11

08/10

Ubuntu 10.04 Lucid Lynx ldap configuration – the working how-to

12:04 pm by Admir. Postuar tek: Linux

Hi there,

Here at work I use Ubuntu 10.04 lts, and I was trying to configure openldap.
Yes, on the internet are many how-to’s but half write-d and not really tested, but the most important is that none of them seems to really work.
I have reed about the argument online (ubuntu doc’s to – not working), and from many how to’s and now here is the final script for the ldap Ubuntu configuration:

First install with :
#apt-get install slapd ldap-utils
Then create a script ie (touch script.sh) and put the following in.
[cc lang="bash"]
#!/bin/sh
passwd=pleaseeditme
dc1=pleaseeditme
dc2=pleaseeditme
hash_pw=`slappasswd -s $passwd`
tmpdir=/tmp
#————————————————————–#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
#——————————————————————-#
# database.ldif
#——————————————————————-#
cat << EOF > $tmpdir/database.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb

# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=$dc1,dc=$dc2
olcRootDN: cn=admin,dc=$dc1,dc=$dc2
olcRootPW: $hash_pw
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”" by * read
olcAccess: {2}to * by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################

dn: cn=config
changetype: modify

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
EOF
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/database.ldif
####################################
# Mini DIT
####################################
cat << EOF > $tmpdir/dit.ldif
# Tree root

dn: dc=$dc1,dc=$dc2
objectClass: dcObject
objectclass: organization
o: $dc1.$dc2
dc: $dc1
description: Tree root

# Populating
dn: cn=admin,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: $hash_pw
description: LDAP administrator

dn: cn=aw,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: $hash_pw
description: LDAP aw

dn: ou=people,dc=$dc1,dc=$dc2
ou: people
objectClass: organizationalUnit
objectClass: top

dn: ou=groups,dc=$dc1,dc=$dc2
ou: groups
objectClass: organizationalUnit
objectClass: top

dn: ou=addressbook,dc=$dc1,dc=$dc2
ou: addressbook
objectClass: top
objectClass: organizationalUnit

#Adding user
dn: uid=ldap1,ou=people,dc=$dc1,dc=$dc2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: $hash_pw
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@$dc1.$dc2
postalCode: 31000
l: Mysity
o: $dc1
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
EOF

sudo ldapadd -x -D cn=admin,dc=$dc1,dc=$dc2 -W -f $tmpdir/dit.ldif
[/cc]

Execute the script with $sh script.sh
If you have problems, want to edit etc, use the following script, it will fully remove and reinstall ldap.

[cc lang="bash"]
#!/bin/sh
aptitude purge slapd ldap-utils
cat /dev/null > /var/log/debug
rm /var/lib/ldap/*
rm -rf /etc/ldap
apt-get install slapd ldap-utils
[/cc]

For testing if all is working fine you should try :

ldapsearch -D cn=admin,dc=yourhost,dc=yourdomain -W -x -b dc=yourhost,dc=yourdomain

Last words, for managing you can use phpldapadmin (it is in the repository).
Then visit your localhost :
http://localhost/phpldapadmin and log-in,

WARNING

1) Bee root when running the script, ldap need’s permissions
2) Use the rm script before running the ldap script, I think you used something else before this, so use the rm script first to clean the way for ldap.

3) Enjoy. And save the time to others as the time was saved for you :) , share it.

Komentet e temes

Ler nje koment