Open LDAP – Installation and configuration

Software Download

Download OpenLDAP Source code from 

http://www.openldap.org/software/download/OpenLDAP/openldap-release/

 

Pre Work :

Set below environmental variable. The path may change based on your local system install location of berkleyDB

———————

CPPFLAGS=”-I/usr/local/berkeleyDB/include”

export CPPFLAGS

LDFLAGS=”-L/usr/local/lib -L/usr/local/berkeleyDB/lib -R/usr/loca/berkeleyDB/lib”

export LDFLAGS

LD_LIBRARY_PATH=”/usr/local/berkeleyDB/lib”

export LD_LIBRARY_PATH

———————

 

Building OpenLDAP Source code: 

Go to folder where you have extracted openLDAP

Run below commands: (if you want/need to support TLS , run with flag –with-tls )

# ./configure 

# make depend

# make

# make test (if this fails, please logout and re-login and run this command)

 

Configuring openLDAP :

 

Go to /usr/local/etc/openldap 

Update slapd.conf under title :  BDB database definitions

suffix          “dc=ACME,dc=com”

rootdn          “cn=Manager,dc=idcqa,dc=com”

rootpw          password

Note: Replace “dc=amce,dc=com” with your required DN.

You can set password as hashed value. for that use slappasswd to generate the hash.  

 

Starting the Server

Start LDAP Server using below command

/usr/local/libexec/slapd -d127 -h “ldap://:389/ ldaps://:636/”  &

This will start server in debug mode and it will listen cleartext on 389 and TLS on 636

Sample LDIFs 

Use Below LDIF to add your first entry (save it as root.ldif)

dn: dc=ACME,dc=com

dc: ACME

description: ACME  Corp.

objectClass: dcObject

objectClass: organization

o: Acme

 

Command to add the entry to OpenLDAP: 

ldapadd -a -h localhost -p 389 -D “cn=Manager,dc=idcqa,dc=com” -w password  -f root.ldif -x

# ldapadd command will get installed along with openLDAP installation

 

Create Group:

create a ldif file with following contents to add a group under dc=Acme,dc=com

dn: cn=group1,dc=acme,dc=com

objectClass: groupOfNames

cn: group1

member:

Command:   ldapadd  -h localhost -p 389 -D “cn=Manager,dc=idcqa,dc=com” -w password  -f group.ldif -x

 

Creating User 

create a ldif file with following contents:

dn: cn=u1,dc=acme,dc=com

changetype: add

objectClass: inetOrgPerson

objectClass: organizationalPerson

objectClass: person

objectClass: top

sn: u1

cn: u1

mail: u1@acme.com

userPassword: password

Advertisements