OpenLDAP Installation & Configuration
Installation of LDAP and Database Software
For OpenLDAP Server
download openldap-server from http://www.openldap.org/software/download/
For Database Software
Download Berkeley DB from http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz
Create a folder ldap Copy all the above downloaded files to folder /ldap/ unzip the files in folder /ldap/* {all the above listed compressed files}.
Install & Configure Database Software {Berkeley DB}
Issued the below commands from the folder /ldap/
CPPFLAGS=”-I /ldap/db-4.8.26/build_unix”
export CPPFLAGS
LDFLAGS=”-L /ldap/db-4.8.26/build_unix -R/usr/local/db-4.8.26/lib”
export LDFLAGS
LD_LIBRARY_PATH=”/usr/local/db-4.8.26/lib” {default path will be}
export LD_LIBRARY_PATH
Now issue this command from /ldap/db-4.8.26/
cd build_unix &&
../dist/configure –prefix=/usr \
–enable-compat185 \
–enable-cxx &&
The next step is to build the software. This step we compile the software:
Command : make
You are now ready to install the software; this usually requires super-user privileges.
make docdir=/ldap/db-4.8.26 install &&
chown -v -R root:root \
/usr/bin/berkeley_db42_svc \
/usr/bin/db42_* \
/usr/include/db{,_185,_cxx}.h \
/usr/lib/libdb{{,_cxx}.a,{,_cxx,_java,_tcl}-4.8.{so,a}} \
/mnt/apps/ldap/db-4.8.26/build_unix
Now we are done with Installation of Database.
Install & Configure Open LDAP
• Run configure
You will need to run the provided configure script to configure the distribution for building on your system. The configure script accepts many command line options that enable or disable optional software features. Usually the defaults are okay, but you may want to change them. To get a complete list of options that configure accepts, use the –help option: ./configure –help
• Build the software
The next step is to build the software. This step has two parts, first we construct dependencies and then we compile the software:
1) make depend 2) make
• Test the build
To ensure a correct build, you should run the test suite (it only takes a few minutes):
make test
Note : Tests which apply to your configuration will run and they should pass. Some tests, such as the replication test, may be skipped.
• Install the software
You are now ready to install the software; this usually requires super-user privileges:
su root -c make install
Everything should now be installed under /usr/local (or whatever installation prefix was used by configure).
• Edit the configuration file
Use your favorite editor to edit the provided SLAPD.CONF example (usually installed as /usr/local/etc/openldap/slapd.conf) to contain a BDB database definition of the form.
database bdb
suffix “dc=
rootdn “cn=Manager,dc=
rootpw secret
directory /usr/local/var/openldap-data
Be sure to replace
database bdb
suffix “dc=example,dc=com”
rootdn “cn=Manager,dc=example,dc=com”
rootpw secret
directory /usr/local/var/openldap-data
If your domain contains additional components, such as eng.uni.edu.eu, use:
database bdb
suffix “dc=eng,dc=uni,dc=edu,dc=eu”
rootdn “cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu”
rootpw secret
directory /usr/local/var/openldap-data
Also Include the below mentioned schema to activate various objectClasses.
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/duaconf.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
Add the following lines to the sldap.conf
access to attrs=userPassword,shadowlastchange
by dn=”cn=Manager,dc=example,dc=corp,dc=test,dc=local” write
by anonymous auth
by users read
by * none
access to *
by dn=”cn=admin,dc=example,dc=corp,dc=test,dc=local” write
by * read
access to dn.base=”" by * read
access to dn.base=”cn=Subschema” by * read
access to *
by self write
by users read
by anonymous auth
# ACL1
access to *
by self write
by group.exact=”cn=Admin,ou=roles,dc=example,dc=corp,dc=test,dc=local” write
by users read
by * none
# ACL2
access to *
by self read
by group.exact=”cn=Executive,ou=roles,dc=example,dc=corp,dc=test,dc=local” read
by * none
• Start SLAPD
You are now ready to start the Standalone LDAP Daemon, slapd(8), by running the command: su root -c /usr/local/libexec/slapd
To check to see if the server is running and configured correctly, you can run a search against it with ldapsearch(1). By default, ldapsearch is installed as /usr/local/bin/ldapsearch:
ldapsearch -x -b -s base ‘(objectclass=*)’ namingContexts
Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:
dn: namingContexts: dc=example,dc=com
• Add initial entries to your directory
You can use LDAPADD to add entries to your LDAP directory. LDAPADD expects input in LDIF form. We’ll do it in two steps:
1) create an LDIF file 2) run ldapadd
Use your favorite editor and create an LDIF file that contains:
dn: dc=
objectclass: dcObject
objectclass: organization
o:
dc:
dn: cn=Manager,dc=
objectclass: organizationalRole
cn: Manager
Be sure to replace
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager
Now, you may run LDAPADD to insert these entries into your directory.
ldapadd -x -D “cn=Manager,dc=<MY-DOMAIN>,dc=<COM>” -W -f example.ldif
Be sure to replace
For example, for example.com, use:
ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f example.ldif
Note: example.ldif is the file you created above.
• See if it works
Now we’re ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example uses the ldapsearch(1) tool. Remember to replace dc=example,dc=com with the correct values for your site:
ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’
This command will search for and retrieve every entry in the database.
• Create Node Roles and Users under the Base DN
1) Create a file in your favorite text editor and save it as example.ldif.
dn: ou=users,dc=example,dc=com
ou: users
objectclass: top
objectclass: organizationalUnit
2) Create a file in your favorite text editor and save it as example.ldif.
dn: ou=roles,dc=example,dc=com
ou: roles
objectclass: top
objectclass: organizationalUnit
Issue the below command to create Node Roles
ldapadd -x -D “cn=Admin,dc=example,dc=com” -W -f example.ldif
• Adding Roles to the LDAP Tree
3) Create a file in your favorite text editor and save it as example.ldif
dn: cn=Admin,ou=roles,dc=example,dc=com
objectclass: groupOfNames
cn: Admin
description: Administrator
member: cn=
dn: cn=Executive, ou=roles,dc=example,dc=com
objectclass: groupOfNames
cn: Executive
description:Executive
member: cn=
member: cn=
Issue the below command to Add Roles
ldapadd -x -D “cn=Admin,dc=example,dc=com” -W -f example.ldif
• Other useful commands
ldapmodify -x -D “cn=Manager,dc=example,dc=com” -W -f temp.ldif
you need to create a ldif file which carries the following set of details
dn: cn=
changetype: modify
replace: sn
sn:
replace: cn
cn:
cn:
ldapdelete -r -D “cn=Manager,dc=example,dc=com” –W << Entry to Delete>>
ldapsearch -x -b dc=Manager,dc=example,dc=com objectclass=*
ldapadd -x -D “cn=Admin,dc=example,dc=com” -W -f example.ldif
For any queries please contact verve@vervesys.com
