Install ldap server

From MPSWiki
Revision as of 07:49, 24 October 2019 by 192.168.0.3 (talk)
Jump to: navigation, search

Install ldap sudo apt install slapd ldap-utils

configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type


add users ndgroups create file: add_nodes.ldif 

 dn: ou=people,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: People

 dn: ou=groups,dc=ldap-test,dc=com
 objectClass: organizationalUnit
 ou: Groups

and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif

enabling MemberOF create file: memberof_config.ldif 

 dn: cn=module,cn=config
 cn: module
 objectClass: olcModuleList
 olcModuleLoad: memberof
 olcModulePath: /usr/lib/ldap

 dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcMemberOf
 objectClass: olcOverlayConfig
 objectClass: top
 olcOverlay: memberof
 olcMemberOfDangling: ignore
 olcMemberOfRefInt: TRUE
 olcMemberOfGroupOC: groupOfNames
 olcMemberOfMemberAD: member
 olcMemberOfMemberOfAD: memberOf

create file: refint1.ldif 

 dn: cn=module{1},cn=config
 add: olcmoduleload
 olcmoduleload: refint


create file: refint2.ldif 

 dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcOverlayConfig
 objectClass: olcRefintConfig
 objectClass: top
 olcOverlay: {1}refint
 olcRefintAttribute: memberof member manager owner

and run commands: sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif


create users: generate SHA for userPassword: slappasswd -h {SHA} -s my_password

create file: add_user_test.ldif " dn: cn=test,ou=people,dc=ldap-test,dc=com cn: test givenName: test sn: test uid: test uidNumber: 5000 gidNumber: 10000 homeDirectory: /home/test mail: test@ldap-test.com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=

" and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif

create file: add_user_valera.ldif " dn: cn=valera,ou=people,dc=ldap-test,dc=com cn: valera givenName: valera sn: valera uid: valera uidNumber: 5000 gidNumber: 10000 homeDirectory: /home/valera mail: valera@ldap-test.com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU= " and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif

create file: add_user_svan.ldif " dn: cn=svan,ou=people,dc=ldap-test,dc=com cn: svan givenName: svan sn: svan uid: svan uidNumber: 5000 gidNumber: 10000 homeDirectory: /home/svan mail: svan@ldap-test.com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU= " and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif

create groups: create file: add_group_disabled.ldif " dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: Disabled description: All users member: cn=test,ou=people,dc=ldap-test,dc=com

" ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif

create file: add_group_openvpn.ldif " dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: OpenVPN description: All users member: cn=valera,ou=people,dc=ldap-test,dc=com member: cn=svan,ou=people,dc=ldap-test,dc=com member: cn=test,ou=people,dc=ldap-test,dc=com

" ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif


code: for ldap_simple_bind_s: " PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com"; PWCHAR password = L"valera"; ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password); "

for ldap_search_s: " LDAPMessage *pResults = NULL; PWCHAR base_path = L"dc=ldap-test,dc=com"; PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))"; error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);

"

links: https://help.ubuntu.com/lts/serverguide/openldap-server.html https://www.adimian.com/blog/2014/10/how-to-enable-memberof-using-openldap/ https://computingforgeeks.com/install-and-configure-openldap-phpldapadmin-on-ubuntu-18-04-lts/

Retrieved from "https://mps.resnet.com/MPSWiki/index.php?title=Install_ldap_server&oldid=384"