Wednesday, September 23, 2015

how to setup ldap server with slapd

1- install slapd and necessaries software

$ sudo apt-get install slapd ldap-utils
$ service slapd start

2- set database structure and password

  *** information *****
  - dc: ldap.com
  - dn: admin , ldap.com
  - password: 123

  I- generate password hash using slappasswd
  $ slappasswd
   New password:
   Re-enter new password:
   {SSHA}mPSNQfDEzV/0T5OJ/jVOFByBAGH6TEiA

  II- create ldif file to set our with our define dc and password : file name db.ldif

dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}mPSNQfDEzV/0T5OJ/jVOFByBAGH6TEiA

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}mPSNQfDEzV/0T5OJ/jVOFByBAGH6TEiA
-
replace: olcRootDN
olcRootDN: cn=admin,dc=ldap,dc=com
-
replace: olcSuffix
olcSuffix: dc=ldap,dc=com

     *** sometime it use bdb database if so change from hdb to bdb ***

   III- use ldapmodify to update database with dn password 123
  $ sudo ldapmodify -a -Q -Y EXTERNAL -H ldapi:/// -f db.ldif

3- add object to our ldap objects -- save as first-added.ldif

##### dc object ##########
dn: dc=ldap,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: ldap company
dc: ldap


##### ou users ########
dn: ou=users,dc=ldap,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users


##### adam user #######
dn: uid=adam,ou=users,dc=ldap,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: adam
uid: adam
uidNumber: 16860
gidNumber: 100
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: adam
userPassword: {SSHA}mPSNQfDEzV/0T5OJ/jVOFByBAGH6TEiA
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0




$ ldapadd -x -D "cn=admin,dc=ldap,dc=com" -w 123 -f first-added.ldif

****** when prompt for password, it is 123, the password of dn *****


4- list all ldap object
 $ ldapsearch -x -z 100 -b 'dc=ldap,dc=com' '(objectclass=*)' -D "cn=admin,dc=ldap,dc=com" -W

5- test authentication against ldap
- on local using adam username and password
$ ldapsearch -x -z 100 -b 'dc=ldap,dc=com' '(objectclass=*)' -D "cn=adam,ou=users,dc=ldap,dc=com" -W

 - on remote using adam username and password our ldap dns name is ldap.ldap.com
 $ ldapsearch -x -LLL -h ldap.ldap.com -z 100 -b 'dc=ldap,dc=com' '(objectclass=*)' -D "cn=adam,ou=users,dc=ldap,dc=com" -W

No comments:

Post a Comment