My take on LDAP - #2 Installing the Server

32
7 years ago
in
#technology

Hello Steemians,

this is part #2 of my series about LDAP on Ubuntu / Debian.
Today we'll install and configure the LDAP server itself.

First we need to install the server and a utility package for communicating with the server in the command line by executing:
sudo apt install slapd ldap-utils
The installation will ask us to enter a admin password, but as we will reconfigure it later anyway, we can just skip through that.

Then we need to reconfigure slapd: sudo dpkg-reconfigure slapd

We then answer the prompts like this:

  • Omit OpenLDAP server configuration?
    • No (This would skip the configuration)
  • DNS domain name:
    • sub.example.net (The domain of the LDAP server)
  • Organization name:
    • torrid (Just a name for the LDAP top level entry)
  • Administrator password:
    • secret (The new admin password)
  • Database backend:
    • MDB (The other two are deprecated)
  • Do you want the database to be removed when slapd is purged?
    • No (You probably don't want to lose all your users if someone removes slapd for some reason.)
  • Move old database?
    • Yes (Like it says, it may fail otherwise)

Next we need to configure the ldap command line client.
To do that we edit /etc/ldap/ldap.conf and change it to contain the following:

BASE       dc=sub,dc=example,dc=net
URI        ldap://localhost

URI tells the client where to look for our ldap server by default, and as we are on that machine, we just use localhost.
BASE set's the default search base of the client. Here we need to enter the LDAP base.

Now we can test the LDAP server with the following command:
ldapsearch -x -W -D cn=admin,dc=sub,dc=example,dc=net
The arguments -x -W mean, that we want to use simple authentication and want to be prompted for the password.
With the argument -D we specify the user we want to authenticate with. Here we are using the admin of our Server.

The result of this should look something like this:

# extended LDIF
#
# LDAPv3
# base <dc=sub,dc=example,dc=net> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# sub.example.net
dn: dc=sub,dc=example,dc=net
objectClass: top
objectClass: dcObject
objectClass: organization
o: torrid
dc: sub

# admin, sub.example.net
dn: cn=admin,dc=sub,dc=example,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9enZ6RWxCM2RmMWM4R3NTZC9Ld1FXOHdLQ0pFQWhnaFI=

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

I hope this post was helpful
Torrid Spectra

technology
linux
ldap
debian
education
7 years ago
torrid32
via steemit
$ 0.000
1
H2
H3
H4
3 columns
2 columns
1 column
Join the conversation now
Logo
Center