Ldap
is nothing but Light Weight Directory Access Protocol. it is a
lightweight client-server protocol for accessing directory services.
LDAP runs over TCP/IP or other connection oriented transfer services.
A
Directory is much similar like a Database ,but tends to contain more
descriptive, attribute-based information. The information in a
directory is generally read much more often than it is written.
Directories are tuned to give quick-response to high-volume lookup or
search operations. They may have the ability to replicate information
widely in order to increase availability and reliability, while
reducing response time
LDAP
directory service is based on a client-server model. One or more LDAP
servers contain the data making up the LDAP directory tree or LDAP
backend database. An LDAP client connects to an LDAP server and asks
it a question. The server responds with the answer, or with a pointer
to where the client can get more information
The
LDAP server supports a variety of different database back ends which
you can use. They include the primary choice BDB, a high-performance
transactional database back end.
Open
LDAP
Open
ldap is open source implementation of the LDAP protocol. Many Linux
distributions have support to the open ldap
In
this article we will see how we can configure Open LDAP on Redhat
Linux 6 and also see how to add data and access that.
Requirements
Make
sure you install all the Necessary Packages
[root@vx111a
slapd.d]# yum list installed | grep ldap
apr-util-ldap.x86_64 1.3.9-3.el6_0.1 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
compat-openldap.x86_64 1:2.3.43-2.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
openldap.x86_64 2.4.23-15.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
openldap-clients.x86_64 2.4.23-15.el6 @rhel-source
openldap-devel.x86_64 2.4.23-15.el6 @rhel-source
openldap-servers.x86_64 2.4.23-15.el6 @rhel-source
python-ldap.x86_64 2.3.10-1.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
apr-util-ldap.x86_64 1.3.9-3.el6_0.1 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
compat-openldap.x86_64 1:2.3.43-2.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
openldap.x86_64 2.4.23-15.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
openldap-clients.x86_64 2.4.23-15.el6 @rhel-source
openldap-devel.x86_64 2.4.23-15.el6 @rhel-source
openldap-servers.x86_64 2.4.23-15.el6 @rhel-source
python-ldap.x86_64 2.3.10-1.el6 @anaconda-RedHatEnterpriseLinux-201105101844.x86_64/6.1
Install
all the open Ldap packages using
yum
install *openldap* -y
Configuration
Once
the Installation of the Open Ldap packages are completed. We then go
for configuring the openldap. The main core file for open ldap is
slapd.conf file
[root@vx111a
slapd.d]# cd /etc/openldap/
[root@vx111a openldap]# updatedb
[root@vx111a openldap]# locate slapd.conf
/root/slapd.conf
****
[root@vx111a openldap]# updatedb
[root@vx111a openldap]# locate slapd.conf
/root/slapd.conf
****
****
/usr/share/openldap-servers/slapd.conf.obsolete
For
the /etc/openldap/ location
[root@vx111a
openldap]# cp /usr/share/openldap-servers/slapd.conf.obsolete
slapd.conf
Password
Configuration
Once
the slapd.conf file is available ,create a password for connecting to
the open ldap server using
[root@vx111a
openldap]# slappasswd
New password:
Re-enter new password:
{SSHA}gGyRLMZEQWSj0G5aJr43PY9AeqGSBm2p
New password:
Re-enter new password:
{SSHA}gGyRLMZEQWSj0G5aJr43PY9AeqGSBm2p
Copy
the DB Configuration File
[root@vx111a
openldap]# cp /usr/share/openldap-servers/DB_CONFIG.example
/var/lib/ldap/DB_CONFIG
Modify
the slapd.conf File
The
Important elements that needs to be done are ,
database
bdb
suffix
"dc=example,dc=com" #Change according to you Domain
rootdn
"cn=Manager,dc=example,dc=com" #Change according to
you Domain
#rootpw
secret
rootpw
{SSHA}gGyRLMZEQWSj0G5aJr43PY9AeqGSBm2p
mode
0700
directory
/var/lib/ldap
#
enable monitoring
database
monitor #To use Database monitor
#
allow onlu rootdn to read the monitor #Permissions for the Users on
the monitor Darabase
access
to *
by
dn.exact="cn=Manager,dc=my-domain,dc=com" read
by
* none
Test
the Configurations
Test
the Configurations using ,
[root@vx111a
openldap]# slaptest -f slapd.conf -F slapd.d/
bdb_db_open: DB_CONFIG for suffix "dc=example,dc=com" has changed.
Performing database recovery to activate new settings.
bdb_db_open: database "dc=example,dc=com": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
config file testing succeeded
bdb_db_open: DB_CONFIG for suffix "dc=example,dc=com" has changed.
Performing database recovery to activate new settings.
bdb_db_open: database "dc=example,dc=com": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
config file testing succeeded
We
can also use
slapd
-Tt
config
file testing Succeded
Start
the Service
[root@vx111a
openldap]# service slapd restart
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
Test
Test
the ldap Configuration using the ldap tool available like
[root@vx111a
Desktop]# ldapsearch -x -b '' -s base '(objectclass=*)'
namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Note
the use of single quotes around command parameters to prevent special
characters from being interpreted by the shell. This should return:
dn:
namingContexts: dc=example,dc=com
dn:
namingContexts: dc=example,dc=com
Add
Data
Once
the Ldap test is successful ,we will add the Data. Copy the below
content to a text file as example.ldif
dn:
dc=example,dc=com
objectclass:
dcObject
objectclass:
organization
o:
Example Company
dc:
example
dn:
cn=Manager,dc=example,dc=com
objectclass:
organizationalRole
cn:
Manager
Now
save and add to ldap using
[root@vx111a
Desktop]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W
-f example.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "cn=Manager,dc=example,dc=com"
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "cn=Manager,dc=example,dc=com"
#it
asks for the password for connecting to the ldap , use the password
that we encrypted and added to the sladp.conf file
Search The Data
Once
the Data is added successfully ,we can search the data
using
[root@vx111a Desktop]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: Example Company
dc: example
# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
[root@vx111a Desktop]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: Example Company
dc: example
# Manager, example.com
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
By
this we complete the Configuration of Ldap on Redhat Linux.
Happy
Learning :-) , More to Come.
