LDAP - Configuring OpenLDAP
In previous post LDAP - Installing OpenLDAP, I listed down the steps to install OpenLDAP. In this post, I will list down the step to add LDAP entry for OpenLDAP
I will use LDIF and ldapadd to add LDAP entry into OpenLDAP database.
The LDAP Data Interchange Format (LDIF) is used to represent LDAP entries in a simple text format. And ldapadd is a utility which shipped with OpenLDAP to add LDAP entry
2. Add the following into organization_roles.ldif
# Organization for Example Corporation
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corporation
# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
The above create a organization role "Manager" in example.com LDAP directory.
3. Use ldapadd command to add the entry
Assuming that slapd.conf has the following entry
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
Note: You could check /usr/local/etc/openldap/slapd.conf for the root username and password
Then, you can use the following command to add a LDAP entry
ldapadd -f organization_roles.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
where
-f # file name which contains the entry
-x # Use simple authentication instead of SASL
-D # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w # the password for simple authentication (password for rootpw)
4. On successful adding, you should see the following on the stdout
adding new entry "dc=example,dc=com"
adding new entry "cn=Manager,dc=example,dc=com"
Adding Multiple Users
1. Create a LDIF file, ie, users.ldif
2. Add the following into users.ldif
# Admin's Entry
dn: cn=Admin,dc=example,dc=com
cn: Administrator
objectClass: person
sn: Admin
# User1's Entry
dn: cn=User1,dc=example,dc=com
cn: User1
objectClass: person
sn: User1
# Eric Simpson's Entry
dn: cn=Eric Simpson,dc=example,dc=com
cn: Eric Simpson
cn: Eric Robert Simpson
objectClass: person
sn: Simpson
ldapadd -f users.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
where
-f # file name which contains the entry
-x # Use simple authentication instead of SASL
-D # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w # the password for simple authentication (password for rootpw)
4. Verify your entry with ldapsearch
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
where
-x # Use simple authentication instead of SASL
-b # the starting point for the search
(objectclass=*) # It is the filter to be applied for the search. In this case, any objectClass
Or a Microsoft ActiveDirectory search
ldapsearch -x -H ldap://host:port -D 'Your BindDn User' -w 'Your BindDn password' -b "your base DN" "(&(objectClass=*) (sAMAccountName=username))"
where
-x # Use simple authentication instead of SASL
-H #Specify URI(s) referring to the ldap server(s)
-D #Use the Distinguished Name binddn to bind to the LDAP directory
-w #Use passwd as the password for simple authentication.
-b # the starting point for the search
(objectclass=*) # It is the filter to be applied for the search. In this case, any objectClass
Reference:
1. http://www.openldap.org/doc/admin24/dbtools.html
2. http://www.openldap.org/software/man.cgi?query=ldapadd&apropos=0&sektion=0&manpath=OpenLDAP+2.0-Release&format=html
3. http://jxplorer.org/downloads/users.html
I will use LDIF and ldapadd to add LDAP entry into OpenLDAP database.
The LDAP Data Interchange Format (LDIF) is used to represent LDAP entries in a simple text format. And ldapadd is a utility which shipped with OpenLDAP to add LDAP entry
Adding an Organization Role
1. Create a LDIF file, ie, organization_roles.ldif2. Add the following into organization_roles.ldif
# Organization for Example Corporation
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corporation
# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
The above create a organization role "Manager" in example.com LDAP directory.
3. Use ldapadd command to add the entry
Assuming that slapd.conf has the following entry
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
Note: You could check /usr/local/etc/openldap/slapd.conf for the root username and password
Then, you can use the following command to add a LDAP entry
ldapadd -f organization_roles.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
where
-f # file name which contains the entry
-x # Use simple authentication instead of SASL
-D # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w # the password for simple authentication (password for rootpw)
4. On successful adding, you should see the following on the stdout
adding new entry "dc=example,dc=com"
adding new entry "cn=Manager,dc=example,dc=com"
Adding Multiple Users
1. Create a LDIF file, ie, users.ldif
2. Add the following into users.ldif
# Admin's Entry
dn: cn=Admin,dc=example,dc=com
cn: Administrator
objectClass: person
sn: Admin
# User1's Entry
dn: cn=User1,dc=example,dc=com
cn: User1
objectClass: person
sn: User1
# Eric Simpson's Entry
dn: cn=Eric Simpson,dc=example,dc=com
cn: Eric Simpson
cn: Eric Robert Simpson
objectClass: person
sn: Simpson
3. Use ldapadd command to add the entry
ldapadd -f users.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
where
-f # file name which contains the entry
-x # Use simple authentication instead of SASL
-D # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w # the password for simple authentication (password for rootpw)
4. Verify your entry with ldapsearch
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
where
-x # Use simple authentication instead of SASL
-b # the starting point for the search
(objectclass=*) # It is the filter to be applied for the search. In this case, any objectClass
Or a Microsoft ActiveDirectory search
ldapsearch -x -H ldap://host:port -D 'Your BindDn User' -w 'Your BindDn password' -b "your base DN" "(&(objectClass=*) (sAMAccountName=username))"
where
-x # Use simple authentication instead of SASL
-H #Specify URI(s) referring to the ldap server(s)
-D #Use the Distinguished Name binddn to bind to the LDAP directory
-w #Use passwd as the password for simple authentication.
-b # the starting point for the search
(objectclass=*) # It is the filter to be applied for the search. In this case, any objectClass
Reference:
1. http://www.openldap.org/doc/admin24/dbtools.html
2. http://www.openldap.org/software/man.cgi?query=ldapadd&apropos=0&sektion=0&manpath=OpenLDAP+2.0-Release&format=html
3. http://jxplorer.org/downloads/users.html
Comments
Post a Comment