Today I will show you how to set up an ldap server on Ubuntu 12.04 LTS.
First we need to install the packages we need so in a terminal type:
sudo apt-get install slapd ldap-utils
During installation you will be asked for an ldap administrator password. You should choose one and then retype it.
The configurations example that follows uses a FQDN of comtech.com. You should change this to the FQDN of your organisation.
Now we need to add some additional schema files. In a terminal enter:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
Now make a file called backend.comtech.com.ldif somewhere on your system and add the following configuration to it.
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=comtech,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=comtech,dc=com
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn=”cn=admin,dc=comtech,dc=com” write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base=”" by * read
olcAccess: to * by dn=”cn=admin,dc=comtech,dc=com” write by * read
We now need to add the LDIF to the directory so in a terminal type:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.comtech.com.ldif
Now create a file called frontend.comtech.com.ldif somewhere on your system and add the following configuration to it.
# Create top-level object in domain
dn: dc=comtech,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Comtech
dc: comtech
description: Comtech LDAP Configuration
# Admin user.
dn: cn=admin,dc=comtech,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (ADD YOUR OWN PASSWORD HERE)
dn: ou=people,dc=comtech,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=comtech,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=bob,ou=people,dc=comtech,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: Bob
sn: Wates
givenName: Bob
cn: Bob Wates
displayName: Bob Wates
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: Bob Wates
loginShell: /bin/bash
homeDirectory: /home/bob
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: bob.wates@comtech.com
postalCode: CF24
l: Cardiff
o: Comtech
mobile: +44 (0)7 xx xx xx xx
homePhone: +44 (0)1 xx xx xx xx x
title: System Administrator
postalAddress:
initials: BW
dn: cn=comtech,ou=groups,dc=comtech,dc=com
objectClass: posixGroup
cn: comtech
gidNumber: 10000
Now we need to add the entries to the LDAP directory. In a terminal type:
sudo ldapadd -x -D cn=admin,dc=comtech,dc=com -W -f frontend.comtech.com.ldif
You will be asked for the ldap administration password. This is the password in the admin section of the frontend.comtech.com.ldif file.
All that is left to do is to test the configuration so in a terminal type:
ldapsearch -xLLL -b “dc=comtech,dc=com” uid=bob sn givenName cn
If your files are configured correctly then you get the following output.
dn: uid=bob,ou=people,dc=comtech,dc=com
cn: Bob Wates
sn: Wates
givenName: Bob
First we need to install the packages we need so in a terminal type:
sudo apt-get install slapd ldap-utils
During installation you will be asked for an ldap administrator password. You should choose one and then retype it.
The configurations example that follows uses a FQDN of comtech.com. You should change this to the FQDN of your organisation.
Now we need to add some additional schema files. In a terminal enter:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
Now make a file called backend.comtech.com.ldif somewhere on your system and add the following configuration to it.
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=comtech,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=comtech,dc=com
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn=”cn=admin,dc=comtech,dc=com” write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base=”" by * read
olcAccess: to * by dn=”cn=admin,dc=comtech,dc=com” write by * read
We now need to add the LDIF to the directory so in a terminal type:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.comtech.com.ldif
Now create a file called frontend.comtech.com.ldif somewhere on your system and add the following configuration to it.
# Create top-level object in domain
dn: dc=comtech,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Comtech
dc: comtech
description: Comtech LDAP Configuration
# Admin user.
dn: cn=admin,dc=comtech,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (ADD YOUR OWN PASSWORD HERE)
dn: ou=people,dc=comtech,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=comtech,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=bob,ou=people,dc=comtech,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: Bob
sn: Wates
givenName: Bob
cn: Bob Wates
displayName: Bob Wates
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: Bob Wates
loginShell: /bin/bash
homeDirectory: /home/bob
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: bob.wates@comtech.com
postalCode: CF24
l: Cardiff
o: Comtech
mobile: +44 (0)7 xx xx xx xx
homePhone: +44 (0)1 xx xx xx xx x
title: System Administrator
postalAddress:
initials: BW
dn: cn=comtech,ou=groups,dc=comtech,dc=com
objectClass: posixGroup
cn: comtech
gidNumber: 10000
Now we need to add the entries to the LDAP directory. In a terminal type:
sudo ldapadd -x -D cn=admin,dc=comtech,dc=com -W -f frontend.comtech.com.ldif
You will be asked for the ldap administration password. This is the password in the admin section of the frontend.comtech.com.ldif file.
All that is left to do is to test the configuration so in a terminal type:
ldapsearch -xLLL -b “dc=comtech,dc=com” uid=bob sn givenName cn
If your files are configured correctly then you get the following output.
dn: uid=bob,ou=people,dc=comtech,dc=com
cn: Bob Wates
sn: Wates
givenName: Bob