OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica.

Slides:



Advertisements
Similar presentations
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Advertisements

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
CIT 470: Advanced Network and System Administration
SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)
Setting up a Subversion repository By: Matt Krass Last Updated: 4/11/07.
Setting up Greenstone for your organization Course material prepared by Greenstone Digital Library Project University of Waikato, New Zealand andNational.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Appendix: Installing AMP (Apache + MySQL + PHP). Training Course, CS, NCTU 2 AMP  AMP A – Apache Web Server M – MySQL Database Server P – PHP Language.
August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
V Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 10 Topics: Coming up: –Yearbook Picture: Feb 7 12:20PM.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.
Bynari, Inc. Sharing made easy Doug Finch Director of Technical Support Bynari, Inc.
SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.
KAIST 12 / SPARCS 12 chaos.  서로 연관이 있는 파일들을 하나의 그룹으로 만들 어서 저장하게 하는 공간  ex) People ID Name Phone number.
17. LDAP logue.
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.
A few Linux basics Network Monitoring & Management.
OpenLDAP: Building and Configuring CNS 4650 Fall 2004 Rev. 2.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
TAGPMA Twiki ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution.
LDAP: LDIF & DSML Fall 2004 Rev. 2. LDIF Light-weight Data Interchange Format RFC 2849 Common format to exchange data entry schema.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
The DSpace Course Module – Configuring LDAP. Module objectives  By the end of this module you will:  Understand how DSpace uses LDAP for authentication.
Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.
Module 4 : Installation Jong S. Bok
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.
1 COP 4343 Unix System Administration Unit 13: LDAP.
Cosc 4750 Configuring httpd, Mysql, And Samba. defaults By default httpd demean will startup and work User directories are turned off Default directory.
3 Copyright © 2004, Oracle. All rights reserved. Controlling Access to the Oracle Listener.
Multi-Domain Hosting Hosting multiple domains on one server using Apache John Beckett 1/16/2013.
LING 408/508: Programming for Linguists Lecture 17 October 28 th.
AACLS Documentation LDAP and releasing information issue ACL and ACI AACLS Model Physical Architecture Logical Architecture Example : a French university.
LDAP (Lightweight Directory Access Protocol)
Introduction to Linux Server Setup Jonathan Hood CSE 4000 Practical Issues in Software Engineering.
SquirrelMail for Webmail Quick and Dirty Michuki Mwangi for AfNOG 2010.
Multi-Domain Hosting CPTE 212 “Missing Slides” for 1/22/2015 John Beckett.
NX Documentation Using Windows IIS (Internet Information Services) as a http server for NX documentation.
Building Your Own Website Using:. Install & configure LAMP. Download WordPress and run it as a local website on your Raspberry Pi. Configure WordPress.
Lightweight Directory Access Protocol Objectives –This chapter will first show you how to install and use LDAP Contents –The LDAP Database Structure –Scenario.
LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.
How to Install OpenLDAP Sudo apt-get update Sudo apt-get install slapd ldap-utils.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Installing iHRIS Install iHRIS Manage on an Ubuntu System
Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport
COP 4343 Unix System Administration
CWMS Configuration Making our PowerPoint simpler and more distinctive.
Unix System Administration
Introduction to LDAP Frank A. Kuse.
Chapter 5 Linux Services
Chapter 11: Managing Users
LINUX ADMINISTRATION 1
Unix System Administration
CCNA 3 v3.1 Module 6 Switch Configuration
Ubuntu Working in Terminal
Implementation and configuration of LDAP
IS3440 Linux Security Unit 3 User Account Management
IIS.
Network Administration
welcome to: Latinx Tech PDX
Administering Users and Groups
Administering Users and Groups
Presentation transcript:

OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica

Agenda Installing OpenLDAP –Ubuntu Server Initial configuration of OpenLDAP Installing a web-based administration tool Configuring Apache2 to use LDAP for authentication Copyright 2010 Syntactica 2

Installing OpenLDAP Copyright 2010 Syntactica 3 Apt-get command sudo apt-get install slapd ldap-utils ldap-account-manager To clear an existing database sudo dpkg-reconfigure slapd

Initial Configuration Now add a few schemata (only core.schema is provided by default): Copyright 2010 Syntactica 4 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

Database Setup (db.ldif) Copyright 2010 Syntactica 5 # Load modules for database type dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb # Load modules for database type dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb

Create Directory Database Copyright 2010 Syntactica 6 # Create directory database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=exist-db,dc=org olcRootDN: cn=admin,dc=exist-db,dc=org olcRootPW: 1234 olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=exist-db,dc=org" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=exist-db,dc=org" write by * read olcLastMod: TRUE olcDbCheckpoint: olcDbConfig: {0}set_cachesize olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq # Create directory database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=exist-db,dc=org olcRootDN: cn=admin,dc=exist-db,dc=org olcRootPW: 1234 olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=exist-db,dc=org" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=exist-db,dc=org" write by * read olcLastMod: TRUE olcDbCheckpoint: olcDbConfig: {0}set_cachesize olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq

Defaults Modifications Copyright 2010 Syntactica 7 ########################################################### # DEFAULTS MODIFICATION ########################################################### # Some of the defaults need to be modified in order to allow # remote access to the LDAP config. Otherwise only root # will have administrative access. dn: cn=config changetype: modify delete: olcAuthzRegexp dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {CRYPT}7hzU8RaZxaGi2 dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess ########################################################### # DEFAULTS MODIFICATION ########################################################### # Some of the defaults need to be modified in order to allow # remote access to the LDAP config. Otherwise only root # will have administrative access. dn: cn=config changetype: modify delete: olcAuthzRegexp dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {CRYPT}7hzU8RaZxaGi2 dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess

Loading the database setup Copyright 2010 Syntactica 8 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif

Creating the Initial Directory Tree Copyright 2010 Syntactica 9 dn: dc=exist-db,dc=org objectClass: dcObject objectClass: organization o: exist-db.org dc: exist-db description: Tree root dn: dc=exist-db,dc=org objectClass: dcObject objectClass: organization o: exist-db.org dc: exist-db description: Tree root

Load the Initial Database Copyright 2010 Syntactica 10 You can now load this configuration file into the LDAP database with the ldapadd command.: sudo ldapadd -x -D cn=admin,dc=exist-db,dc=org -W -f /home/exist/base.ldif When prompted for the password, use "1234" unless you changed the value in db.ldif.

configure the ldap-account-manager Copyright 2010 Syntactica 11 sudo vi /etc/apache2/sites-available/default-ssl Add the following to default-ssl. It creates the alias of to the PHP pages that administer the groups and users within the LDAP server. Alias /lam/ "/usr/share/ldap-account-manager/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from all Alias /lam/ "/usr/share/ldap-account-manager/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from all

Enable the LDAP module within Apache Copyright 2010 Syntactica 12 sudo a2enmod ldap sudo a2enmod authnz_ldap sudo /etc/init.d/apache2 reload sudo a2enmod ldap sudo a2enmod authnz_ldap sudo /etc/init.d/apache2 reload The LDAP module is now enabled.

Copyright 2010 Syntactica 13

Copyright 2010 Syntactica 14

Copyright 2010 Syntactica 15 Password is lam

Copyright 2010 Syntactica 16 Replace the values to match your database

Copyright 2010 Syntactica 17 Replace the values to match your database Remove Hosts and Samba

Copyright 2010 Syntactica 18 Remove the Shadow and Samba modules

Copyright 2010 Syntactica 19 Check the fields that you do not want in the create user page

Copyright 2010 Syntactica 20

Copyright 2010 Syntactica 21 Password is 1234

Copyright 2010 Syntactica 22

Questions? Loren Cahlander Syntactica 7400 Metro Boulevard Suite 350 Edina, MN Copyright 2010 Syntactica 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.