OpenLDAPServer
Differences between revisions 1 and 12 (spanning 11 versions)
4283
Comment: initial creation of the page
|
← Revision 12 as of 2008-08-06 16:22:34 ⇥
58
converted to 1.6 markup
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= Introduction = LDAP means Lightweight Directory Access Protocol, it is a simplified version of X500 protocol. You will find a more detailed presentation [http://en.wikipedia.org/wiki/LDAP on Wikipedia]. To describe quickly, all informations are stored in a tree. You have to determine by yourself the directory arborescence (the Directory Information Tree: the DIT). We will begin with a basic tree with two nodes above the root : * "People" node where your users will be stored * "Groups" node where your groups will be stored You have to first determine what the root of your LDAP will be. By default, your tree will be determined by your internet domain. If your domain is example.com (we will use it in the above example), your root will be {{{dc=example,dc=com}}}. = Installation = First of all, install ldap daemon on the server : {{{ apt-get install slapd }}} Enter your domain as asked and the password that you want for the directory administrator. Only few changes will be operated on the default configuration. First set the root password in the configuration file (instead of in the directory): {{{ 8<-------------------------------------------- suffix "dc=example,dc=com" directory "/var/lib/ldap" rootdn "cn=admin,dc=example,dc=com" rootpw secret 8<-------------------------------------------- }}} = Populating LDAP = The directory has been created at the installation, now it is time to populate. It will be populated with a "classical" entry that will be compatible with directory (for example for a shared directory), with classical accounts (for a web application) and with Unix accounts (posix). LDAP directory can be feed with a ldif file (ldif means ldap directory interchange format). Here is an exemple : {{{ dn: dc=example,dc=com dc= example dn: ou=people,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: people dn: ou=groups,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: groups dn: ou=admin,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: admin dn: uid=lionel,ou=people,dc=example,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: lionel sn: Porcheron givenName: Lionel cn: Lionel Porcheron displayName: Lionel Porcheron uidNumber: 1000 gidNumber: 10000 gecos: Lionel Porcheron loginShell: /bin/bash homeDirectory: /home/lionel shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: lionel.porcheron@example.com postalCode: 31000 l: Toulouse o: Example mobile: +33 (0)6 xx xx xx xx homePhone: +33 (0)5 xx xx xx xx title: System Administrator postalAddress: initials: LP dn: cn=example,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: exemple gidNumber: 10000 displayName: Exemple Alveonet }}} In the example above, the directory structure, a user and group have been setup. Now, add it to the LDAP : * stop LDAP daemon: {{{sudo /etc/init.d/slapd stop}}} * delete the content that has been automaticaly added: {{{sudo rm -rf /var/lib/ldap/*}}} * add the content {{{sudo slapadd -l init.ldif }}} We can check that the content has been correctly added, but first add the ldap-utils package in order to execute search in the LDAP directory : {{{ sudo apt-get install ldap-utils ldapsearch -xLLL uid=lionel sn givenName cn dn: uid=lionel,ou=people,dc=example,dc=com cn: Lionel Porcheron sn: Porcheron givenName: Lionel }}} Just a quick explanation : * {{{-x}}} is because we do not use SASL authentication method (by default) * {{{-LLL}}} disable printing LDIF informations = And after = You have setup your LDAP directory, and now you have to use it. You can authenticate you clients on the directory as explained in ["LDAPClientAuthentication"] or use it in a web application. It can be also used as a shared address directory for your mail agent. Usage of LDAP are infinite ! = Links = [http://www.openldap.org OpenLDAP website] give you lot of informations [http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO/ LDAP HOWTO] ---- CategoryDocumentation |
#REFRESH 0 http://help.ubuntu.com/community/OpenLDAPServer |
OpenLDAPServer (last edited 2008-08-06 16:22:34 by localhost)