LDAP Server

Posted byShailesh Posted onAugust 4, 2011 Comments0

LDAP- Light Weight Directory Access Protocol. It determines how an object in an Active directory should be named. LDAP is a proposed open standard for accessing global or local directory services over a network and/or the Internet.

 

 

 

 

Here the simplest way to Install LDAP Server

phpldapadmin

install ldap server ( openldap)
install nss_ldap
######################Start Global Addressbook####################

# yum install openldap

#yum install nss_ldap

i.e
openldap-2.3.19-4
openldap-servers-2.3.19-4
openldap-devel-2.3.19-4
openldap-clients-2.3.19-4


####copy /etc/openldap/DB_CONFIG.example  to /var/lib/ldap/DB_CONFIG ####

#cp /etc/openldap/DB_CONFIG.example  /var/lib/ldap/DB_CONFIG

#chmod 700 /var/lib/ldap/DB_CONFIG

#chown ldap:ldap /var/lib/ldap/*

####open /etc/openldap/ldap.conf ####

#vi /etc/openldap/ldap.conf

should be
_________________________
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
BASE dc=hplindia,dc=com
URI    ldap://ldap.hplindia.com:389
HOST   192.168.0.22
_______________________________

#vi /etc/openldap/slapd.conf  -------- active line

suffix         "dc=hplindia,dc=com"
rootdn         "cn=Manager,dc=hplindia,dc=com"
rootpw         {SSHA}RzhjmGbSchkL2ti3j1g7rpQ5KkDxur6g
_________________

#slappasswd    < passwd encryption tool >


>>>>>

#slaptest -u   < tool to test config file slapd.conf >


>>>>
The LDAP service should now be set at the appropriate runlevels and checked to ensure they are 
set correctly.

[bash]# chkconfig --level 345 ldap on
[bash]# chkconfig --list ldap


The service can now be started and the logs should be viewed for any configuration or 
initialisation errors.

[bash]# /etc/init.d/ldap restart
[bash]# tail /var/log/messages 
>>>



Address Book Entries



[bash]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

####Output Should be ####

# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts

dn:
namingContexts: dc=example,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


The following LDIF file will create the hierarchical directory service structure that we 
will be using for our address book.The first entry is that of the base directory and the 
second entry is for the Manager's (administrator) account.The last two entries are the 
two organisational units that we will use to store the authorised users 
(for adding security later) and the address book entries.

The bolded entries should be changed to suit your configuration requirements.



[bash]# vi /etc/openldap/addressbook.ldif

dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Home LDAP Server
dc: example

dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager

dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit

dn: ou=addressbook,dc=example,dc=com
ou: addressbook
objectClass: top
objectClass: organizationalUnit


Using the "ldapadd" command we can enter the LDIF contents into the server, creating our 
initial directory scheme.



[bash]# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f /etc/openldap/addressbook.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "cn=Manager,dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "ou=addressbook,dc=example,dc=com"


The following LDAP search is requesting a listing of all entries starting from the base 
"dc=example,dc=com". This should return all of the entries that where added in the previous step.

[bash]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

# example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Home LDAP Network
dc: example

# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager

# users, example.com
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit

# addressbook, example.com
dn: ou=addressbook,dc=example,dc=com
ou: addressbook
objectClass: top
objectClass: organizationalUnit


Now that we have defined and imported our directory scheme, we are able to create user entries 
to populate the addressbook.The following is a simple example LDIF entry for a contact.

The first line (dn:) designates where about in the directory the entry will belong when its 
imported, this should be 
changed to suit your needs.

[bash]# vi newcontact.ldif

dn:cn=Tom Thumb,ou=addressbook,dc=example,dc=com
cn: Tom Thumb
gn: Tom
sn: Thumb
mail: tom.thumb@somedomain.com
objectClass: top
objectClass: inetOrgPerson


The contents of the LDIF file can be added into the directory service using the "ldapadd" 
command below.

The standard access controls for the server defines that everyone can read the directory 
entries, but only the manager (administrator) can write to the directories. To add the 
LDIF file the manager is authenicating on the command line with 
the "-D 'cn=Manager,dc=example,dc=com' -W" string.

[bash]# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f newcontact.ldif
Enter LDAP Password:
adding new entry "cn=Tom Thumb,ou=addressbook,dc=example,dc=com"


Now that the first entry has been successfully added to the directory server, the file can be
 copied so more entries can be added. Alternatively, extra entries can be added to the same 
file ensuring that a blank line is used to separate each different entry.

3268 389

#######Admin Panel For LDAP GLOBAL ADDRESSBOOK #######

#tar -xvf phpldapadmin-0.9.8.5.tar

#cp phpldapadmin-0.9.8.5 /var/www/html/phpldapadmin

#cd /var/www/html/phpldapadmin/config/

#cp config.php.example config.php


outlook-tools-accounts-Directory Service-add-directory service-IP(X.X.X.X)-yes-finish-property 
on new Director-advanced-Search Base(dc=example,dc=com)-Port(389)

New Mail To:vivek (ctrl+k) [Serching]  

 

Happy To Help You ….Genowin Technologies

Category

Leave a Comment