gtkc.net

LDAP Howto


OpenLDAP

After searching several sites, and finding varying ways of initilizing the LDAP database and adding users etc., I found myself totally confused, as it seemed there were many different ways to do this.
So firstly, I downloaded the excellent SofTerra LDAP browser (free) and LDAP Administrator (demo) applications.
These make it easy to get a graphical view of your LDAP database, and the Administrator program even allows you to add entries to your LDAP database, which is useful for testing entries, and helping to discover what format the entries should be in.
After much experimentation, I arrived at the following three simple configuration files. I used a simple organisation name (not a domain name) and also used a simple clear text password. My initial experiments with an encrypted password started to introduce all manner of authentication errors, so I reverted to clear text authentication.

The first thing to do, is establish the base organisation using the following syntax:

dn: o=MY_ORGANISATION
o: MY_ORGANISATION
objectClass: top
objectClass: organization

This is done with the following command:

ldapadd -x -D "o=my_organisation" -w secret -v -f new-org.ldif

This establishes a base organisation, to which you can start adding data.
The next step is to establish an organisational unit:

dn: ou=Users,o=my_organisation
objectClass: organizationalUnit
ou: Users
objectClass: top
description: MY_ORGANISATION Users


This is done with the following command:

ldapmodify -x -D "o=my_organisation" -w secret -v -f new-ou.ldif


And finally, add a user to your organisational unit:

dn: cn=jane,ou=Users,o=my_organisation
cn: Jane Doe
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetorgperson
description: Jane Doe
givenName: Jane
sn: Doe
mail: jane(at)yourdomain(dot)com
uid: jane
HomePhone: 000000001
Mobile: 000000002


This is done with the following command:

ldapmodify -x -D "o=my_organisation" -w secret -v -f add-ou-user.ldif


Now query your LDAP server (using the Softerra tools suggested above), and the information added above should be present.
You can download all of the above (.ldif) files from the download links below.
In the downloads area is a copy of the slapd.conf file I used with the above examples - you will need to copy this to /etc/openldap/
Download all the above examples and a shell script to create a sample LDAP site.
Did you find this useful? Do you have any other feedback?
Please let me know.