Difference between revisions of "Install ldap server"

From MPSWiki
Jump to: navigation, search
Line 60: Line 60:
 
and run commands:
 
and run commands:
 
'''sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif'''
 
'''sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif'''
 +
 
'''sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif'''
 
'''sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif'''
 +
 
'''sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif'''
 
'''sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif'''
  
  
create users:
+
''create users''
generate SHA for userPassword: slappasswd -h {SHA} -s my_password
+
generate ''SHA for userPassword'': '''slappasswd -h {SHA} -s my_password'''
 +
 
 +
create file: '''add_user_test.ldif'''
 +
 
 +
  dn: cn=test,ou=people,dc=ldap-test,dc=com
 +
  cn: test
 +
  givenName: test
 +
  sn: test
 +
  uid: test
 +
  uidNumber: 5000
 +
  gidNumber: 10000
 +
  homeDirectory: /home/test
 +
  mail: test@ldap-test.com
 +
  objectClass: top
 +
  objectClass: posixAccount
 +
  objectClass: shadowAccount
 +
  objectClass: inetOrgPerson
 +
  objectClass: organizationalPerson
 +
  objectClass: person
 +
  loginShell: /bin/bash
 +
  userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
 +
 
 +
 
 +
and run command: '''ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif'''
 +
 
 +
create file: '''add_user_valera.ldif'''
 +
 
 +
  dn: cn=valera,ou=people,dc=ldap-test,dc=com
 +
  cn: valera
 +
  givenName: valera
 +
  sn: valera
 +
  uid: valera
 +
  uidNumber: 5000
 +
  gidNumber: 10000
 +
  homeDirectory: /home/valera
 +
  mail: valera@ldap-test.com
 +
  objectClass: top
 +
  objectClass: posixAccount
 +
  objectClass: shadowAccount
 +
  objectClass: inetOrgPerson
 +
  objectClass: organizationalPerson
 +
  objectClass: person
 +
  loginShell: /bin/bash
 +
  userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=
 +
 
 +
and run command: '''ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif'''
 +
 
 +
create file: '''add_user_svan.ldif'''
 +
 
 +
  dn: cn=svan,ou=people,dc=ldap-test,dc=com
 +
  cn: svan
 +
  givenName: svan
 +
  sn: svan
 +
  uid: svan
 +
  uidNumber: 5000
 +
  gidNumber: 10000
 +
  homeDirectory: /home/svan
 +
  mail: svan@ldap-test.com
 +
  objectClass: top
 +
  objectClass: posixAccount
 +
  objectClass: shadowAccount
 +
  objectClass: inetOrgPerson
 +
  objectClass: organizationalPerson
 +
  objectClass: person
 +
  loginShell: /bin/bash
 +
  userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=
 +
 
 +
and run command: '''ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif'''
 +
 
 +
''create groups''
 +
create file: a'''dd_group_disabled.ldif'''
  
create file: add_user_test.ldif
+
  dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com
"
+
  objectClass: groupofnames
dn: cn=test,ou=people,dc=ldap-test,dc=com
+
  cn: Disabled
cn: test
+
  description: All users
givenName: test
+
  member: cn=test,ou=people,dc=ldap-test,dc=com
sn: test
 
uid: test
 
uidNumber: 5000
 
gidNumber: 10000
 
homeDirectory: /home/test
 
mail: test@ldap-test.com
 
objectClass: top
 
objectClass: posixAccount
 
objectClass: shadowAccount
 
objectClass: inetOrgPerson
 
objectClass: organizationalPerson
 
objectClass: person
 
loginShell: /bin/bash
 
userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
 
  
"
+
and run command: '''ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif'''
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif
 
  
create file: add_user_valera.ldif
+
create file: '''add_group_openvpn.ldif'''
"
 
dn: cn=valera,ou=people,dc=ldap-test,dc=com
 
cn: valera
 
givenName: valera
 
sn: valera
 
uid: valera
 
uidNumber: 5000
 
gidNumber: 10000
 
homeDirectory: /home/valera
 
mail: valera@ldap-test.com
 
objectClass: top
 
objectClass: posixAccount
 
objectClass: shadowAccount
 
objectClass: inetOrgPerson
 
objectClass: organizationalPerson
 
objectClass: person
 
loginShell: /bin/bash
 
userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=
 
"
 
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif
 
  
create file: add_user_svan.ldif
+
  dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com
"
+
  objectClass: groupofnames
dn: cn=svan,ou=people,dc=ldap-test,dc=com
+
  cn: OpenVPN
cn: svan
+
  description: All users
givenName: svan
+
  member: cn=valera,ou=people,dc=ldap-test,dc=com
sn: svan
+
  member: cn=svan,ou=people,dc=ldap-test,dc=com
uid: svan
+
  member: cn=test,ou=people,dc=ldap-test,dc=com
uidNumber: 5000
 
gidNumber: 10000
 
homeDirectory: /home/svan
 
mail: svan@ldap-test.com
 
objectClass: top
 
objectClass: posixAccount
 
objectClass: shadowAccount
 
objectClass: inetOrgPerson
 
objectClass: organizationalPerson
 
objectClass: person
 
loginShell: /bin/bash
 
userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=
 
"
 
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif
 
  
create groups:
 
create file: add_group_disabled.ldif
 
"
 
dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com
 
objectClass: groupofnames
 
cn: Disabled
 
description: All users
 
member: cn=test,ou=people,dc=ldap-test,dc=com
 
  
"
+
and run command: '''ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif'''
ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif
 
  
create file: add_group_openvpn.ldif
 
"
 
dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com
 
objectClass: groupofnames
 
cn: OpenVPN
 
description: All users
 
member: cn=valera,ou=people,dc=ldap-test,dc=com
 
member: cn=svan,ou=people,dc=ldap-test,dc=com
 
member: cn=test,ou=people,dc=ldap-test,dc=com
 
  
"
+
''Italic text''code
ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif
+
for '''ldap_simple_bind_s''':
  
 +
  PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com";
 +
  PWCHAR password = L"valera";
 +
  ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);
  
code:
+
for '''ldap_search_s''':
for ldap_simple_bind_s:
 
"
 
PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com";
 
PWCHAR password = L"valera";
 
ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);
 
"
 
  
for ldap_search_s:
+
  LDAPMessage *pResults = NULL;
"
+
  PWCHAR base_path = L"dc=ldap-test,dc=com";
LDAPMessage *pResults = NULL;
+
  PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))";
PWCHAR base_path = L"dc=ldap-test,dc=com";
+
  error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);
PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))";
 
error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);
 
  
"
 
  
links:
+
''links''
https://help.ubuntu.com/lts/serverguide/openldap-server.html
+
[https://help.ubuntu.com/lts/serverguide/openldap-server.html]
https://www.adimian.com/blog/2014/10/how-to-enable-memberof-using-openldap/
+
[https://www.adimian.com/blog/2014/10/how-to-enable-memberof-using-openldap/]
https://computingforgeeks.com/install-and-configure-openldap-phpldapadmin-on-ubuntu-18-04-lts/
+
[https://computingforgeeks.com/install-and-configure-openldap-phpldapadmin-on-ubuntu-18-04-lts/]

Revision as of 07:53, 24 October 2019

Install ldap sudo apt install slapd ldap-utils

configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type


add users ndgroups create file: add_nodes.ldif 

 dn: ou=people,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: People

 dn: ou=groups,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: Groups

and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif

enabling MemberOF create file: memberof_config.ldif 

 dn: cn=module,cn=config
 cn: module
 objectClass: olcModuleList
 olcModuleLoad: memberof
 olcModulePath: /usr/lib/ldap

 dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcMemberOf
 objectClass: olcOverlayConfig
 objectClass: top
 olcOverlay: memberof
 olcMemberOfDangling: ignore
 olcMemberOfRefInt: TRUE
 olcMemberOfGroupOC: groupOfNames
 olcMemberOfMemberAD: member
 olcMemberOfMemberOfAD: memberOf

create file: refint1.ldif 

 dn: cn=module{1},cn=config
 add: olcmoduleload
 olcmoduleload: refint


create file: refint2.ldif 

 dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcOverlayConfig
 objectClass: olcRefintConfig
 objectClass: top
 olcOverlay: {1}refint
 olcRefintAttribute: memberof member manager owner

and run commands: sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif

sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif


create users generate SHA for userPassword: slappasswd -h {SHA} -s my_password

create file: add_user_test.ldif 

 dn: cn=test,ou=people,dc=ldap-test,dc=com
 cn: test
 givenName: test
 sn: test
 uid: test
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/test
 mail: test@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=


and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif

create file: add_user_valera.ldif 

 dn: cn=valera,ou=people,dc=ldap-test,dc=com
 cn: valera
 givenName: valera
 sn: valera
 uid: valera
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/valera
 mail: valera@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif

create file: add_user_svan.ldif 

 dn: cn=svan,ou=people,dc=ldap-test,dc=com
 cn: svan
 givenName: svan
 sn: svan
 uid: svan
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/svan
 mail: svan@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif

create groups create file: add_group_disabled.ldif 

 dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com
 objectClass: groupofnames
 cn: Disabled
 description: All users
 member: cn=test,ou=people,dc=ldap-test,dc=com

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif

create file: add_group_openvpn.ldif 

 dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com
 objectClass: groupofnames
 cn: OpenVPN
 description: All users
 member: cn=valera,ou=people,dc=ldap-test,dc=com
 member: cn=svan,ou=people,dc=ldap-test,dc=com
 member: cn=test,ou=people,dc=ldap-test,dc=com


and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif


Italic textcode for ldap_simple_bind_s: 

 PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com";
 PWCHAR password = L"valera";
 ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);

for ldap_search_s: 

 LDAPMessage *pResults = NULL;
 PWCHAR base_path = L"dc=ldap-test,dc=com";
 PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))";
 error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);


links [1] [2] [3]

Retrieved from "https://mps.resnet.com/MPSWiki/index.php?title=Install_ldap_server&oldid=385"