Skip to content
This repository was archived by the owner on Jan 15, 2024. It is now read-only.

Setting up OpenLDAP

Jump to bottom
Raptor K edited this page Oct 5, 2021 · 29 revisions

ACData uses LDAP for authentication. For local development, you need an instance of OpenLDAP running on your computer so that ACData can use it for authentication.

CentOS/RedHat Distributions

$ sudo yum install openldap-servers openldap-clients

Then follow the editing instructions

Ubuntu 8 onwards (the cn=config Easy Way!)

Make sure you have the bdb (Berkeley DB Util and DB Dev - user Synaptic Package Manager to find them or for Mac see below) development package installed. (libdb-dev, db*-util)

The LDAP server needs to be bootstrapped with a minimal amount of information, namely an organisation which acts as a root node for the database and an admin. Ubuntu now includes scripts to configure the admin password when slapd is installed through apt-get. The organisation domain component is obtained from the /etc/hosts file. Open this file up in a text editor and change the initial lines so they look like the following (you can change it back immediately after installing slapd):

127.0.0.1	localhost
127.0.1.1	ubuntu.localhost	ubuntu

Then run:

$ sudo apt-get install slapd ldap-utils

When prompted for a password, enter Pass.123

That's it!

If you're still unable to pass through db:setup, type the following command to enter new server configuration details:

sudo dpkg-reconfigure slapd

Then reset the values at each prompt to reflect the following:

omit server config? NO
domain => localhost
organization => unsw
administrator password: Pass.123
administrator password: Pass.123
backend => BDB
remove database on purge ? YES
move old database? YES
allow LPADv2? NO

And try db:setup again

OS X using Homebrew

If you use the Homebrew package manager, you can install both OpenLDAP and BerkeleyDB with the following command:

brew install berkeley-db@4 openldap

Ubuntu/Debian Distributions and OS X Manual Method

Make sure you have the bdb (Berkeley DB Util and DB Dev - user Synaptic Package Manager to find them or for Mac see below) development package installed. (libdb-dev, db*-util) If you need to install them, here are some handy instructions: http://www.linuxfromscratch.org/blfs/view/svn/server/db.html

Download the latest OpenLDAP release

$ tar zxf openldap-x.x.x.tgz
$ cd openldap-x.x.x
$ ./configure
$ make depend
$ make
$ sudo make install

Configuration Files

$ slappasswd

slappasswd is the OpenLDAP password utility. Follow the prompts, copy the generated password string.

Edit the configuration file

CentOS/Redhat: /etc/openldap/slapd.conf

# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

Ensure slapd.d doesn't exist in /etc/openldap directory. (e.g. mv /etc/openldap/slapd.d ~/temp)

Ubuntu/Mac OS X: /usr/local/etc/openldap/slapd.conf

(on Mac/Ubuntu you may need to copy slapd.conf.example into slapd.conf)

  • change suffix to fit your organisation (eg dc=localhost)
  • change rootdn to reflect the change you made to suffix (e.g cn=admin,dc=localhost)
  • change the rootpw to be the encrypted string generated above

make sure you have these schema loaded:

include   /usr/local/etc/openldap/schema/core.schema
include   /usr/local/etc/openldap/schema/cosine.schema
include   /usr/local/etc/openldap/schema/nis.schema
include   /usr/local/etc/openldap/schema/inetorgperson.schema

In macOS, you might encounter that the following message while starting up slapd:

Unrecognized database type (mdb)

Then you have to change the database type to ldif (I tried to install LMDB via Homebrew, and enabled the module back_mdb.la, the problem still exists). Edit the lines below:

database        ldif
#maxsize        1073741824
#index  objectClass     eq

Differences between various database types are explained here.

Copy the config file to the required location:

sudo cp -v /usr/local/etc/openldap/slapd.conf /etc/openldap

Copy the file /etc/openldap/DB_CONFIG.example and put it into /var/lib/ldap as DB_CONFIG. Before copying, make sure the folder is created.

# sudo mkdir -vp /var/lib/ldap
# sudo cp -v /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Start the LDAP server

Redhat-based Linux:

$ sudo service slapd start

Ensure slapd service starts even after server reboot

$ sudo chkconfig --level 345 slapd on

Ubuntu

sudo /usr/local/libexec/slapd

macOS

sudo /usr/libexec/slapd

If the daemon somehow fails to start, you can use the following command to view the logs:

sudo /usr/libexec/slapd -d3

To verify whether the OpenLDAP is running, you can check whether it's listening to port 389:

netstat -an | grep 389

Installing Berkeley DB (version 4) on OS X

See instructions above.

Testing

Make sure rake, populate, faker get ready.

gem install populator
gem install faker

Using rake db:populate will build the necessary directory structure in your local LDAP instance for development.

Then you can do a test query:

ldapsearch -D 'cn=admin,dc=localhost' -W -x -b 'o=unsw,dc=localhost'

Clone this wiki locally