home   articles   archive   forum   masthead  
Published at 24.3.2001
Author: Thomas Kroll
Translator: Andy Ziegler
Languages: de nl cn
Printer printer-version
Support Us!
 

Installation of a LDAP server

LDAP ?!

LDAP and its uses explained.


LDAP stands for Lightweight Directory Access Protocol.

With OpenLDAP you can save information in a tree structure and make these accessible to others. For example, you can create a complete address- and e-mail- tree, or you set up the complete structure of a company with OpenLDAP.

In this HOWTO we will describe the installation of an OpenLDAP server using SuSE Linux 7.0.

Why write this HOWTO? We had to set up an LDAP server and in the Internet found the existing HOWTOs to be too complex, so we had to fight with LDAP on our own.

The Installation

Installing OpenLDAP is quite easy. Select both the packages openldap.rpm

and ldaplib.rpm

which are placed in the sub-group "n" .
Now you have to change a few configuration files. Go to "/etc/openldap" and edit the file ldap.conf

We explain this configuration by using our file as an example:

/etc/openldap/ldap.conf
   ##########/etc/openldap/ldap.conf#########
   
   # More details in the man page ldap.conf(5)
   # This file should be globally readable
   
   # here you specify the LDAP server: host name and IP address
   host 127.0.0.1
   
   # starting a search this is the first point in your directory 
   # tree of the database.
   
   base  o=testnet.de
   
   # that is all
   
   ############################################


Next you have to edit the file sladp.conf.

/etc/openldap/slapd.conf
   ######### /etc/openldap/slapd.conf ###########
   
   # this file must not be globally readable
   
   # slapd.at.conf <-- here you find a description of the attributes
   # slapd.oc.conf <-- here you find a description of the object classes
  
   include         /etc/openldap/slapd.at.conf
   include         /etc/openldap/slapd.oc.conf
   schemacheck     off
  
   pidfile         /var/run/slapd.pid
   argsfile        /var/run/slapd.args
  
   # settings for the LDAP database
   # here you specify the database which has to be used 
   
   database        ldbm
   
   # Suffix / root directory. this is the highest entry in the 
   # LDAP directory
   suffix          "o=testnet.de"
   
   # Here the LDAP database is saved
   directory       /var/lib/ldap
  
   # the administrator's name of this directory
   rootdn          "cn=Manager, o=testnet.de"
  
  
   # here you specify the administrator's password
   rootpw          secret
   ############################################


Now the OpenLDAP server can be started.

Therefore you enter: 

  /sbin/init.d/ldap start

and the server should run!

Creation of a database

The creation of a database is very complex because you must know the whole structure beforehand.

In this part we try to describe the set-up of a database using ours and explain how to add data and container objects.

First you have to create a new directory "ldif" in /etc/openldap: 

  >> cd /etc/openldap
  >> mkdir ldif
  >> cd ldif

Here you create your database using any editor. We call it datenbank.ldif .

datenbank.ldif

  dn: o=testnet.de
  o: testnet.de
  objectclass: top
  objectclass: organization
  
  dn: ou=linux, o=testnet.de
  ou: linux
  objectclass: organizationalUnit
  
  dn: uid=tover, ou=linux, o=testnet.de
  uid: tover
  cn: Tom Over
  sn: Over
  givenname: Tom
  objectclass: person
  userpassword: clearpass
  mailacceptinggeneralid: overmindtom@gmx.net
  ou: linux
  
  dn: uid=tslider, ou=linux, o=testnet.de
  uid: tslider
  cn: The Slider
  sn: Slider
  givenname: The
  objectclass: person
  userpassword: clearpass
  mailacceptinggeneralid: slider_e-mai@gmx.de
  ou: linux


Now the first database is set-up and has to be added to the LDAP server!

This works with the command: 

  >> ldapadd -D "cn=Manager, o=testnet.de" -w secret < /etc/openldap/ldif
  /datenbank.ldif

Tthe program should copy that command.

To be sure that it worked you simply try the command: 

  >> ldapsearch uid=tover

Now you should get all data to this "uid" .

Adding more data sets

Adding more data sets requires an additional file. We call it new.ldif.

new.ldif
  dn: uid=mmuster, ou=linux, o=testnet.de
  uid: mmuster
  cn: Max Maxample
  sn: Maxample
  givenname: Max
  objectclass: person
  userpassword: clearpass
  mailacceptinggeneralid: mmaxample@testnet.de
  ou: linux


This data can be added using the command ldapadd: 

  >> ldapadd -D "cn=Manager, o=testnet.de" -w secret < /etc/openldap/ldif
  /new.ldif

Adding more container objects:

Similar steps would be necessary if you tried to add another container object. Once again, you create a file which is called container.ldif.

container.ldif

  dn: ou=abt2, o=testnet.de
  ou: abt2
  objectclass: organizationalUnit
  
  dn: uid=hwurst, ou=abt2, o=testnet.de
  uid: hwurst
  cn: Hans Wurst
  sn: Wurst
  givenname: Hans
  objectclass: person
  userpassword: clearpass
  mailacceptinggeneralid: hwurst@testnet.de
  ou: abt2


You add this container object using the command ldapadd: 

  >> ldapadd -D "cn=Manager, o=testnet.de" -w secret < /etc/openldap/ldif
  /container.ldif

Now in this container the user with the id hwurst exists. We hope the syntax becomes clear to you by following these examples.

(Another way of administration is by using the tool kldap, although we won't describe this now! )

Access the data with Netscape

You can access the LDAP server using the address book of Netscape. We describe how this works.

Open Netscape and click on : 

   Communicator
     > Address Book

Chose File and create a new Directory. Here you fill in the corresponding fields:

Now you can search the data with "Search For...".

That should be all! We hope we made it easier for you to set up an LDAP server.



Talkback Area




Enter Own Comment