Table of Contents
OpenLDAP Server configuration
When doing some operations, dealing with OpenLDAP can be a pain in the butt, as the community did retarded choice (like the slapd.d configuration mess, which makes a root creation a real pain in the arse).
Therefore, if you don't read carefully the following instructions, you might lose your time while pissing off.
Slapd Installation
Well, it works pretty nicely on debian:
apt-get install slapd ldap-utils
Please notice that you may have conflicts with samba as debian implementation launches a LDAP directody by default.
Enable access to cn=config from PHPLdapAdmin
Hashing a password can be done with slappasswd.
Put the following content in a file (update_adminpass.ldif in our case).
dn: cn=config
changetype: modify
# cn=admin,cn=config is already set in a fresh slapd install
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then execute the following command in your shell:
# ldapadd -Y EXTERNAL -H ldapi:/// -f update_adminpass.ldif
Add a new root DN
For this part, let's assume we want to create a Root DN dc=acme
Storage Backend Configuration
1st thing to do is to configure the backend to serve the root DN you want to create. To do so, the simplest way is to copy then edit the {1}hdb into a similar entry, without forgetting to increment the number between the brackets. Do not forget to change the following fields:
* olcAccess Access rules
* olcDbDirectory Data storage directory
* olcRootDN Root user for your database (e.g. cn=admin,dc=acme)
* olcRootPW Root password for your database
* olcSuffix The RDN of the root DN you are to create.
Create the DN and populate the admin user
Put the following content in a file (add_dc_acme.ldif in our case).
# Entry 1: dc=acme
dn: dc=acme
objectclass: top
objectclass: dcObject
objectclass: organization
dc: acme
o: acme
description: Acme Corporation
# Entry 2: cn=admin,dc=acme
dn: cn=admin,dc=acme
objectclass: simpleSecurityObject
objectclass: organizationalRole
cn: admin
description: acme LDAP administrator
userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
One again, slappasswd is your friend to generate a password hash.
Then execute the following command in your shell:
ldapadd -x -D cn=admin,dc=acme -W -f add_dc_acme.ldif
As far as I have understood, performing a basic authentication will use olcRootDN and olcRootPW from the backend data for authentication. If you screw up something with cn=admin,dc=acme, you will still be able to repair your mess by performing a basic authentication.