Installing & Configuring OpenLDAP (Hands On Lab)

893 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
893
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
47
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Installing & Configuring OpenLDAP (Hands On Lab)

  1. 1. © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice GET CONNECTED People. Training. Technology. HP Technology Forum 2006 Installing & Configuring OpenLDAP Michael Lamont Senior Software Engineer, Process Software
  2. 2. 2 18 July 2014 Agenda • Introduction to OpenLDAP • Installing OpenLDAP • Configuring OpenLDAP • Populating an LDAP directory • Basic searching
  3. 3. 3 18 July 2014 OpenLDAP • OpenLDAP is one of the most popular LDAP packages in use today. • OpenLDAP is: − Free − Open source − Standards-compliant (LDAPv3) − Portable (runs pretty much anywhere)
  4. 4. 4 18 July 2014 Obtaining OpenLDAP • OpenLDAP is available from http://www.openldap.org/ • Always use the latest version available. • As of now, 2.3.27 is latest.
  5. 5. 5 18 July 2014 Obtaining OpenLDAP • Download OpenLDAP (and example LDIF): $ ftp cheese.process.com Name (cheese.process.com): hp Password: hp ftp> prompt ftp> bi ftp> mget * ftp> quit $
  6. 6. 6 18 July 2014 Installing OpenLDAP • Uncompress and un-archive: $ gzip -d openldap-2.3.27.tgz $ tar xfv openldap-2.3.27.tar
  7. 7. 7 18 July 2014 Installing OpenLDAP • Change directories to the distribution directory, and run the configure script: $ cd openldap-2.3.27 $ ./configure –-prefix=/usr/local/
  8. 8. 8 18 July 2014 Installing OpenLDAP • Run make depend to build some internal programs that the OpenLDAP build process depends on: $ make depend
  9. 9. 9 18 July 2014 Installing OpenLDAP • Build OpenLDAP by running make: $ make
  10. 10. 10 18 July 2014 Installing OpenLDAP • Run the OpenLDAP test suite to make sure everything was built correctly: $ make test
  11. 11. 11 18 July 2014 Installing OpenLDAP • Run make install as root to install OpenLDAP: $ su Password: bill+dave # make install
  12. 12. 12 18 July 2014 Configuring OpenLDAP • Main configuration file is slapd.conf in /usr/local/etc/openldap/ • Contains list of configuration variables and their values. • Detailed info about every configuration variable is in OpenLDAP Administrator’s Guide.
  13. 13. 13 18 July 2014 Configuring OpenLDAP include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema • A schema describes objects that can exist in an LDAP directory. • core.schema and cosine.schema files include definitions for basic LDAP objects. • inetorgperson.schema describes inetOrgPerson object that lots of LDAP-integrated software uses.
  14. 14. 14 18 July 2014 Configuring OpenLDAP loglevel 264 pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args • loglevel is bitmask that sets the level of LDAP debugging. • OpenLDAP’s process ID is stored in pidfile - used by scripts. • argsfile contains command line arguments that OpenLDAP will automatically use when started.
  15. 15. 15 18 July 2014 Configuring OpenLDAP database bdb • The database variable specifies the backend database used by OpenLDAP to store data. • The bdb module supports the Berkeley DB, which OpenLDAP uses by default.
  16. 16. 16 18 July 2014 Configuring OpenLDAP suffix "dc=apes.example,dc=com" • Specifies the name of the base entry in the directory. • All other directory entries descend from this object. • Should be based on the local domain name.
  17. 17. 17 18 July 2014 Configuring OpenLDAP rootdn "cn=Directory Manager,dc=apes.example,dc=com" rootpw secret • The root Distinguished Name (DN) is the directory administrator. • Can read, write, and search any part of the directory. • Value of suffix should be part of DN. • rootpw is the password used to access the rootDN account.
  18. 18. 18 18 July 2014 Configuring OpenLDAP directory /usr/local/var/openldap-data index objectClass eq • directory specifies where the directory database files are located. − Must exist − Should only be accessible by user OpenLDAP runs as. • index specifies attributes that OpenLDAP should maintain indexes for. • Indexes speed up searches that use an indexed attribute.
  19. 19. 19 18 July 2014 Starting OpenLDAP • Run slapd as root to start OpenLDAP: # /usr/local/libexec/slapd
  20. 20. 20 18 July 2014 Starting OpenLDAP • Run ps –ef and look for the slapd process to verify that it’s running: $ ps –ef | grep slapd root 23932 1 09:52:03 ? 0:00 slapd $
  21. 21. 21 18 July 2014 Stopping OpenLDAP • Shut down OpenLDAP by sending slapd an interrupt signal (SIGINT). • This lets OpenLDAP shut down gracefully. • NEVER use kill –9 to shut down OpenLDAP – you can corrupt the directory databases. # kill -INT `cat /usr/local/var/run/slapd.pid`
  22. 22. 22 18 July 2014 Populating OpenLDAP • An LDAP directory without any entries isn’t very useful. • ldapmodify is used to add or modify directory entries. • New entries are specified using an LDIF file. • We’re going to use a sample LDIF file that contains: − A root entry − A “people” organizational unit (ou) − Two inetOrgPerson objects
  23. 23. 23 18 July 2014 Sample LDIF File • Root entry: dn: dc=apes.example,dc=com dc: apes.example objectClass: dcObject objectClass: organizationalUnit ou: Apes Incorporated
  24. 24. 24 18 July 2014 Sample LDIF File • “people” organizational unit: dn: ou=people,dc=apes.example,dc=com ou: people objectClass: organizationalUnit
  25. 25. 25 18 July 2014 Sample LDIF File • First inetOrgPerson: dn: cn=Charlton Heston,ou=people,dc=apes.example,dc=com cn: Charlton Heston sn: Heston mail: heston@apes.example.com telephoneNumber: 508-555-1212 objectclass: inetOrgPerson
  26. 26. 26 18 July 2014 Sample LDIF File • Second inetOrgPerson: dn: cn=Roddy McDowall,ou=people,dc=apes.example,dc=com cn: Roddy McDowall sn: McDowall mail: mcdowall@apes.example.com telephoneNumber: 508-555-1234 objectclass: inetOrgPerson
  27. 27. 27 18 July 2014 LDIF File “Gotchas” • Very important: each entry in LDIF file has to be separated by exactly one blank line. • Blank line can’t have spaces, tabs, or any other kind of white space on it. • “value provided more than once” errors will occur if line isn’t completely blank.
  28. 28. 28 18 July 2014 Adding Entries To The Directory • The ldapmodify command is used to add entries to the directory. • OpenLDAP has to be running for ldapmodify to work. • Supply ldapmodify with root DN and password, since it needs write access to the directory. $ ldapmodify –D "cn=Directory Manager,dc=apes.example,dc=com” -w secret -x -a -f hptf2006.ldif
  29. 29. 29 18 July 2014 Verify Entries Added • The ldapsearch tool can be used to verify that the new entries were added. $ ldapsearch -x -b "dc=apes.example,dc=com"
  30. 30. 30 18 July 2014

×