slapadd command is given below. We will use
the ldapadd version of this command once the server is up and running at the bottom of the
page.

8. The following queries may also be attempted: Enter the first one completely, and then press
[Up-Arrow] to retrieve and alter it.
 Figure: description of user
The user's description on nets A, B, and C is depicted in the image above.
 Figure: description of user on the net-A
The details about user are on nets A which is shown in the screenshot above
The first DIT is searched in LDAP. Results for the given search are displayed in the above graph.
 As can see, if you don't give any criteria, the LDAP client will assume that you want to
search across all object classes in your directory tree. Make careful to execute your LDAP search
privately since if you use the administrator account, you could see user-encrypted passwords.
Configuring Dovecot
9. Now the setup for the Dovecot service shall be configured in order to use the LDAP
functionalities. We may accomplish this by modifying the /etc/dovecot/dovecot.conf file and
uncommenting the following portion of code:

Figure: copying file name

This snippet short both sides of the MC, I have copied and renamed the file names from
using [Function key F5].

11. The LDAP address should be replaced with the localhost address in /etc/dovecot/dovecot-
ldap.conf.

Figure: editing ldap-dn_dc.dbconf file

 Figure: saving file in ldap-dn_dc.dbconf
12. To do this, we may change the /etc/dovecot/dovecot.conf file and uncomment the coding as
seen below.
 Figure: uncommenting dovecot-auth.conf
Now we need to configure the web server at first Set up config svr ldap.php so that LDAP is
used by SquirrelMail.
 Figure: adding user to ldap_server

Figure: copying file ldap-dn_dc

Then, in the * Next Server section of /var/www/ldapadmin/config/config.php, uncomment the
redundant lines to make use of the new DIT.
 Figure: uncommenting next server
Once done, I have stopped and restarted the Web-Server to apply the updated settings, then
checked in my internet browser.

Obstacles 
 
No obstacles were faced while performing Extended LDAP.
 

References
Burgess, M. (2004). Principles of Network and System Administration (2nd ed. Wiley.