Thursday, July 15, 2010

Installing OpenLDAP on Ubuntu JeOS

OpenLDAP Installation

Provision a new Virtual Machine called Test OpenLDAP 1 with the static IP address 192.168.56.3. See Ubuntu JeOS Virtual Appliances in VirtualBox on provisioning Virtual Machines.

Install OpenLDAP by running the following command:
sudo apt-get install slapd ldap-utils
The default settings on Ubuntu uses the new OpenLDAP Run-time Configuration to store the LDAP configuration in LDIF format. To configure LDAP do the following:
  1. Stop OpenLDAP and delete the default Ubuntu configuration by running the following:
    sudo /etc/init.d/slapd stop

    sudo rm -fr /etc/ldap/slapd.d  
    sudo mkdir /etc/ldap/slapd.d
  2. Covert the ppolicy.schema file to LDIF format by doing the following from a command prompt:
    mkdir /tmp/ldif_output

    echo 'include /etc/ldap/schema/ppolicy.schema' > /tmp/schema_convert.conf

    slapcat -f /tmp/schema_convert.conf -F /tmp/ldif_output -n0 \
    -s "cn={0}ppolicy,cn=schema,cn=config" > /tmp/ppolicy.ldif
    Modify /tmp/ppolicy.ldif as follows:
    vim /tmp/ppolicy.ldif

    dn: cn=ppolicy,cn=schema,cn=config
    cn: ppolicy
    Remove the following (including any blank lines) from /tmp/ppolicy.ldif:
    structuralObjectClass: olcSchemaConfig
    entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757
    creatorsName: cn=config
    createTimestamp: 20080826021140Z
    entryCSN: 20080826021140.791425Z#000000#000#000000
    modifiersName: cn=config
    modifyTimestamp: 20080826021140Z
    Move the new ppolicy into place:
    sudo mv /tmp/ppolicy.ldif /etc/ldap/schema
  3. The backend.ldif file will configure the LDAP server as well as create the configuration for the example database. Think of it as an LDIF version of the old slapd.conf file. Create a new file called /home/test/backend.ldif and add the contents of backend.ldif to the file.

  4. Add the new backend configuration to OpenLDAP by running the following from a command prompt:
    sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l /home/test/backend.ldif
    sudo chown -R openldap:openldap /etc/ldap/slapd.d
  5. The example.ldif file will hold the test directory. Create a new file called /home/test/example.ldif and add the contents of the example.ldif to the file.

  6. Test the LDIF by doing a dry run using the following command:
    sudo slapadd -v -u -c -l /home/test/example.ldif
  7. The following shows what a successful output should look like:
    added: "dc=example,dc=com"
    added: "cn=users,dc=example,dc=com"
    added: "cn=groups,dc=example,dc=com"
    added: "cn=system,dc=example,dc=com"
    added: "uid=test1,cn=users,dc=example,dc=com"
    added: "uid=test2,cn=users,dc=example,dc=com"
    added: "cn=Admin1,cn=groups,dc=example,dc=com"
    added: "uid=mirrormode,cn=system,dc=example,dc=com"
    added: "uid=bind,cn=system,dc=example,dc=com"
  8. If the above was successful run the following command to populate the LDAP directory with the sample data:
    sudo slapadd -q -v -l /home/test/example.ldif
    sudo slapindex -q -v
    sudo chown -R openldap:openldap /var/lib/ldap
  9. Start OpenLDAP in interactive mode to ensure that the configuration is working properly:
    sudo slapd -d config -h "ldap:/// ldapi:///" -g openldap -u openldap
  10. If the above worked properly terminate it the process with CTRL-C and start OpenLDAP in daemon mode by running:
    sudo /etc/init.d/slapd start

Apache Directory Studio

Apache Directory Studio can be used to test the new LDAP server. Apache Directory Studio can be downloaded from here: http://directory.apache.org/studio.

Install it on the Host Operating System by downloading and extracting the archive where you would like it to be installed on the system. I usually create an opt directory in my home directory and extract it there.

Launch Apache Directory Studio:
/home/{username}/opt/ApacheDirectoryStudio/ApacheDirectoryStudio
Configure Apache Directory Studio as follows:
  1. Click the New Connection button located in the Connections Tab.

  2. Enter the following connection settings:

    • Connection Name: Test OpenLDAP 1
    • Hostname: 192.168.56.3
    • Port 389
    • Encryption method: No encryption

  3. Enter the following Authentication settings:

    • Bind DN or user: dc=example,dc=com
    • Bind password: test

  4. On the browser options screen, click Fetch Base DNs. dc=example,dc=com should be found as a base DN.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)