LDAP: Light-weight Directory Access Protocol
Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
LDAP is the collection of following packages:
1. Transport Layer Security2. Simple Authentication and Security Layer3. Kerberos Authentication Service4. Database Software 5. Threads6. TCP Wrappers
slapd is an LDAP directory server that runs on many different platforms. slapd is a version 3 of LDAP, supports LDAP over both IPv4 and IPv6 and Unix PC.
Following are the some of the advantages of using SLDAP.
1. slapd supports Unicode and language tags.
2. slapd can be configured to restrict access at the socket layer based on network topology.
3. slapd comes with a variety of databases: BDB and HDB are two.
4. multiple databases can be configured.
5. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.
6. These two pieces communicate via a well-defined C API, we can write a customized modules which extend slapd in numerous ways.
Here is the installation guide for setting up a basic LDAP server:
Install the openldap packages using yum:
# yum install openldap-servers
Add the following lines to /etc/sysconfig/iptables file:
# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
Restart the firewall:
# service iptables restart
Make sure service can run:
# service slapd start
Make sure service is not running:
# service slapd stop
Prepare customized configuration file in slapd.example.conf:
# cp /etc/openldap/slapd.conf.bak slapd.example.conf
Generate root password for LDAP cn=config configuration:
# slappasswd
"{SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN".
Modify the defaults in /etc/openldap/slapd.conf:
# vim /etc/openldap/slapd.conf
rootpw {SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN
"cn=admin,dc=example,dc=com".
"dc=example,dc=com".
Install the package:
# yum install openldap-clients
Configure the clients through /etc/openldap/ldap.conf. Providing base DN is not necessary as it is dc=example,dc=com by default. However, default URI refers to localhost which has to be changed.
BASE dc=example, dc=com
URI ldap://127.0.0.1
This section provides content of initial LDAP database in LDIF format.
Create example.com.ldif file with the following content:
# cd /etc/openldap/
# vim example.com.ldif
# Root entry
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
Create admin.example.com.ldif file with the following content:
# vim admin.example.com.ldif
# Admin DN
dn: cn=admin,dc=example,dc=com
objectclass: organizationalRole
cn: admin
Create users.example.com.ldif file with the following content:
#vim users.example.com.ldif
# Base DN for users
dn: ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: users
Create groups.example.com.ldif file with the following content:
# vim groups.example.com.ldif
# Base DN for groups
dn: ou=groups,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: groups
This section can be used repeatedly to re-set configuration, re-initialize LDAP content and start over again.
Make sure service is not running:
# service slapd stop
Clean up configuration:
# rm -rf /etc/openldap/slapd.d/*
Clean up content:
# rm -rf /var/lib/ldap/*
Copy the file:
# cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Initialize DB files for content in /var/lib/ldap directory:
# echo "" | slapadd -f /etc/openldap/slapd.example.conf
Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory:
# slaptest -f /etc/openldap/slapd.example.conf -F /etc/openldap/slapd.d
Initialize LDAP DB with initial content:
# slapadd -l example.com.ldif
# slapadd -l admin.example.com.ldif
# slapadd -l users.example.com.ldif
# slapadd -l groups.example.com.ldif
Set permissions:
#chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/slapd.d
Start server:
# service slapd restart
List the content by request from client:
# ldapsearch -x -b 'dc=example,dc=com'
Load the the rest of LDAP database content from LDIF:
#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f users.example.com.ldif
#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f groups.example.com.ldif
List again
# ldapsearch -x -b 'dc=example,dc=com'
Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
LDAP is the collection of following packages:
1. Transport Layer Security2. Simple Authentication and Security Layer3. Kerberos Authentication Service4. Database Software 5. Threads6. TCP Wrappers
slapd is an LDAP directory server that runs on many different platforms. slapd is a version 3 of LDAP, supports LDAP over both IPv4 and IPv6 and Unix PC.
Following are the some of the advantages of using SLDAP.
1. slapd supports Unicode and language tags.
2. slapd can be configured to restrict access at the socket layer based on network topology.
3. slapd comes with a variety of databases: BDB and HDB are two.
4. multiple databases can be configured.
5. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.
6. These two pieces communicate via a well-defined C API, we can write a customized modules which extend slapd in numerous ways.
Here is the installation guide for setting up a basic LDAP server:
Install the openldap packages using yum:
# yum install openldap-servers
Add the following lines to /etc/sysconfig/iptables file:
# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
Restart the firewall:
# service iptables restart
Make sure service can run:
# service slapd start
Make sure service is not running:
# service slapd stop
Prepare customized configuration file in slapd.example.conf:
# cp /etc/openldap/slapd.conf.bak slapd.example.conf
Generate root password for LDAP cn=config configuration:
# slappasswd
"{SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN".
Modify the defaults in /etc/openldap/slapd.conf:
# vim /etc/openldap/slapd.conf
rootpw {SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN
"cn=admin,dc=example,dc=com".
"dc=example,dc=com".
Install the package:
# yum install openldap-clients
Configure the clients through /etc/openldap/ldap.conf. Providing base DN is not necessary as it is dc=example,dc=com by default. However, default URI refers to localhost which has to be changed.
BASE dc=example, dc=com
URI ldap://127.0.0.1
This section provides content of initial LDAP database in LDIF format.
Create example.com.ldif file with the following content:
# cd /etc/openldap/
# vim example.com.ldif
# Root entry
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
Create admin.example.com.ldif file with the following content:
# vim admin.example.com.ldif
# Admin DN
dn: cn=admin,dc=example,dc=com
objectclass: organizationalRole
cn: admin
Create users.example.com.ldif file with the following content:
#vim users.example.com.ldif
# Base DN for users
dn: ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: users
Create groups.example.com.ldif file with the following content:
# vim groups.example.com.ldif
# Base DN for groups
dn: ou=groups,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: groups
This section can be used repeatedly to re-set configuration, re-initialize LDAP content and start over again.
Make sure service is not running:
# service slapd stop
Clean up configuration:
# rm -rf /etc/openldap/slapd.d/*
Clean up content:
# rm -rf /var/lib/ldap/*
Copy the file:
# cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Initialize DB files for content in /var/lib/ldap directory:
# echo "" | slapadd -f /etc/openldap/slapd.example.conf
Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory:
# slaptest -f /etc/openldap/slapd.example.conf -F /etc/openldap/slapd.d
Initialize LDAP DB with initial content:
# slapadd -l example.com.ldif
# slapadd -l admin.example.com.ldif
# slapadd -l users.example.com.ldif
# slapadd -l groups.example.com.ldif
Set permissions:
#chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/slapd.d
Start server:
# service slapd restart
List the content by request from client:
# ldapsearch -x -b 'dc=example,dc=com'
Load the the rest of LDAP database content from LDIF:
#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f users.example.com.ldif
#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f groups.example.com.ldif
List again
# ldapsearch -x -b 'dc=example,dc=com'
No comments:
Post a Comment