Tuesday, October 1, 2013

Open LDAP

Ldap is nothing but Light Weight Directory Access Protocol. it is a lightweight client-server protocol for accessing directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

A Directory is much similar like a Database ,but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time

LDAP directory service is based on a client-server model. One or more LDAP servers contain the data making up the LDAP directory tree or LDAP backend database. An LDAP client connects to an LDAP server and asks it a question. The server responds with the answer, or with a pointer to where the client can get more information

The LDAP server supports a variety of different database back ends which you can use. They include the primary choice BDB, a high-performance transactional database back end.

Open LDAP
Open ldap is open source implementation of the LDAP protocol. Many Linux distributions have support to the open ldap

In this article we will see how we can configure Open LDAP on Redhat Linux 6 and also see how to add data and access that.

Requirements
Make sure you install all the Necessary Packages

[root@vx111a slapd.d]# yum list installed | grep ldap
apr-util-ldap.x86_64 1.3.9-3.el6_0.1 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
compat-openldap.x86_64 1:2.3.43-2.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
openldap.x86_64 2.4.23-15.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
openldap-clients.x86_64 2.4.23-15.el6 @rhel-source
openldap-devel.x86_64 2.4.23-15.el6 @rhel-source
openldap-servers.x86_64 2.4.23-15.el6 @rhel-source
python-ldap.x86_64 2.3.10-1.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1

Install all the open Ldap packages using
yum install *openldap* -y

Configuration
Once the Installation of the Open Ldap packages are completed. We then go for configuring the openldap. The main core file for open ldap is slapd.conf file

[root@vx111a slapd.d]# cd /etc/openldap/
[root@vx111a openldap]# updatedb
[root@vx111a openldap]# locate slapd.conf
/root/slapd.conf
****
****
/usr/share/openldap-servers/slapd.conf.obsolete

For the /etc/openldap/ location
[root@vx111a openldap]# cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf

Password Configuration
Once the slapd.conf file is available ,create a password for connecting to the open ldap server using

[root@vx111a openldap]# slappasswd
New password:
Re-enter new password:
{SSHA}gGyRLMZEQWSj0G5aJr43PY9AeqGSBm2p

Copy the DB Configuration File
[root@vx111a openldap]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Modify the slapd.conf File
The Important elements that needs to be done are ,

database bdb
suffix "dc=example,dc=com" #Change according to you Domain
rootdn "cn=Manager,dc=example,dc=com" #Change according to you Domain
#rootpw secret
rootpw {SSHA}gGyRLMZEQWSj0G5aJr43PY9AeqGSBm2p
mode 0700
directory /var/lib/ldap


# enable monitoring
database monitor #To use Database monitor

# allow onlu rootdn to read the monitor #Permissions for the Users on the monitor Darabase
access to *
by dn.exact="cn=Manager,dc=my-domain,dc=com" read
by * none

Test the Configurations
Test the Configurations using ,

[root@vx111a openldap]# slaptest -f slapd.conf -F slapd.d/
bdb_db_open: DB_CONFIG for suffix "dc=example,dc=com" has changed.
Performing database recovery to activate new settings.
bdb_db_open: database "dc=example,dc=com": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
config file testing succeeded

We can also use
slapd -Tt
config file testing Succeded

Start the Service
[root@vx111a openldap]# service slapd restart
Stopping slapd: [ OK ]
Starting slapd: [ OK ]

Test
Test the ldap Configuration using the ldap tool available like

[root@vx111a Desktop]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=example,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Note the use of single quotes around command parameters to prevent special characters from being interpreted by the shell. This should return:

dn:
namingContexts: dc=example,dc=com


Add Data
Once the Ldap test is successful ,we will add the Data. Copy the below content to a text file as example.ldif

dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager

Now save and add to ldap using
[root@vx111a Desktop]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"

adding new entry "cn=Manager,dc=example,dc=com"


#it asks for the password for connecting to the ldap , use the password that we encrypted and added to the sladp.conf file

Search The Data
Once the Data is added successfully ,we can search the data using

[root@vx111a Desktop]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.com
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: Example Company
dc: example

# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

By this we complete the Configuration of Ldap on Redhat Linux.
Happy Learning :-) , More to Come.