Install ldap server
Install LDAP
install ubuntu and then updates
normal ubuntu install with:
ip: 192.168.0.5 user: ldap password: ldap
and then update:
sudo apt update sudo apt upgrade
install docker
sudo apt install docker.io sudo systemctl start docker sudo systemctl enable docker
add containers
install portrainer (access to containers via web by 192.168.0.5:9000 port)
sudo docker run --restart=always -d --name="portainer" -p 9000:9000 -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /home/ldap/portainer:/data portainer/portainer-ce:latest
install openldap (ldap server)
sudo docker run --restart=always -p 389:389 -p 636:636 --env LDAP_ORGANISATION="mps" --env LDAP_DOMAIN="mps.resnet.com" --env LDAP_ADMIN_PASSWORD="ldap" --detach osixia/openldap:1.4.0
install phpldapadmin (manage ldap users via web by 6443 port)
sudo docker run --restart=always -p 6443:443 --env PHPLDAPADMIN_LDAP_HOSTS=192.168.0.5 --detach osixia/phpldapadmin:0.9.0
add user
you can edit (add new users) by: 192.168.0.5:6443 login with credentials:
user: cn=admin,dc=mps,dc=resnet,dc=com pass: ldap
need create (once) users group:
Create a child entry and then select Generic: Posix Group, enter users and create group
now create user:
Create a child entry and then select Generic: User Account, enter user data (and group above)
after create user need add e-mail:
select user in tree and press Add new attribute, then select in combobox mail attribute
additional soft
Softerra LDAP Browser (https://www.ldapadministrator.com):
host: 192.168.0.5 port: 389 base dns: dc=mps,dc=resnet,dc=com mechanism: simple principal: cn=admin,dc=mps,dc=resnet,dc=com password: ldap
______________________________________________________________________________________________
Install LDAP old version
sudo apt install slapd ldap-utils
configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type
add users ndgroups
create file: add_nodes.ldif
dn: ou=people,dc=ldap-test,dc=com objectClass: organizationalUnit ou: People
dn: ou=groups,dc=ldap-test,dc=com objectClass: organizationalUnit ou: Groups
and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif
enabling MemberOF create file: memberof_config.ldif
dn: cn=module,cn=config cn: module objectClass: olcModuleList olcModuleLoad: memberof olcModulePath: /usr/lib/ldap
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
create file: refint1.ldif
dn: cn=module{1},cn=config
add: olcmoduleload
olcmoduleload: refint
create file: refint2.ldif
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner
and run commands:
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif
create users
generate SHA for userPassword: slappasswd -h {SHA} -s my_password
create file: add_user_test.ldif
dn: cn=test,ou=people,dc=ldap-test,dc=com
cn: test
givenName: test
sn: test
uid: test
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/test
mail: test@ldap-test.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif
create file: add_user_valera.ldif
dn: cn=valera,ou=people,dc=ldap-test,dc=com
cn: valera
givenName: valera
sn: valera
uid: valera
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/valera
mail: valera@ldap-test.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif
create file: add_user_svan.ldif
dn: cn=svan,ou=people,dc=ldap-test,dc=com
cn: svan
givenName: svan
sn: svan
uid: svan
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/svan
mail: svan@ldap-test.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif
create groups create file: add_group_disabled.ldif
dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: Disabled description: All users member: cn=test,ou=people,dc=ldap-test,dc=com
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif
create file: add_group_openvpn.ldif
dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: OpenVPN description: All users member: cn=valera,ou=people,dc=ldap-test,dc=com member: cn=svan,ou=people,dc=ldap-test,dc=com member: cn=test,ou=people,dc=ldap-test,dc=com
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif
code
for ldap_simple_bind_s:
PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com"; PWCHAR password = L"valera"; ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);
for ldap_search_s:
LDAPMessage *pResults = NULL; PWCHAR base_path = L"dc=ldap-test,dc=com"; PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))"; error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);
links
OpenLDAP Server: [1]
How to enable MemberOf using OpenLDAP: [2]
Install and configure OpenLDAP & phpLDAPadmin on Ubuntu 18.04 LTS: [3]
LDAP commands: [4]
