Installation and configuration of OpenLDAP under Ubuntu system

Objective
LDAP (Lightweight Directory Access Protocol) is a Lightweight Directory Access protocol based on the X.500 standard, which, like Nis,dns, belongs to the name service in the UNIX operating system (naming Service). This article describes how to build an LDAP service on the Ubuntu operating system.

First step: Modify hostname

127.0.0.1 localhost127.0.1.1 ldap.ldapdomain.com alternative192.168.5.180 ldap.ldapdomain.com

Note: when installing OpenLDAP in Debain, Debian will prompt for the LDAP Admin user to set a password, and then automatically create a default database, which uses a default base DN, by default, Debian will make Use the local domain name as the base DN, for example, if my domain name is ldapdomain.com, then Debian will use dc=ldapdomain,dc=com as my default base DN

Step Two: Install, configure the software

sudo apt-get install-y slapd ldap-utils

Note:

SLAPD:OPENLDAP Service-Side program components

SLAPD: Daemon

Slapdn

Slapadd

Slapcat: Export LDAP database file to. ldif format

......

......

LDAP-UTILS:OPENLDAP command-Line toolset (Ldapsearch, ldapmodify, Ldapadd,......)

Configure/etc/ldap/ldap.conf, add base and URI. Here the base is dc=ldapdomain,dc=com URI for ldap://192.168.5.180:389

BASE Dc=ldapdomain,dc=comuri ldap://192.168.5.180:389

Reconfigure the SLAPD with the following command (skip this step if the default configuration satisfies the requirement)

Dpkg-reconfigure SLAPD

Note: reconfigure content, including Basedn,admin administrator password, back-end Database selection (HDB,BDB), whether to delete the old database, whether to allow LDAPV2 protocol

Install the LDAP management side software for PHP:

Apt-get install-y Phpldapadmin

Modify the corresponding configuration file/etc/phpldapadmin/config.php to make the following changes:

(1) $servers->setvalue (' server '). ' Host ', ' 127.0.0.1 ') #修改为某个内网可访问的IP地址

(2) $servers->setvalue (' server '). ' base ', Array ('dc=example,dc=com')) #修改为baseDN, modified here to dc=ldapdomain,dc=com

(3) $servers->setvalue (' login ', ' bind_id ', ' Cn=admin,dc=example,dc=com') #修改为baseDN下的admin, CN=ADMIN,DC =ldapdomain,dc=com

(4) $config->custom->appearance[' hide_template_warning ') = false #false修改为true

Firewall Release Apache2:

UFW allow ' Apache ' UFW allow ' Apache full ' UFW allow ' Apache Secure '

After that, restart the service:

/etc/init.d/apache2 restart

Test whether the page is accessible through Curl http://<IP-Address>/phpldapadmin, and if successful, the effect of accessing through the browser is as follows:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/95/A1/wKioL1kX01Hzyf-sAAGHG1wfRwU264.png-wh_500x0-wm_ 3-wmp_4-s_1306869954.png "title=" Image.png "alt=" Wkiol1kx01hzyf-saaghg1wfrwu264.png-wh_50 "/>

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/95/A1/wKiom1kX1ATgtRFzAAEazvo4PWo992.png-wh_500x0-wm_ 3-wmp_4-s_4058962384.png "title=" Image.png "alt=" Wkiom1kx1atgtrfzaaeazvo4pwo992.png-wh_50 "/>

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/95/A1/wKiom1kX1DuAMWQZAAGqu5MPeck927.png-wh_500x0-wm_ 3-wmp_4-s_3209501464.png "title=" Image.png "alt=" Wkiom1kx1duamwqzaagqu5mpeck927.png-wh_50 "/>

Step three:LDAP firewall UFW configuration

Add the TCP port 389 (LDAP communication port), and the TCP port 636 (ldaps communication port), where the server side IP address is 192.168.5.180:

UFW allow proto TCP from all to 192.168.5.180 port 389UFW allow proto TCP from any to 192.168.5.180 port 636

Fourth Step: configuration Check, add data

The LDAP configuration is made up of cn=config's tree-shaped structure, which can be ldapseach to find out which dn the tree is in:

Query by SASL EXTERNAL authentication method: Ldapsearch-q-lll-y external-h ldapi:///-B cn=config dn:

Note:

-Q:SASL Certified Model (relative to-X simple Authentication)

-LLL: Show results in LDIF format; Ignore annotations; Ignore version

-y EXTERNAL: Using SASL's EXTERNAL authentication method

-h ldapi:///: connecting localhost

-B cn=config DN: Querying the DN of all Cn=config branches

Query the contents of LDAP BaseDN with simple authentication: ldapsearch-x-lll-h ldap:///-B dc=ldapdomain, dc=comldapsearch-x-lll-h ldap:///-B DC=LDAPD Omain, dc=com dn: #only return DN objectldapsearch-x-lll-h 192.168.5.180-p 389-b dc=ldapdomain, Dc=comldapsearch  -x-lll-h 192.168.5.180-p 389-b dc=ldapdomain, dc=com dn: #only return DN objectldapsearch-x-lll-h 192.168.5.180 -P 389-b dc=ldapdomain,dc=com objectclass=* #匹配objectClass

Create a new structure, save it as an LDIF file, and add it to the database:

VI structure.ldif

The contents are as follows:

Dn:ou=people,dc=ldapdomain,dc=comobjectclass:organizationalunitou:peopledn:ou=group,dc=ldapdomain,dc= ComobjectClass:organizationalUnitou:group

Note: in Structure.ldif, two entries are added, all of them belong to the OrganizationalUnit object, one property is people, and the other property is group

Use the Ldapadd command to import LDIF into the database:

Ldapadd-x-D cn=admin,dc=ldapsearch,dc=com-w-F structure.ldif

Note:

-D cn=admin,dc=ldapsearch,dc=com: Because you want to write to the database, you need to use the Admin user's permission to operate

-W: Prompt for Admin user's password on the command line

-F: The path of the LDIF file that needs to be imported

Once the import is complete, you can see from the command that the corresponding content already exists in the LDAP database:

[Email protected]:~# ldapsearch-x-lll-h 192.168.5.180-p 389-b dc=ldapdomain,dc=com objectclass=*dn:dc=ldapdomain,dc= Comobjectclass:topobjectclass:dcobjectobjectclass:organizationo:ldapdomain.comdc:ldapdomaindn:cn=admin,dc= Ldapdomain,dc=comobjectclass:simplesecurityobjectobjectclass:organizationalrolecn:admindescription:ldap Administratordn:ou=people,dc=ldapdomain,dc=comobjectclass:organizationalunitou:peopledn:ou=group,dc=ldapdomain , Dc=comobjectclass:organizationalunitou:group

The next article will cover more detailed OPENLDAP configuration management and user management

This article is from the "Technical Achievement Dream" blog, please be sure to keep this source http://jiangche00.blog.51cto.com/4377920/1925454

Installation and configuration of OpenLDAP under Ubuntu system