How to install LDAP # rpm -qa | grep ldap 1.

Transcription

How to install LDAP # rpm -qa | grep ldap 1.
How to install LDAP
1.
First Check LDAP Components
# rpm -qa | grep ldap
2.
You should reach to following files.
If they are not present then you need to install them from yum or rpm
openldap-servers-2.3.27-8.el5_2.4
openldap-2.3.27-8.el5_2.4
nss_ldap-253-13.el5_2.1
python-ldap-2.2.0-2.1
openldap-clients-2.3.27-8.el5_2.4
To install all software at once you can use,
# yum install openldap-servers openldap nss_ldap python-ldap openldap-clients -y
3.
Edit the configuration file : /etc/openldap/slapd.conf
In the present example I am going to use
dc=example,
dc=com.
The only thing that must be edited are
suffix, rootdn and
the two rootpw lines.
suffix
rootdn
is the high level descriptor you selected above.
is who (the user) that owns the server and should start with cn=.
The first root password (rootpw) line should be set to secret. You can generate an
encrypted password for the second rootpw line using the command:
# slappasswd
Just cut and paste the output of the slappasswd command into the second rootpw line.
Below is partial text of /etc/openldap/slapd.conf
database bdb
suffix “dc=example,dc=com”
rootdn “cn=Manager,dc=example,dc=com”
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
rootpw {SSHA}h4n7XX5rY0/AfKh62fLtFZuVSK+nVYsT
4.
Start the LDAP Server :
# service ldap restart
To check to see if the server is running and configured correctly, you can run a search
against it with ldapsearch as below
# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:
# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
Let us take following example of Address Book :
dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit
Sample Record
Base Class
dn: cn=Sharad Sarode,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Sharad Sarode
cn: Sharad R Sarode
cn: tom dick harry
sn: sarode
uid: ssharad
userpassword: shar123
carlicense: AMQP 786
homephone: 555-111-2222
mail: [email protected]
mail: [email protected]
mail: [email protected]
description: Linux Guy
ou: Human Resources
There can be n number of entries like this
Add entries to your directory.
You can use ldapadd to add entries to your LDAP directory. ldapadd expects input in
LDIF form. We’ll do it in two steps:
1.
Create an LDIF file
2.
Run ldapadd
Use your favorite editor and create an LDIF file that contains:
When you cut and paste, be sure to trim any leading and trailing whitespace from the
example.
a]
Let us create LDIF file for base class as below. (base.ldif)
dn: dc=example,dc=com
dc: example
description: My Company in Nagpur
objectClass: dcObject
objectClass: organization
o: Example, Inc.
Now, you may run ldapadd to insert the above base calss into your directory.
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f base.ldif
The ldapadd command will prompt for a password. Provide the password which you
have created with slappasswd command.
Now let us check whether the entry is added in the DB or not. You can use ldapsearch
as below. You can use any LDAP client to do this, but our example uses the ldapsearch tool.
# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
This command will search for and retrieve every entry in the database.
You are now ready to add more entries using ldapadd or another LDAP client,
Now let us add one record. Now create file record1.ldif and write following in that file.
dn: cn=Sharad Sarode,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Sharad Sarode
cn: Sharad R Sarode
cn: tom dick harry
sn: sarode
uid: ssharad
userpassword: shar123
carlicense: AMQP 786
homephone: 555-111-2222
mail: [email protected]
mail: [email protected]
mail: [email protected]
description: Linux Guy
ou: Human Resources
Now use ldapadd to add this record1.ldif file to LDAP Database.
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f record1.ldif
Similar to this you can add many records by creating .ldif file.
Modifying LDAP Entries :
The following LDIF shows how we modify entries using LDIF - its usually quicker to
use your LDAP Browser but if you have bulk changes LDIF is quicker.
Let us modify entry for Sharad Sarode. Create modify.ldif file as below.
dn: cn=Sharad Sarode,ou=people,dc=example,dc=com
changetype: modify
add: telephonenumber
telephonenumber: 555-555-1212
telephonenumber: 212
replace: uid
uid: ssarode
replace: mail
mail: [email protected]
mail: [email protected]
add: jpegphoto
jpegphoto: < file://path/to/jpeg/file.jpg
delete: description
Now update the record as below.
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f modify.ldif
Using LDAP Browser :
Now you can try with the basic LDAP structure.
Use an LDAP browser or LDIF files to add further entries or attributes to the existing
entries. You must bind using cn=Manager,dc=example,dc=com (rootdn or superuser and its
associated rootpw) when writing to the directory.
Use ldapsearch or your LDAP Browser to search on various criteria.
You can use any Mozilla family browser or MS Explorer (5+) and try the following LDAP
URL in the address line:
ldap://localhost or IP/ou=people,dc=example,dc=com??one?(objectclass=*)
If you are writing above URL in Fire Fox browser of any Windows machine. It should
prompt with following dialog box. Press the Choose button to add your newly created LDAP
Address Book to Windows Address Book.
If you are using Fire Fox then you
may get such dialog box.
If you are using Internet Explorer
then you may get such dialog box.
MS Outlook Express as LDAP Client
See the following screen shots step by step.