Luthienstar Networks Wiki

User Tools

Site Tools

Trace: ldap
setup:ldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
setup:ldap [2013/07/19 11:22] – created rootsetup:ldap [2013/07/19 11:49] (current) root
Line 4: Line 4:
  
 Therefore, if you don't read carefully the following instructions, you might lose your time while pissing off. Therefore, if you don't read carefully the following instructions, you might lose your time while pissing off.
 +
 +===== Slapd Installation =====
 +
 +Well, it works pretty nicely on debian:
 +
 +<code>apt-get install slapd ldap-utils</code>
 +
 +Please notice that you may have conflicts with samba as debian implementation launches a LDAP directody by default.
 +
  
 ===== Enable access to cn=config from PHPLdapAdmin ===== ===== Enable access to cn=config from PHPLdapAdmin =====
Line 25: Line 34:
 <code># ldapadd -Y EXTERNAL -H ldapi:/// -f update_adminpass.ldif</code> <code># ldapadd -Y EXTERNAL -H ldapi:/// -f update_adminpass.ldif</code>
  
 +===== Add a new root DN =====
 +
 +For this part, let's assume we want to create a Root DN ''dc=acme''
 +
 +==== Storage Backend Configuration ====
 +
 +1st thing to do is to configure the backend to serve the root DN you want to create. To do so, the simplest way is to copy then edit the ''{1}hdb'' into a similar entry, without forgetting to increment the number between the brackets. Do not forget to change the following fields:
 + * ''olcAccess'' Access rules
 + * ''olcDbDirectory'' Data storage directory
 + * ''olcRootDN'' Root user for your database (e.g. cn=admin,dc=acme)
 + * ''olcRootPW'' Root password for your database
 + * ''olcSuffix'' The RDN of the root DN you are to create.
 +
 +==== Create the DN and populate the admin user ====
 +
 +Put the following content in a file (add_dc_acme.ldif in our case).
 +<code># Entry 1: dc=acme
 +dn: dc=acme
 +objectclass: top
 +objectclass: dcObject
 +objectclass: organization
 +dc: acme
 +o: acme
 +description: Acme Corporation
 +
 +# Entry 2: cn=admin,dc=acme
 +dn: cn=admin,dc=acme
 +objectclass: simpleSecurityObject
 +objectclass: organizationalRole
 +cn: admin
 +description: acme LDAP administrator
 +userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</code>
 +
 +One again, ''slappasswd'' is your friend to generate a password hash. 
  
 +Then execute the following command in your shell: 
 +<code>ldapadd -x -D cn=admin,dc=acme -W -f add_dc_acme.ldif</code>
  
 +As far as I have understood, performing a basic authentication will use olcRootDN and olcRootPW from the backend data for authentication. If you screw up something with ''cn=admin,dc=acme'', you will still be able to repair your mess by performing a basic authentication.
setup/ldap.1374225774.txt.gz · Last modified: 2013/07/19 11:22 by root
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki