Ldap Server

From Objectif Client Inc
Jump to navigation Jump to search

Installation

Preparation

By default the installation of slapd will create a working configuration based on the hostname. If you want a suffix dc=objclt,dc=com then your host file "/etc/hosts" would have a line similar to this: 

127.0.1.1   hostname.objclt.com  hostname

Install

Install Ldap server and utilities 

apt-get install slapd ldap-utils

Validate your install

Inquiry the Ldap configuration 

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn

dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: olcBackend={0}mdb,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}mdb,cn=config

Explanation of entries

  1. cn=config: global settings
  2. cn=module{0},cn=config: a dynamically loaded module
  3. cn=schema,cn=config: contains hard-coded system-level schema
  4. cn={0}core,cn=schema,cn=config: the hard-coded core schema
  5. cn={1}cosine,cn=schema,cn=config: the cosine schema
  6. cn={2}nis,cn=schema,cn=config: the nis schema
  7. cn={3}inetorgperson,cn=schema,cn=config: the inetorgperson schema
  8. olcBackend={0}hdb,cn=config: the 'hdb' backend storage type
  9. olcDatabase={-1}frontend,cn=config: frontend database, default settings for other databases
  10. olcDatabase={0}config,cn=config: slapd configuration database (cn=config)
  11. olcDatabase={1}hdb,cn=config: your database instance (dc=examle,dc=com)

Display the dc=objclt,dc=com DIT 

ldapsearch -x -LLL -H ldap:/// -b dc=objclt,dc=com dn

Setup Ldap

Add a new Schema

  • Add Samba Schema
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/samba.ldif
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

Identify the 'olcDatabase'

  • Retreive current information
ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b  cn=config dn olcRootDN
  • You need to modify the entry dn: "olcDatabase={1}mdb,cn=config"

Add a password to root

  • Get SSHA password with slappasswd
slappasswd
  • Create an ldif file (ldaprootpasswd.ldif) with the following content
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW:{SSHA}... password from slappasswd
  • Apply modification
ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif

Ad Domain information

  • Create an ldif file (ldapdomain.ldif) with the following content
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=admin,dc=objclt,dc=com" read by * none

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=objclt,dc=com

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=objclt,dc=com

dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW:{SSHA} password from ldappasswd

dn: olcDatabase={1}mdb,cn=config 
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=admin,dc=objclt,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=objclt,dc=com" write by * read
  • Apply modification
ldapadd -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif

Ldap debug Code

Debugging Levels
Level Description
-1 enable all debugging
0 no debugging
1 trace function calls
2 debug packet handling
4 heavy trace debugging
8 connection management
16 print out packets sent and received
32 search filter processing
64 configuration file processing
128 access control list processing
256 stats log connections/operations/results
512 stats log entries sent
1024 print communication with shell backends
2048 print entry parsing debugging

Backup / Restore

Backup

/usr/sbin/slapcat -l /mnt/Backup/Ldap/ldap_backup.ldif

Restore

Clean Backup File

cat ldap_backup.ldif | grep -v 'structuralObjectClass' | grep -v 'modifyTimestamp' | grep -v 'modifiersName' / 
| grep -v 'entryCSN' | grep -v 'createTimestamp' | grep -v 'creatorsName' | grep -v 'entryUUID' > /backup/ldap/ldap_backup_clean.ldif

Restore from Ldif

ldapadd -x -D cn=admin,dc=objclt,dc=com -W -f /mnt/Backup/Ldap/ldap_backup_clean.ldif


CheckSum

cp /etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif /tmp
tail -n +3 /tmp/olcDatabase={1}mdb.ldif > /tmp/fixed.ldif
/check-4.3/check  /tmp/fixed.ldif

/tmp/fixed.ldif                  CRC-32 = 5bf0745e, size = 832 bytes

Replace the new CRC-32 value into the original file using your favourite editor 

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 5bf0745e

Ldap Client

Retrieved from "http://wiki.objclt.ca/wiki/index.php?title=Ldap_Server&oldid=1080"