LDAP Server
LDAP- Light Weight Directory Access Protocol. It determines how an object in an Active directory should be named. LDAP is a proposed open standard for accessing global or local directory services over a network and/or the Internet.
Here the simplest way to Install LDAP Server
phpldapadmin
install ldap server ( openldap)
install nss_ldap
######################Start Global Addressbook####################
# yum install openldap
#yum install nss_ldap
i.e
openldap-2.3.19-4
openldap-servers-2.3.19-4
openldap-devel-2.3.19-4
openldap-clients-2.3.19-4
####copy /etc/openldap/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG ####
#cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#chmod 700 /var/lib/ldap/DB_CONFIG
#chown ldap:ldap /var/lib/ldap/*
####open /etc/openldap/ldap.conf ####
#vi /etc/openldap/ldap.conf
should be
_________________________
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
BASE dc=hplindia,dc=com
URI ldap://ldap.hplindia.com:389
HOST 192.168.0.22
_______________________________
#vi /etc/openldap/slapd.conf -------- active line
suffix "dc=hplindia,dc=com"
rootdn "cn=Manager,dc=hplindia,dc=com"
rootpw {SSHA}RzhjmGbSchkL2ti3j1g7rpQ5KkDxur6g
_________________
#slappasswd < passwd encryption tool >
>>>>>
#slaptest -u < tool to test config file slapd.conf >
>>>>
The LDAP service should now be set at the appropriate runlevels and checked to ensure they are
set correctly.
[bash]# chkconfig --level 345 ldap on
[bash]# chkconfig --list ldap
The service can now be started and the logs should be viewed for any configuration or
initialisation errors.
[bash]# /etc/init.d/ldap restart
[bash]# tail /var/log/messages
>>>
Address Book Entries
[bash]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
####Output Should be ####
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
dn:
namingContexts: dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
The following LDIF file will create the hierarchical directory service structure that we
will be using for our address book.The first entry is that of the base directory and the
second entry is for the Manager's (administrator) account.The last two entries are the
two organisational units that we will use to store the authorised users
(for adding security later) and the address book entries.
The bolded entries should be changed to suit your configuration requirements.
[bash]# vi /etc/openldap/addressbook.ldif
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Home LDAP Server
dc: example
dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit
dn: ou=addressbook,dc=example,dc=com
ou: addressbook
objectClass: top
objectClass: organizationalUnit
Using the "ldapadd" command we can enter the LDIF contents into the server, creating our
initial directory scheme.
[bash]# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f /etc/openldap/addressbook.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "cn=Manager,dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "ou=addressbook,dc=example,dc=com"
The following LDAP search is requesting a listing of all entries starting from the base
"dc=example,dc=com". This should return all of the entries that where added in the previous step.
[bash]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
# example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Home LDAP Network
dc: example
# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
# users, example.com
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit
# addressbook, example.com
dn: ou=addressbook,dc=example,dc=com
ou: addressbook
objectClass: top
objectClass: organizationalUnit
Now that we have defined and imported our directory scheme, we are able to create user entries
to populate the addressbook.The following is a simple example LDIF entry for a contact.
The first line (dn:) designates where about in the directory the entry will belong when its
imported, this should be
changed to suit your needs.
[bash]# vi newcontact.ldif
dn:cn=Tom Thumb,ou=addressbook,dc=example,dc=com
cn: Tom Thumb
gn: Tom
sn: Thumb
mail: tom.thumb@somedomain.com
objectClass: top
objectClass: inetOrgPerson
The contents of the LDIF file can be added into the directory service using the "ldapadd"
command below.
The standard access controls for the server defines that everyone can read the directory
entries, but only the manager (administrator) can write to the directories. To add the
LDIF file the manager is authenicating on the command line with
the "-D 'cn=Manager,dc=example,dc=com' -W" string.
[bash]# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f newcontact.ldif
Enter LDAP Password:
adding new entry "cn=Tom Thumb,ou=addressbook,dc=example,dc=com"
Now that the first entry has been successfully added to the directory server, the file can be
copied so more entries can be added. Alternatively, extra entries can be added to the same
file ensuring that a blank line is used to separate each different entry.
3268 389
#######Admin Panel For LDAP GLOBAL ADDRESSBOOK #######
#tar -xvf phpldapadmin-0.9.8.5.tar
#cp phpldapadmin-0.9.8.5 /var/www/html/phpldapadmin
#cd /var/www/html/phpldapadmin/config/
#cp config.php.example config.php
outlook-tools-accounts-Directory Service-add-directory service-IP(X.X.X.X)-yes-finish-property
on new Director-advanced-Search Base(dc=example,dc=com)-Port(389)
New Mail To:vivek (ctrl+k) [Serching]
Happy To Help You ….Genowin Technologies
Category