Difference between revisions of "Install ldap server"

Install ldap sudo apt install slapd ldap-utils

configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type

add users ndgroups create file: add_nodes.ldif

 dn: ou=people,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: People

 dn: ou=groups,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: Groups

and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif

enabling MemberOF create file: memberof_config.ldif

 dn: cn=module,cn=config
 cn: module
 objectClass: olcModuleList
 olcModuleLoad: memberof
 olcModulePath: /usr/lib/ldap

 dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcMemberOf
 objectClass: olcOverlayConfig
 objectClass: top
 olcOverlay: memberof
 olcMemberOfDangling: ignore
 olcMemberOfRefInt: TRUE
 olcMemberOfGroupOC: groupOfNames
 olcMemberOfMemberAD: member
 olcMemberOfMemberOfAD: memberOf

create file: refint1.ldif

 dn: cn=module{1},cn=config
 add: olcmoduleload
 olcmoduleload: refint

create file: refint2.ldif

 dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcOverlayConfig
 objectClass: olcRefintConfig
 objectClass: top
 olcOverlay: {1}refint
 olcRefintAttribute: memberof member manager owner

and run commands: sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif

sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif

create users generate SHA for userPassword: slappasswd -h {SHA} -s my_password

create file: add_user_test.ldif

 dn: cn=test,ou=people,dc=ldap-test,dc=com
 cn: test
 givenName: test
 sn: test
 uid: test
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/test
 mail: test@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif

create file: add_user_valera.ldif

 dn: cn=valera,ou=people,dc=ldap-test,dc=com
 cn: valera
 givenName: valera
 sn: valera
 uid: valera
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/valera
 mail: valera@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif

create file: add_user_svan.ldif

 dn: cn=svan,ou=people,dc=ldap-test,dc=com
 cn: svan
 givenName: svan
 sn: svan
 uid: svan
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/svan
 mail: svan@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif

create groups create file: add_group_disabled.ldif

 dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com
 objectClass: groupofnames
 cn: Disabled
 description: All users
 member: cn=test,ou=people,dc=ldap-test,dc=com

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif

create file: add_group_openvpn.ldif

 dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com
 objectClass: groupofnames
 cn: OpenVPN
 description: All users
 member: cn=valera,ou=people,dc=ldap-test,dc=com
 member: cn=svan,ou=people,dc=ldap-test,dc=com
 member: cn=test,ou=people,dc=ldap-test,dc=com

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif

Italic textcode for ldap_simple_bind_s:

 PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com";
 PWCHAR password = L"valera";
 ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);

for ldap_search_s:

 LDAPMessage *pResults = NULL;
 PWCHAR base_path = L"dc=ldap-test,dc=com";
 PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))";
 error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);

links [1] [2] [3]