Monday, July 28, 2014

LDAP - Configuring OpenLDAP

In previous post LDAP - Installing OpenLDAP, I listed down the steps to install OpenLDAP. In this post, I will list down the step to add LDAP entry for OpenLDAP

I will use LDIF and ldapadd to add LDAP entry into OpenLDAP database.

The LDAP Data Interchange Format (LDIF) is used to represent LDAP entries in a simple text format. And ldapadd is a utility which shipped with OpenLDAP to add LDAP entry

Adding an Organization Role

1. Create a LDIF file, ie, organization_roles.ldif
2. Add the following into organization_roles.ldif

# Organization for Example Corporation
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corporation

# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

The above create a organization role "Manager" in example.com LDAP directory.

3. Use ldapadd command to add the entry

Assuming that slapd.conf has the following entry

rootdn "cn=Manager,dc=example,dc=com"
rootpw secret

Note: You could check /usr/local/etc/openldap/slapd.conf for the root username and password

Then, you can use the following command to add a LDAP entry

ldapadd -f organization_roles.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret

where
-f    # file name which contains the entry
-x   # Use simple authentication instead of SASL
-D   # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w   # the password for simple authentication (password for rootpw)

4. On successful adding, you should see the following on the stdout

adding new entry "dc=example,dc=com"

adding new entry "cn=Manager,dc=example,dc=com"

Adding Multiple Users

1. Create a LDIF file, ie, users.ldif
2. Add the following into users.ldif

# Admin's Entry
dn: cn=Admin,dc=example,dc=com
cn: Administrator
objectClass: person
sn: Admin

# User1's Entry
dn: cn=User1,dc=example,dc=com
cn: User1
objectClass: person
sn: User1

# Eric Simpson's Entry
dn: cn=Eric Simpson,dc=example,dc=com
cn: Eric Simpson
cn: Eric Robert Simpson
objectClass: person
sn: Simpson

3. Use ldapadd command to add the entry 

ldapadd -f users.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret

where
-f    # file name which contains the entry
-x   # Use simple authentication instead of SASL
-D   # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w   # the password for simple authentication (password for rootpw)

4. Verify your entry with ldapsearch

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

where

-x    # Use simple authentication instead of SASL
-b   # the starting point for the search
(objectclass=*)    # It is the filter to be applied for the search. In this case, any objectClass

Or a Microsoft ActiveDirectory search

ldapsearch -x -H ldap://host:port -D 'Your BindDn User' -w 'Your BindDn password' -b "your base DN" "(&(objectClass=*) (sAMAccountName=username))"
where

-x    # Use simple authentication instead of SASL

-H    #Specify URI(s) referring to the ldap server(s)

-D    #Use the Distinguished Name binddn to bind to the LDAP directory

-w    #Use passwd as the password for simple authentication.

-b    # the starting point for the search

(objectclass=*)    # It is the filter to be applied for the search. In this case, any objectClass

Reference:

1. http://www.openldap.org/doc/admin24/dbtools.html
2. http://www.openldap.org/software/man.cgi?query=ldapadd&apropos=0&sektion=0&manpath=OpenLDAP+2.0-Release&format=html
3. http://jxplorer.org/downloads/users.html

No comments:

Post a Comment

Hadoop - How to setup a Hadoop Cluster

Below is a step-by-step guide which I had used to setup a Hadoop Cluster Scenario 3 VMs involved: 1) NameNode, ResourceManager - Host...