How to install and configure Ldap software
Content
First we need to install the packages we need so in a terminal type: sudo apt-get install slapd ldap-utils During installation you will be asked for an ldap administrator password. You should choose one and then retype it. The configurations example that follows uses a FQDN of comtech.com. You should change this to the FQDN of your organisation. Now we need to add some additional schema files. In a terminal enter: sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif Now make a file called backend.comtech.com.ldif somewhere on your system and add the following configuration to it. # Load dynamic backend modules dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb.la # Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=comtech,dc=com olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=comtech,dc=com olcRootPW: secret olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn=”cn=admin,dc=comtech,dc=com” write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base=”" by * read olcAccess: to * by dn=”cn=admin,dc=comtech,dc=com” write by * read We now need to add the LDIF to the directory so in a terminal type: sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.comtech.com.ldif
Now create a file called frontend.comtech.com.ldif somewhere on your system and add the following configuration to it. # Create top-level object in domain dn: dc=comtech,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Comtech dc: comtech description: Comtech LDAP Configuration # Admin user. dn: cn=admin,dc=comtech,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: (ADD YOUR OWN PASSWORD HERE) dn: ou=people,dc=comtech,dc=com objectClass: organizationalUnit ou: people dn: ou=groups,dc=comtech,dc=com objectClass: organizationalUnit ou: groups dn: uid=bob,ou=people,dc=comtech,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: Bob sn: Wates givenName: Bob cn: Bob Wates displayName: Bob Wates uidNumber: 1000 gidNumber: 10000 userPassword: password gecos: Bob Wates loginShell: /bin/bash homeDirectory: /home/bob shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: [email protected] postalCode: CF24 l: Cardiff o: Comtech mobile: +44 (0)7 xx xx xx xx homePhone: +44 (0)1 xx xx xx xx x title: System Administrator
postalAddress: initials: BW dn: cn=comtech,ou=groups,dc=comtech,dc=com objectClass: posixGroup cn: comtech gidNumber: 10000 Now we need to add the entries to the LDAP directory. In a terminal type: sudo ldapadd -x -D cn=admin,dc=comtech,dc=com -W -f frontend.comtech.com.ldif You will be asked for the ldap administration password. This is the password in the admin section of the frontend.comtech.com.ldif file. All that is left to do is to test the configuration so in a terminal type: ldapsearch -xLLL -b “dc=comtech,dc=com” uid=bob sn givenName cn If your files are configured correctly then you get the following output. dn: uid=bob,ou=people,dc=comtech,dc=com cn: Bob Wates sn: Wates givenName: Bob
Now create a file called frontend.comtech.com.ldif somewhere on your system and add the following configuration to it. # Create top-level object in domain dn: dc=comtech,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Comtech dc: comtech description: Comtech LDAP Configuration # Admin user. dn: cn=admin,dc=comtech,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: (ADD YOUR OWN PASSWORD HERE) dn: ou=people,dc=comtech,dc=com objectClass: organizationalUnit ou: people dn: ou=groups,dc=comtech,dc=com objectClass: organizationalUnit ou: groups dn: uid=bob,ou=people,dc=comtech,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: Bob sn: Wates givenName: Bob cn: Bob Wates displayName: Bob Wates uidNumber: 1000 gidNumber: 10000 userPassword: password gecos: Bob Wates loginShell: /bin/bash homeDirectory: /home/bob shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: [email protected] postalCode: CF24 l: Cardiff o: Comtech mobile: +44 (0)7 xx xx xx xx homePhone: +44 (0)1 xx xx xx xx x title: System Administrator
postalAddress: initials: BW dn: cn=comtech,ou=groups,dc=comtech,dc=com objectClass: posixGroup cn: comtech gidNumber: 10000 Now we need to add the entries to the LDAP directory. In a terminal type: sudo ldapadd -x -D cn=admin,dc=comtech,dc=com -W -f frontend.comtech.com.ldif You will be asked for the ldap administration password. This is the password in the admin section of the frontend.comtech.com.ldif file. All that is left to do is to test the configuration so in a terminal type: ldapsearch -xLLL -b “dc=comtech,dc=com” uid=bob sn givenName cn If your files are configured correctly then you get the following output. dn: uid=bob,ou=people,dc=comtech,dc=com cn: Bob Wates sn: Wates givenName: Bob
