Friday, April 30, 2010

Configuring a simple Open LDAP Server on RHEL5.

Installation of Software

You need to have the following packages installed on the RHEL5 system

openldap
openldap-clients
openldap-servers
libtool-ltdl

If you plan to use yum repository to install the above packages then there would be no dependency errors. However, while attempting to do this manually the package openldap-server will throw a dependency for libtldl.so.3. To find out which package this file belongs to, do ` yum whatprovides */libltdl.so`. You'll know that this file comes from a package named: libtool-ltdl

Important Tools and Configuration Files

/etc/openldap/slapd.conf : This file has all the configuration pertaining to your ldap database

ldapadd: Used to add entries into the LDAP database.

slappasswd: Used to obtain hashed password for you to enter in the slapd.conf for primarily the rootpw user

ldapsearch: Used to query the ldap server and obtain information for quick check/debug.

Configuring the LDAP Server

/etc/openldap/slapd.conf

This is the main configuration file for openldap server. The first few most important lines that you must understand are the following. The other configuration entries are generally good to go for configuring a default LDAP Server.


database bdb
suffix "dc=mychirag,dc=com"
rootdn "cn=admin,dc=mychirag,dc=com"
rootpw {SSHA}7asWVOHgf+GAVQ8ru1DSf8tkUHlYKEfC
directory /var/lib/ldap


- With the "database" directive we define the type of database we'd be using to store the entries of the ldap server. In this case its bdb.
- The "directory" directive specifies the physical location of the database. Once you're LDAP Server is up and running, its good to check this location for the different files created. Also, it may make sense to back up this directory often in case you don't have a definite plan to backup ldap server.
- The rootdn and rootpw directives are as the name suggests, the "super user" username and password for the LDAP server identified by the "suffix" directive. The rootpw is a hashed password and is generated using slappasswd as follows


[root@rhel5-ch openldap]# slappasswd -s dirtysecret
{SSHA}7asWVOHgf+GAVQ8ru1DSf8tkUHlYKEfC


Once the slapd.conf file is configured, you need to start the ldap server and ensure its up and running.

Adding Entries into the LDAP Server

Create a file named /root/newentry and have the following contents in it:


dn: dc=mychirag,dc=com
dc: mychirag
objectclass: dcObject
objectclass: top
objectclass: organization
o: mychirag.com
description: Chirag RK Corp


Add the entry into LDAP database

ldapadd -x -D "cn=admin,dc=mychirag,dc=com" -f /root/newentry1 -w dirtysecret

Now you can add more entries into the LDAP Server depending on how you want it to grow and its hierarchy

/root/newntry2


dn: cn=admin,dc=mychirag,dc=com
objectclass: inetOrgPerson
cn: admin
sn: admin
description: Administrator


ldapadd -x -D "cn=admin,dc=mychirag,dc=com" -f /root/newentry2 -w dirtysecret

Check if the entries got added

[root@rhel5-ch openldap]# ldapsearch -x -LLL -bdc=mychirag,dc=com -h localhost
dn: dc=mychirag,dc=com
dc: mychirag
objectClass: dcObject
objectClass: top
objectClass: organization
o: mychirag.com
description: Chirag RK Corp

dn: cn=admin,dc=mychirag,dc=com
objectClass: inetOrgPerson
cn: admin
sn: admin
description: Administrator

Voila! your LDAP Server is up and running and has data inside it too.

Note: This http://www.zytrax.com/books/ldap/ is a very good document to understand LDAP Server. I usually refer to it for understanding fundamentals quickly.

Labels: ,