Difference between revisions of "Install ldap server"

Install LDAP

install ubuntu and then updates sudo apt update sudo apt upgrade

install docker sudo apt install docker.io sudo systemctl start docker sudo systemctl enable docker

add containers sudo docker run --restart=always -d --name="portainer" -p 9000:9000 -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /home/fox/smarthome/portainer:/data portainer/portainer:latest sudo docker run --restart=always -p 389:389 -p 636:636 --env LDAP_ORGANISATION="mps" --env LDAP_DOMAIN="mps.resnet.com" --env LDAP_ADMIN_PASSWORD="ldap" --detach osixia/openldap:1.4.0 sudo docker run --restart=always -p 6443:443 --env PHPLDAPADMIN_LDAP_HOSTS=192.168.0.5 --detach osixia/phpldapadmin:0.9.0

now you can control containers by: ip:9000

add user you can edit (add new users) by: ip:6443 login with credentials: user: cn=admin,dc=mps,dc=resnet,dc=com pass: ldap

need create (once) users group: Create a child entry and then select Generic: Posix Group, enter users and create group now create user: Create a child entry and then select Generic: User Account, enter user data (and group above) after create user need add e-mail: select user in tree and press Add new attribute, then select in combobox mail attribute

additional soft Softerra LDAP Browser: [1] connect: host: ip port: 389 base dns: dc=mps,dc=resnet,dc=com mechanism: simple principal: cn=admin,dc=mps,dc=resnet,dc=com password: ldap

_______________________________________________

Install LDAP old version sudo apt install slapd ldap-utils

configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type

add users ndgroups create file: add_nodes.ldif

 dn: ou=people,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: People

 dn: ou=groups,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: Groups

and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif

enabling MemberOF create file: memberof_config.ldif

 dn: cn=module,cn=config
 cn: module
 objectClass: olcModuleList
 olcModuleLoad: memberof
 olcModulePath: /usr/lib/ldap

 dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcMemberOf
 objectClass: olcOverlayConfig
 objectClass: top
 olcOverlay: memberof
 olcMemberOfDangling: ignore
 olcMemberOfRefInt: TRUE
 olcMemberOfGroupOC: groupOfNames
 olcMemberOfMemberAD: member
 olcMemberOfMemberOfAD: memberOf

create file: refint1.ldif

 dn: cn=module{1},cn=config
 add: olcmoduleload
 olcmoduleload: refint

create file: refint2.ldif

 dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcOverlayConfig
 objectClass: olcRefintConfig
 objectClass: top
 olcOverlay: {1}refint
 olcRefintAttribute: memberof member manager owner

and run commands:

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif

sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif

create users generate SHA for userPassword: slappasswd -h {SHA} -s my_password

create file: add_user_test.ldif

 dn: cn=test,ou=people,dc=ldap-test,dc=com
 cn: test
 givenName: test
 sn: test
 uid: test
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/test
 mail: test@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif

create file: add_user_valera.ldif

 dn: cn=valera,ou=people,dc=ldap-test,dc=com
 cn: valera
 givenName: valera
 sn: valera
 uid: valera
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/valera
 mail: valera@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif

create file: add_user_svan.ldif

 dn: cn=svan,ou=people,dc=ldap-test,dc=com
 cn: svan
 givenName: svan
 sn: svan
 uid: svan
 uidNumber: 5000
 gidNumber: 10000
 homeDirectory: /home/svan
 mail: svan@ldap-test.com
 objectClass: top
 objectClass: posixAccount
 objectClass: shadowAccount
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 loginShell: /bin/bash
 userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif

create groups create file: add_group_disabled.ldif

 dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com
 objectClass: groupofnames
 cn: Disabled
 description: All users
 member: cn=test,ou=people,dc=ldap-test,dc=com

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif

create file: add_group_openvpn.ldif

 dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com
 objectClass: groupofnames
 cn: OpenVPN
 description: All users
 member: cn=valera,ou=people,dc=ldap-test,dc=com
 member: cn=svan,ou=people,dc=ldap-test,dc=com
 member: cn=test,ou=people,dc=ldap-test,dc=com

and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif

code

for ldap_simple_bind_s:

 PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com";
 PWCHAR password = L"valera";
 ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);

for ldap_search_s:

 LDAPMessage *pResults = NULL;
 PWCHAR base_path = L"dc=ldap-test,dc=com";
 PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))";
 error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);

links

OpenLDAP Server: [2]

How to enable MemberOf using OpenLDAP: [3]

Install and configure OpenLDAP & phpLDAPadmin on Ubuntu 18.04 LTS: [4]

LDAP commands: [5]