Wednesday, August 14, 2013

Openldap Installation and Configuration on SuSE Linux 11

Use Yast(2) to install openldap server and client, I am using  version 2-2.4.26-0.12.1 in this case.

Installation

Here, I am not explain the installation in details.

1. Check LDAP, LDAP over SSL, and LDAP over IPC, if you are not using yast2, you might be able to change the options in ldap configuration files.


Configuration


base    dc=office,dc=goweekend,dc=ca
uri     ldap://ldap.office.goweekend.ca
surfix dc=office,dc=goweekend,dc=ca
Administrator DN cn=Administrator,dc=office,dc=goweekend,dc=ca



restart ldap service
# service ldap restart

Population

Add your own schema

Add your own schema if necessary, if not, you can skip this section to load your groups/users.

you can refer to /etc/openldap/schema/core.ldif to [rrepare your own schema. You can register your own OID from Internet Assigned Numbers Authority (IANA) by filling out the registration form http://pen.iana.org/pen/PenApplication.page, to check your existing OID number, go to page http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers.

 Or, you can dump existing schema from your existing ldap server by following below procedure. For instance, mylocal.schema
Find the included schema in slapd.conf, and copy those entries to /var/tmp/dump.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/rfc2307bis.schema
include         /etc/openldap/schema/yast.schema
include         /etc/openldap/schema/mylocal.schema

  1. Login into a Linux server which can connect to existing ldap server
  2. create /var/tmp/dump.conf
    include         /etc/openldap/schema/core.schema
    include         /etc/openldap/schema/cosine.schema
    include         /etc/openldap/schema/inetorgperson.schema
    include         /etc/openldap/schema/rfc2307bis.schema
    include         /etc/openldap/schema/yast.schema
    include         /etc/openldap/schema/mylocal.schema
  3. create folder /var/tmp/schema_dump
    # mkdir -p /var/tmp/schema_dump
  4. dump schema
    # slaptest -f /var/tmp/dump.conf -F /var/tmp/schema_dump
  5.  copy the dump to new ldap server by scp, ftp ..., but I prefer tar and ssh
    # tar -cf - /var/tmp/schema_dump | ssh ldap.office.goweekend.ca "cd /; tar -xf -"
  6. modify /var/tmp/schema_dump/cn=config/cn=schema/cn={5}mylocal.ldif on new ldap server
    Fromto
    dn: cn={5}mylocal,cn=schema,cn=config
    cn: {5}mylocalmylocal

    and remove below entries from the end
    structuralObjectClass:
    entryUUID:
    creatorsName:
    createTimestamp:
    entryCSN:
    modifiersName: cn=config
    modifyTimestamp:
  7. load your schema
    # ldapadd -Y EXTERNAL -H ldapi:/// -f /var/tmp/schema_dump/cn\=config/cn\=schema/cn\=\{5\}mylocal.ldif

Load groups and users

Groups

# cat group.ldif
dn: cn=administrators,dc=office,dc=goweekend,dc=ca
objectClass: groupofnames
objectClass: top
cn: administrators
member: cn=Administrator,dc=office,dc=goweekend,dc=ca


# ldapadd -h ldap.office.goweekend.ca -D "cn=Administrator,dc=office,dc=goweekend,dc=ca" -W -f group.ldif

to verify
# ldapsearch -h ldap.office.goweekend.ca -D "cn=Administrator,dc=office,dc=goweekend,dc=ca" -W '(cn=administrators)'
# extended LDIF
#
# LDAPv3
# base <dc=office,dc=goweekend,dc=ca> (default) with scope subtree
# filter: (cn=administrators)
# requesting: ALL
#

# administrators, goweekend.ca
dn: cn=administrators,dc=office,dc=goweekend,dc=ca
objectClass: groupOfNames
objectClass: top
cn: administrators
member: cn=Administrator,dc=office,dc=goweekend,dc=ca

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Users

# cat tomcatt.ldif
dn: cn=Tom Catt,dc=office,dc=goweekend,dc=ca
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: Tom Catt
sn: Catt
uid: tomcatt
givenName: Tom
mail: tomcatt@goweekend.ca
postalAddress: 1 Yonge St., North Pole, Canada
postalCode: H0H 0H0
telephoneNumber: 111-111-1111
title: Santa
userPassword:: RjFyc3RDMHQ=

# ldapadd -h ldap.office.goweekend.ca -D "cn=Administrator,dc=office,dc=goweekend,dc=ca" -W -f tomcatt.ldif


to verify


# ldapsearch -h ldap.office.goweekend.ca -D "cn=Administrator,dc=office,dc=goweekend,dc=ca" -W '(cn=Tom Catt)'
# extended LDIF
#
# LDAPv3
# base <dc=office,dc=goweekend,dc=ca> (default) with scope subtree
# filter: (cn=Tom Catt)
# requesting: ALL
#

# Tom Catt, goweekend.ca
dn: cn=Tom Catt,dc=office,dc=goweekend,dc=ca
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: Tom Catt
sn: Catt
uid: tomcatt
givenName: Tom
mail: tomcatt@goweekend.ca
postalAddress: 1 Yonge St., North Pole, Canada
postalCode: H0H 0H0
telephoneNumber: 111-111-1111
title: Santa
userPassword:: RjFyc3RDMHQ=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1






1 comment:

  1. Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating Hadoop Administration Online course Bangalore

    ReplyDelete