Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica.

Published byKatharine Earle Modified over 9 years ago

Similar presentations

Presentation on theme: "OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica."— Presentation transcript:

1 OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica

2 Agenda Installing OpenLDAP –Ubuntu 10.0.4 Server Initial configuration of OpenLDAP Installing a web-based administration tool Configuring Apache2 to use LDAP for authentication Copyright 2010 Syntactica 2

3 Installing OpenLDAP Copyright 2010 Syntactica 3 Apt-get command sudo apt-get install slapd ldap-utils ldap-account-manager To clear an existing database sudo dpkg-reconfigure slapd

4 Initial Configuration Now add a few schemata (only core.schema is provided by default): Copyright 2010 Syntactica 4 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

5 Database Setup (db.ldif) Copyright 2010 Syntactica 5 # Load modules for database type dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb # Load modules for database type dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb

6 Create Directory Database Copyright 2010 Syntactica 6 # Create directory database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=exist-db,dc=org olcRootDN: cn=admin,dc=exist-db,dc=org olcRootPW: 1234 olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=exist-db,dc=org" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=exist-db,dc=org" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq # Create directory database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=exist-db,dc=org olcRootDN: cn=admin,dc=exist-db,dc=org olcRootPW: 1234 olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=exist-db,dc=org" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=exist-db,dc=org" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq

7 Defaults Modifications Copyright 2010 Syntactica 7 ########################################################### # DEFAULTS MODIFICATION ########################################################### # Some of the defaults need to be modified in order to allow # remote access to the LDAP config. Otherwise only root # will have administrative access. dn: cn=config changetype: modify delete: olcAuthzRegexp dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {CRYPT}7hzU8RaZxaGi2 dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess ########################################################### # DEFAULTS MODIFICATION ########################################################### # Some of the defaults need to be modified in order to allow # remote access to the LDAP config. Otherwise only root # will have administrative access. dn: cn=config changetype: modify delete: olcAuthzRegexp dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {CRYPT}7hzU8RaZxaGi2 dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess

8 Loading the database setup Copyright 2010 Syntactica 8 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif

9 Creating the Initial Directory Tree Copyright 2010 Syntactica 9 dn: dc=exist-db,dc=org objectClass: dcObject objectClass: organization o: exist-db.org dc: exist-db description: Tree root dn: dc=exist-db,dc=org objectClass: dcObject objectClass: organization o: exist-db.org dc: exist-db description: Tree root

10 Load the Initial Database Copyright 2010 Syntactica 10 You can now load this configuration file into the LDAP database with the ldapadd command.: sudo ldapadd -x -D cn=admin,dc=exist-db,dc=org -W -f /home/exist/base.ldif When prompted for the password, use "1234" unless you changed the value in db.ldif.

11 configure the ldap-account-manager Copyright 2010 Syntactica 11 sudo vi /etc/apache2/sites-available/default-ssl Add the following to default-ssl. It creates the alias of https://vm.exist-db.org/lam/ to the PHP pages that administer the groups and users within the LDAP server. Alias /lam/ "/usr/share/ldap-account-manager/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from all Alias /lam/ "/usr/share/ldap-account-manager/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from all

12 Enable the LDAP module within Apache Copyright 2010 Syntactica 12 sudo a2enmod ldap sudo a2enmod authnz_ldap sudo /etc/init.d/apache2 reload sudo a2enmod ldap sudo a2enmod authnz_ldap sudo /etc/init.d/apache2 reload The LDAP module is now enabled.

13 Copyright 2010 Syntactica 13

14 Copyright 2010 Syntactica 14

15 Copyright 2010 Syntactica 15 Password is lam

16 Copyright 2010 Syntactica 16 Replace the values to match your database

17 Copyright 2010 Syntactica 17 Replace the values to match your database Remove Hosts and Samba

18 Copyright 2010 Syntactica 18 Remove the Shadow and Samba modules

19 Copyright 2010 Syntactica 19 Check the fields that you do not want in the create user page

20 Copyright 2010 Syntactica 20

21 Copyright 2010 Syntactica 21 Password is 1234

22 Copyright 2010 Syntactica 22

23 Questions? Loren Cahlander Syntactica 7400 Metro Boulevard Suite 350 Edina, MN 55439 952-460-1675 Copyright 2010 Syntactica 23

Download ppt "OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica."

Similar presentations

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.

Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)

SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)

SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)
Setting up a Subversion repository By: Matt Krass Last Updated: 4/11/07.

Setting up a Subversion repository By: Matt Krass Last Updated: 4/11/07.
Setting up Greenstone for your organization Course material prepared by Greenstone Digital Library Project University of Waikato, New Zealand andNational.

Setting up Greenstone for your organization Course material prepared by Greenstone Digital Library Project University of Waikato, New Zealand andNational.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Appendix: Installing AMP (Apache + MySQL + PHP). Training Course, CS, NCTU 2 AMP  AMP A – Apache Web Server M – MySQL Database Server P – PHP Language.

Appendix: Installing AMP (Apache + MySQL + PHP). Training Course, CS, NCTU 2 AMP  AMP A – Apache Web Server M – MySQL Database Server P – PHP Language.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
V2012.13. 2 Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 10 Topics: Coming up: –Yearbook Picture: Feb 7 12:20PM.

V Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 10 Topics: Coming up: –Yearbook Picture: Feb 7 12:20PM.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP.

Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.
Bynari, Inc. Sharing made easy Doug Finch Director of Technical Support Bynari, Inc.

Bynari, Inc. Sharing made easy Doug Finch Director of Technical Support Bynari, Inc.
SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.

SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.

Similar presentations

Ads by Google