LDAP installation

De Ensiwiki
Aller à : navigation, rechercher
VoIP deployment
"Projet de Spécialité 2010" Deployment of VoIP platform
Team Ouakkadi Mohamed Yassine, Rafiq Oualid, Legras-Lecarpentier Matthieu,Piton Benjamin, Torre Luc-Alexandre
Professors Franck Rousseau
Alphand Olivier
LIG laboratory, Drakkar group
Location Grenoble INP Ensimag
Date June 2010

Installation of LDAP

AttentionNew configuration format from OpenLDAP 2.3: no slap.conf!!! The configuration is stocked in a specific directory:Media:config_dit.gif


Configuration

sudo apt-get intall slapd ldap-utils
sudo dpkg-reconfigure slapd
Configure of slapd
Voulez-vous omettre la config d'Openldap? Non
Nom de domaine: ensimag.fr
Nom d'entité (organisation): drakkar
Module de BdD à utiliser: HDB
Faut-il supprimer la BdD à la purge du paquet?: non
Faut-il déplacer l'ancienne BdD: oui
Mdp de l'administrateur x2
Faut-il autoriser le protocol LAPDv2: non


To start the server

sudo /etc/init.d/ slapd start
sudo /etc/init.d/ slapd restart
sudo /etc/init.d/ slapd stop


To consult the directory

ldapsearch -x -b dc=ensimag,dc=fr
  • -x without SASL authentification
  • -b with the base ensimag.fr


To organize the directory

To add a new entry to the directory, you have to edit a file filename.ldif and then:

ldapadd -x -f filename.ldif -W -D cn=admin,dc=ensimag,dc=fr
  • -f use the file filename.ldif
  • -W authentification by password
  • -D with the login admin@ensimag.fr

+ test with ldapsearch


Authentification with LDAP by the client

To install the librairies for the authentification on the extension client

sudo apt-get  install libnss-ldap
NNS= Name Service Switch
@ du serveur LDAP: 192.168.0.1
Annuaire: dc=ensimag,dc=fr
Version du protocole LDAP: 3
Authentification nécessaire à la base: non
Lisible et modifiable uniquement par le propriètaire: non


sudo apt-get install libpam-ldap
PAM= Pluggable Authentification Module
Création d'une BdD locale pour l'admin: oui
Authentification nécessaire à la base: non
Compte privilégié de l'annuaire: cn=admin,dc=ensimag,dc=fr
Mot de passe
Chiffrement des mots de passe: crypt


Client/server connection

To open and modify the file ldap.conf

cd /etc/ldap/
gedit ldpa.confi &		
  • BASE dc= ,dc=
  • URI ldap://192.168../:389 (default port)


Format of .ldif

dn: uid=dupont,ou=users,dc=ensimag,dc=fr
objectClass: account
objectClass: posixAccount
cn: dupont
uid: dupont
uidNumber: 10001
gidNumber: 1024
homeDirectory: /home/dupont
userPassword:: e0NSWVBUfXZKblR0TjVSaXQ0Tmc=
loginShell: /bin/sh
gecos: dupont
description: dupont


Server controls

slapadd to add entries in the directory
slapcat to list entries of the directory
slapauth to verify the rules of authentification
slappasswd to generate passwords

Client controls

ldapcompare to compare 2 entries of the directory
ldapdelete to erase 1 entry of the directory
ldapmodify to modify 1 entry of the directory
ldapadd to add 1 entry of the directory
ldapmodrdn to rename 1 entry of the directory
ldappasswd to modify the password of an entry of the directory
ldapsearch to make a research in the directory

References and more informations

[1] ubuntu.com

Home page

VoIP & mobile IPv6 Speciality Project