{"id":910,"date":"2018-05-08T13:01:08","date_gmt":"2018-05-08T10:01:08","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=910"},"modified":"2018-05-08T13:18:41","modified_gmt":"2018-05-08T10:18:41","slug":"debian-how-to-install-openldap-server-on-debian-or-ubuntu","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=910","title":{"rendered":"Debian – How to install OpenLDAP Server on Debian or Ubuntu"},"content":{"rendered":"

This document describes how to install and configure OpenLDAP in Debian\/Ubuntu Server. I will use OpenLDAP to configure a corporate organizational structure through OpenLDAP.<\/p>\n

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP\/IP or other connection oriented transfer services. The nitty-gritty details of LDAP are defined in\u00a0RFC2251<\/a>\u00a0“The Lightweight Directory Access Protocol (v3)” and other documents comprising the technical specification\u00a0RFC3377<\/a><\/p>\n

LDAP is a platform-independent protocol. Several common Linux distributions include OpenLDAP Software for LDAP support. The software also runs on BSD-variants, as well as AIX, Android, HP-UX, Mac OS X, Solaris, Microsoft Windows (NT and derivatives, e.g. 2000, XP, Vista, Windows 7, etc.), and z\/OS.<\/p>\n

\n
\n
\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n

This guide will work both in Debian\/Ubuntu server. I do not issue any guarantee that this will work for you!<\/p>\n

 <\/p>\n

1 Preliminary Note<\/h3>\n

This tutorial is based on Debian 7.6 server, so you should set up a basic Debian 7.6 server installation before you continue with this tutorial. The system should have a static IP address. I use\u00a0192.168.0.100<\/span>\u00a0as my IP address in this tutorial and\u00a0server1.example.com<\/span>\u00a0as the hostname. I am using root credentials for installations, you can use\u00a0sudo<\/span>\u00a0before the commands if you are installing it without\u00a0root<\/span>.<\/p>\n

Note:The guide can be used for both Ubuntu\/Debian server.<\/p>\n

2 Install OpenLDAP<\/h3>\n

2.1 OpenLDAP installation<\/h4>\n

We will install OpenLDAP as follows:<\/p>\n

apt-get update
\napt-get install slapd ldap-utils<\/p>\n

\"\"<\/a><\/p>\n

Put the password and press\u00a0OK<\/span>. I am using password\u00a0howtoforge<\/span>, input your desired password.<\/p>\n

\"\"<\/a><\/p>\n

Confirm the password and press\u00a0OK<\/span>.<\/p>\n

2.2 OpenLDAP Configuration<\/h4>\n

Now we will edit the configuration file to make the OpenLDAP server according to our environment.<\/p>\n

nano \/etc\/ldap\/ldap.conf<\/p>\n

Give the entries as follows:<\/p>\n\n\n\n
\n
#\r\n# LDAP Defaults\r\n#\r\n\r\n# See ldap.conf(5) for details\r\n# This file should be world readable but not world writable.\r\n\r\nBASE    dc=example,dc=com<\/strong>\r\nURI     ldap:\/\/192.168.0.100 ldap:\/\/192.168.0.100:666<\/strong>\r\n\r\n#SIZELIMIT      12\r\n#TIMELIMIT      15\r\n#DEREF          never\r\n\r\n# TLS certificates (needed for GnuTLS)\r\nTLS_CACERT      \/etc\/ssl\/certs\/ca-certificates.crt\r\n<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
 <\/p>\n
Note in my case hostname was server1.example.com so my dc=example and dc=com<\/p>\n
Save the file and run the following command to reconfigure the LDAP package.<\/p>\n
dpkg-reconfigure slapd<\/p>\n
It will ask some questionnaire, we will choose the values as follows:
\n\"\"<\/a><\/p>\n
Select\u00a0No<\/span>:
\n\"\"<\/a><\/p>\n
Select\u00a0Ok<\/span>:
\n\"\"<\/a><\/p>\n
Give any name as per your needs, in my case I am using\u00a0Test-company<\/span>\u00a0as the company name. Further press\u00a0Ok<\/span>.<\/p>\n
\"\"<\/a><\/p>\n
Give an administrative password, and confirm the same.<\/p>\n
\"\"<\/a><\/p>\n
\"\"<\/a><\/p>\n
Select\u00a0HDB<\/span>\u00a0and press\u00a0Ok<\/span>.
\n\"\"<\/a><\/p>\n
Select\u00a0Yes<\/span>.
\n\"\"<\/a><\/p>\n
Again select\u00a0Yes<\/span>\u00a0and move the old database files.
\n\"\"<\/a><\/p>\n
We don’t want to use LDAPv2 protocol so select\u00a0No<\/span>.<\/p>\n
#vahepeal tuleb ldapi server restartida ja kontrollida kas see t\u00f6\u00f6tab ka<\/strong>
\n\/etc\/init.d\/slapd restart<\/strong><\/p>\n
Now we are done with the configuration, we can check that our installation have all gone well with the command:<\/p>\n
ldapsearch -x<\/p>\n
It will show output like this:<\/p>\n
root@server1:~# ldapsearch -x
\n# extended LDIF
\n#
\n# LDAPv3
\n# base <dc=example,dc=com> (default) with scope subtree
\n# filter: (objectclass=*)
\n# requesting: ALL
\n## example.com
\ndn: dc=example,dc=com
\nobjectClass: top
\nobjectClass: dcObject
\nobjectClass: organization
\no: Test-company
\ndc: example<\/p>\n
# admin, example.com
\ndn: cn=admin,dc=example,dc=com
\nobjectClass: simpleSecurityObject
\nobjectClass: organizationalRole
\ncn: admin
\ndescription: LDAP administrator<\/p>\n
# search result
\nsearch: 2
\nresult: 0 Success<\/p>\n
# numResponses: 3
\n# numEntries: 2
\nroot@server1:~#<\/p>\n<\/address>\n
It shows successful configuration for the OpenLDAP server.<\/p>\n
3 phpLDAPadmin installation<\/h3>\n
We can administrate the OpenLDAP with commands, but to make it an easier task I will install phpLDAPadmin. We need to have an Apache server and php installed before phpLDAPadmin installation:<\/p>\n
apt-get install apache2 php5 php5-mysql<\/p>\n
Next we can install phpLDAPadmin as follows:<\/p>\n
apt-get install phpldapadmin<\/p>\n
Now we need to modify phpLDAPadmin in accordance to our server requirement so that it will get controlled through it, edit the file\u00a0\u00a0\/etc\/phpldapadmin\/config.php<\/span>\u00a0and give the values like this:<\/p>\n
nano \/etc\/phpldapadmin\/config.php<\/p>\n
Values will be like this:<\/p>\n\n\n\n
\n
[...]\r\n$servers = new Datastore();\r\n$servers->newServer('ldap_pla');\r\n$servers->setValue('server','name','Test-company LDAP');\r\n$servers->setValue('server','host','127.0.0.1');\r\n$servers->setValue('server','base',array('dc=example,dc=com'));\r\n$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');<\/strong>\r\n?>\r\n<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
Note: In above file dc will vary according to your hostname, i have given my company name as Test-company you can use other name as per your choice.<\/p>\n
Now open the link\u00a0http:\/\/192.168.0.100\/phpldapadmin<\/span>\u00a0in any browser of your choice.<\/p>\n
\"\"<\/a><\/p>\n
Press\u00a0Login<\/span>\u00a0at left of the panel.<\/p>\n
\"\"<\/a><\/p>\n
Put the password used at the time of modifying the LDAP, in my case user=admin<\/span>(it is preselected) and password=howtoforge<\/span>.<\/p>\n
\"\"<\/a><\/p>\n
It will be your default welcome page.<\/p>\n
4 Adding accounts in LDAP<\/h3>\n
Next we will create a test entry in the LDAP server and verify the settings in admin panel itself. Suppose we are in a corporate company and we want to classify different teams with\u00a0 different team stucture, such as Teachnical-team, Accounts Department an HR department etc. Now click on\u00a0+<\/span>\u00a0sign\u00a0dc=example, dc=com<\/span>\u00a0and at\u00a0cn=admin<\/span>\u00a0select\u00a0Create a child entry<\/span>.<\/p>\n
\"\"<\/a><\/p>\n
To have such functionality in LDAP select\u00a0Generic: Posix Group<\/span><\/p>\n
\"\"<\/a><\/p>\n
Next you will be redirected as:<\/p>\n
\"\"<\/a><\/p>\n
I am just taking an example, and adding a test entry for\u00a0Technical-team<\/span>\u00a0as my group. Press\u00a0Create Object<\/span>.<\/p>\n
\"\"<\/a><\/p>\n
Verify the things and Press\u00a0Commit<\/span>.<\/p>\n
\"\"<\/a><\/p>\n
It will create the group As Technical-team, similarily we can create other groups as per our corporate structure.<\/p>\n
\"\"<\/a><\/p>\n
We can check the groups under\u00a0cn=admin<\/span>\u00a0similarily add other groups as per our needs.<\/p>\n
Congratulations! Now we have successfully configured OpenLDAP in Debian Wheezy \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
This document describes how to install and configure OpenLDAP in Debian\/Ubuntu Server. I will use OpenLDAP to configure a corporate organizational structure through OpenLDAP. LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP\/IP or other connection […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":621,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-910","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=910"}],"version-history":[{"count":3,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/910\/revisions"}],"predecessor-version":[{"id":913,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/910\/revisions\/913"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/621"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}