installing & configuring openldap (hands on lab)
TRANSCRIPT
![Page 1: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/1.jpg)
© 2006 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
GET CONNECTED People. Training. Technology.
HP Technology Forum 2006
Installing & Configuring OpenLDAP
Michael Lamont Senior Software Engineer, Process Software
![Page 2: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/2.jpg)
2 18 July 2014
Agenda
• Introduction to OpenLDAP
• Installing OpenLDAP
• Configuring OpenLDAP
• Populating an LDAP directory
• Basic searching
![Page 3: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/3.jpg)
3 18 July 2014
OpenLDAP
• OpenLDAP is one of the most popular LDAP packages in use today.
• OpenLDAP is:
− Free
− Open source
− Standards-compliant (LDAPv3)
− Portable (runs pretty much anywhere)
![Page 4: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/4.jpg)
4 18 July 2014
Obtaining OpenLDAP
• OpenLDAP is available from http://www.openldap.org/
• Always use the latest version available.
• As of now, 2.3.27 is latest.
![Page 5: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/5.jpg)
5 18 July 2014
Obtaining OpenLDAP
• Download OpenLDAP (and example LDIF):
$ ftp cheese.process.com
Name (cheese.process.com): hp
Password: hp
ftp> prompt
ftp> bi
ftp> mget *
ftp> quit
$
![Page 6: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/6.jpg)
6 18 July 2014
Installing OpenLDAP
• Uncompress and un-archive:
$ gzip -d openldap-2.3.27.tgz
$ tar xfv openldap-2.3.27.tar
![Page 7: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/7.jpg)
7 18 July 2014
Installing OpenLDAP
• Change directories to the distribution directory, and run the configure script:
$ cd openldap-2.3.27
$ ./configure –-prefix=/usr/local/
![Page 8: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/8.jpg)
8 18 July 2014
Installing OpenLDAP
• Run make depend to build some internal programs that the OpenLDAP build process depends on:
$ make depend
![Page 9: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/9.jpg)
9 18 July 2014
Installing OpenLDAP
• Build OpenLDAP by running make:
$ make
![Page 10: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/10.jpg)
10 18 July 2014
Installing OpenLDAP
• Run the OpenLDAP test suite to make sure everything was built correctly:
$ make test
![Page 11: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/11.jpg)
11 18 July 2014
Installing OpenLDAP
• Run make install as root to install OpenLDAP:
$ su
Password: bill+dave
# make install
![Page 12: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/12.jpg)
12 18 July 2014
Configuring OpenLDAP
• Main configuration file is slapd.conf in /usr/local/etc/openldap/
• Contains list of configuration variables and their values.
• Detailed info about every configuration variable is in OpenLDAP Administrator’s Guide.
![Page 13: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/13.jpg)
13 18 July 2014
Configuring OpenLDAP
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
• A schema describes objects that can exist in an LDAP directory.
• core.schema and cosine.schema files include definitions for basic LDAP objects.
• inetorgperson.schema describes inetOrgPerson object that lots of LDAP-integrated software uses.
![Page 14: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/14.jpg)
14 18 July 2014
Configuring OpenLDAP
loglevel 264
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
•loglevel is bitmask that sets the level of LDAP debugging.
• OpenLDAP’s process ID is stored in pidfile - used by scripts.
•argsfile contains command line arguments that OpenLDAP will automatically use when started.
![Page 15: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/15.jpg)
15 18 July 2014
Configuring OpenLDAP
database bdb
• The database variable specifies the backend database used by OpenLDAP to store data.
• The bdb module supports the Berkeley DB, which OpenLDAP uses by default.
![Page 16: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/16.jpg)
16 18 July 2014
Configuring OpenLDAP
suffix "dc=apes.example,dc=com"
• Specifies the name of the base entry in the directory.
• All other directory entries descend from this object.
• Should be based on the local domain name.
![Page 17: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/17.jpg)
17 18 July 2014
Configuring OpenLDAP
rootdn "cn=Directory Manager,dc=apes.example,dc=com"
rootpw secret
• The root Distinguished Name (DN) is the directory administrator.
• Can read, write, and search any part of the directory.
• Value of suffix should be part of DN.
•rootpw is the password used to access the rootDN account.
![Page 18: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/18.jpg)
18 18 July 2014
Configuring OpenLDAP
directory /usr/local/var/openldap-data
index objectClass eq
•directory specifies where the directory database files are located.
− Must exist
− Should only be accessible by user OpenLDAP runs as.
•index specifies attributes that OpenLDAP should maintain indexes for.
• Indexes speed up searches that use an indexed attribute.
![Page 19: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/19.jpg)
19 18 July 2014
Starting OpenLDAP
• Run slapd as root to start OpenLDAP:
# /usr/local/libexec/slapd
![Page 20: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/20.jpg)
20 18 July 2014
Starting OpenLDAP
• Run ps –ef and look for the slapd process to verify that it’s running:
$ ps –ef | grep slapd
root 23932 1 09:52:03 ? 0:00 slapd
$
![Page 21: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/21.jpg)
21 18 July 2014
Stopping OpenLDAP
• Shut down OpenLDAP by sending slapd an interrupt signal (SIGINT).
• This lets OpenLDAP shut down gracefully.
• NEVER use kill –9 to shut down OpenLDAP – you can corrupt the directory databases.
# kill -INT \
`cat /usr/local/var/run/slapd.pid`
![Page 22: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/22.jpg)
22 18 July 2014
Populating OpenLDAP
• An LDAP directory without any entries isn’t very useful.
•ldapmodify is used to add or modify directory entries.
• New entries are specified using an LDIF file.
• We’re going to use a sample LDIF file that contains:
− A root entry
− A “people” organizational unit (ou)
− Two inetOrgPerson objects
![Page 23: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/23.jpg)
23 18 July 2014
Sample LDIF File
• Root entry:
dn: dc=apes.example,dc=com
dc: apes.example
objectClass: dcObject
objectClass: organizationalUnit
ou: Apes Incorporated
![Page 24: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/24.jpg)
24 18 July 2014
Sample LDIF File
• “people” organizational unit:
dn: ou=people,dc=apes.example,dc=com
ou: people
objectClass: organizationalUnit
![Page 25: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/25.jpg)
25 18 July 2014
Sample LDIF File
• First inetOrgPerson:
dn: cn=Charlton
Heston,ou=people,dc=apes.example,dc=com
cn: Charlton Heston
sn: Heston
mail: [email protected]
telephoneNumber: 508-555-1212
objectclass: inetOrgPerson
![Page 26: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/26.jpg)
26 18 July 2014
Sample LDIF File
• Second inetOrgPerson:
dn: cn=Roddy
McDowall,ou=people,dc=apes.example,dc=com
cn: Roddy McDowall
sn: McDowall
mail: [email protected]
telephoneNumber: 508-555-1234
objectclass: inetOrgPerson
![Page 27: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/27.jpg)
27 18 July 2014
LDIF File “Gotchas”
• Very important: each entry in LDIF file has to be separated by exactly one blank line.
• Blank line can’t have spaces, tabs, or any other kind of white space on it.
• “value provided more than once” errors will occur if line isn’t completely blank.
![Page 28: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/28.jpg)
28 18 July 2014
Adding Entries To The Directory
• The ldapmodify command is used to add entries to the directory.
• OpenLDAP has to be running for ldapmodify to work.
• Supply ldapmodify with root DN and password, since it needs write access to the directory.
$ ldapmodify –D \
"cn=Directory Manager,dc=apes.example,dc=com” \
-w secret -x -a -f hptf2006.ldif
![Page 29: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/29.jpg)
29 18 July 2014
Verify Entries Added
• The ldapsearch tool can be used to verify that the new entries were added.
$ ldapsearch -x \
-b "dc=apes.example,dc=com"
![Page 30: Installing & Configuring OpenLDAP (Hands On Lab)](https://reader034.vdocument.in/reader034/viewer/2022042700/554fb18db4c9057b298b5122/html5/thumbnails/30.jpg)
30 18 July 2014