How to install LDAP # rpm -qa | grep ldap 1.
Transcription
How to install LDAP # rpm -qa | grep ldap 1.
How to install LDAP 1. First Check LDAP Components # rpm -qa | grep ldap 2. You should reach to following files. If they are not present then you need to install them from yum or rpm openldap-servers-2.3.27-8.el5_2.4 openldap-2.3.27-8.el5_2.4 nss_ldap-253-13.el5_2.1 python-ldap-2.2.0-2.1 openldap-clients-2.3.27-8.el5_2.4 To install all software at once you can use, # yum install openldap-servers openldap nss_ldap python-ldap openldap-clients -y 3. Edit the configuration file : /etc/openldap/slapd.conf In the present example I am going to use dc=example, dc=com. The only thing that must be edited are suffix, rootdn and the two rootpw lines. suffix rootdn is the high level descriptor you selected above. is who (the user) that owns the server and should start with cn=. The first root password (rootpw) line should be set to secret. You can generate an encrypted password for the second rootpw line using the command: # slappasswd Just cut and paste the output of the slappasswd command into the second rootpw line. Below is partial text of /etc/openldap/slapd.conf database bdb suffix “dc=example,dc=com” rootdn “cn=Manager,dc=example,dc=com” # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret rootpw {SSHA}h4n7XX5rY0/AfKh62fLtFZuVSK+nVYsT 4. Start the LDAP Server : # service ldap restart To check to see if the server is running and configured correctly, you can run a search against it with ldapsearch as below # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)' Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return: # Manager, example.com dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole cn: Manager Let us take following example of Address Book : dn: ou=people, dc=example,dc=com ou: people description: All people in organisation objectclass: organizationalunit Sample Record Base Class dn: cn=Sharad Sarode,ou=people,dc=example,dc=com objectclass: inetOrgPerson cn: Sharad Sarode cn: Sharad R Sarode cn: tom dick harry sn: sarode uid: ssharad userpassword: shar123 carlicense: AMQP 786 homephone: 555-111-2222 mail: [email protected] mail: [email protected] mail: [email protected] description: Linux Guy ou: Human Resources There can be n number of entries like this Add entries to your directory. You can use ldapadd to add entries to your LDAP directory. ldapadd expects input in LDIF form. We’ll do it in two steps: 1. Create an LDIF file 2. Run ldapadd Use your favorite editor and create an LDIF file that contains: When you cut and paste, be sure to trim any leading and trailing whitespace from the example. a] Let us create LDIF file for base class as below. (base.ldif) dn: dc=example,dc=com dc: example description: My Company in Nagpur objectClass: dcObject objectClass: organization o: Example, Inc. Now, you may run ldapadd to insert the above base calss into your directory. # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f base.ldif The ldapadd command will prompt for a password. Provide the password which you have created with slappasswd command. Now let us check whether the entry is added in the DB or not. You can use ldapsearch as below. You can use any LDAP client to do this, but our example uses the ldapsearch tool. # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)' This command will search for and retrieve every entry in the database. You are now ready to add more entries using ldapadd or another LDAP client, Now let us add one record. Now create file record1.ldif and write following in that file. dn: cn=Sharad Sarode,ou=people,dc=example,dc=com objectclass: inetOrgPerson cn: Sharad Sarode cn: Sharad R Sarode cn: tom dick harry sn: sarode uid: ssharad userpassword: shar123 carlicense: AMQP 786 homephone: 555-111-2222 mail: [email protected] mail: [email protected] mail: [email protected] description: Linux Guy ou: Human Resources Now use ldapadd to add this record1.ldif file to LDAP Database. # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f record1.ldif Similar to this you can add many records by creating .ldif file. Modifying LDAP Entries : The following LDIF shows how we modify entries using LDIF - its usually quicker to use your LDAP Browser but if you have bulk changes LDIF is quicker. Let us modify entry for Sharad Sarode. Create modify.ldif file as below. dn: cn=Sharad Sarode,ou=people,dc=example,dc=com changetype: modify add: telephonenumber telephonenumber: 555-555-1212 telephonenumber: 212 replace: uid uid: ssarode replace: mail mail: [email protected] mail: [email protected] add: jpegphoto jpegphoto: < file://path/to/jpeg/file.jpg delete: description Now update the record as below. # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f modify.ldif Using LDAP Browser : Now you can try with the basic LDAP structure. Use an LDAP browser or LDIF files to add further entries or attributes to the existing entries. You must bind using cn=Manager,dc=example,dc=com (rootdn or superuser and its associated rootpw) when writing to the directory. Use ldapsearch or your LDAP Browser to search on various criteria. You can use any Mozilla family browser or MS Explorer (5+) and try the following LDAP URL in the address line: ldap://localhost or IP/ou=people,dc=example,dc=com??one?(objectclass=*) If you are writing above URL in Fire Fox browser of any Windows machine. It should prompt with following dialog box. Press the Choose button to add your newly created LDAP Address Book to Windows Address Book. If you are using Fire Fox then you may get such dialog box. If you are using Internet Explorer then you may get such dialog box. MS Outlook Express as LDAP Client See the following screen shots step by step.