Topic 6

Date: 3/26/2014

Lightweight Directory Access Protocol (LDAP)

Practical guide to Linux systems administration

Practical exercises: LDAP server installation and configuration.

Install OpenLDAP packages on master VM.

apt-get install slapd ldap-utils libldap-2.4-2 libnss-ldap

You can accept the default entries in configuration stage since you will configure LDAP manually. Remove the databases created during LDAP setup:

service slapd stop
rm -rf /var/lib/ldap/*

Create a new configuration file, /etc/ldap/slapd.conf, and paste the configuration from the table below.

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Include Schemas
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

# Where the dynamically loaded modules are stored
modulepath      /usr/lib/ldap
moduleload      back_bdb

# bdb database definitions
database        bdb 

# Define Domain components and Root distinguished name (Manager)
suffix          "dc=dom02, dc=linux, dc=class"
rootdn          "cn=Manager,dc=dom02,dc=linux,dc=class"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# Root password can be created with:
# perl  -e "print crypt(thisp, ac,)" > pass.txt
# rootpw         thisp
rootpw          {crypt}acunRNwFPEdHQ

# slapd process ID file
pidfile         /var/run/slapd/slapd.pid

Edit file /etc/default/slapd and specify the location of the configuration file:
SLAPD_CONF=/etc/ldap/slapd.conf

start LDAP server:

service slapd start

To make sure LDAP is running, execute ldapsearch:

ldapsearch -x -h localhost -LL  -b '' -s base '(objectclass=*)' namingContexts

You should see:
namingContexts: dc=dom02,dc=linux,dc=class

Unix Authentication and Naming services
What is LDAP
LDAP heirarchy
Addressing in LDAP
Data tree with dn
Schema
Accessing LDAP
OpenLDAP installation steps
Server Config file
Exercises: Server installation
Exercises: Client installation
Outline of LDIF
LDIF example
Frequent LDAP commands
Exercises: LDAP commands
Performance
Access Control List
LDAP over SSL/TLS
LDAP Applications
Exercises: LDAP user authentication
Take me to the Course Website