My take on LDAP - #2 Installing the Server

in #technology7 years ago (edited)

Hello Steemians,

this is part #2 of my series about LDAP on Ubuntu / Debian.
Today we'll install and configure the LDAP server itself.


First we need to install the server and a utility package for communicating with the server in the command line by executing:
sudo apt install slapd ldap-utils
The installation will ask us to enter a admin password, but as we will reconfigure it later anyway, we can just skip through that.

Then we need to reconfigure slapd: sudo dpkg-reconfigure slapd

We then answer the prompts like this:

  • Omit OpenLDAP server configuration?
    • No (This would skip the configuration)
  • DNS domain name:
    • sub.example.net (The domain of the LDAP server)
  • Organization name:
    • torrid (Just a name for the LDAP top level entry)
  • Administrator password:
    • secret (The new admin password)
  • Database backend:
    • MDB (The other two are deprecated)
  • Do you want the database to be removed when slapd is purged?
    • No (You probably don't want to lose all your users if someone removes slapd for some reason.)
  • Move old database?
    • Yes (Like it says, it may fail otherwise)

Next we need to configure the ldap command line client.
To do that we edit /etc/ldap/ldap.conf and change it to contain the following:

BASE       dc=sub,dc=example,dc=net
URI        ldap://localhost

URI tells the client where to look for our ldap server by default, and as we are on that machine, we just use localhost.
BASE set's the default search base of the client. Here we need to enter the LDAP base.


Now we can test the LDAP server with the following command:
ldapsearch -x -W -D cn=admin,dc=sub,dc=example,dc=net
The arguments -x -W mean, that we want to use simple authentication and want to be prompted for the password.
With the argument -D we specify the user we want to authenticate with. Here we are using the admin of our Server.

The result of this should look something like this:

# extended LDIF
#
# LDAPv3
# base <dc=sub,dc=example,dc=net> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# sub.example.net
dn: dc=sub,dc=example,dc=net
objectClass: top
objectClass: dcObject
objectClass: organization
o: torrid
dc: sub

# admin, sub.example.net
dn: cn=admin,dc=sub,dc=example,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9enZ6RWxCM2RmMWM4R3NTZC9Ld1FXOHdLQ0pFQWhnaFI=

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2 

I hope this post was helpful
Torrid Spectra

Sort:  

Congratulations @torrid! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @torrid! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You made more than 100 upvotes. Your next target is to reach 200 upvotes.

Click here to view your Board
If you no longer want to receive notifications, reply to this comment with the word STOP

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @torrid! You received a personal award!

1 Year on Steemit

Click here to view your Board

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @torrid! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!