Upload
chiru2love
View
116
Download
1
Embed Size (px)
DESCRIPTION
Www Unixmen Com Openldap Installation Configuration Ubuntu 1
Citation preview
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
search
1284 views 0 likes 33 comments Posted March 26, 2013
OpenLDAP Installation andConfiguration in Ubuntu12.10 Server / Debian 6by SK
Share this Article:
OpenLDAP is a free open source Light Weight Directory Accessprotocol developed by the OpenLDAP project. It is a platformindependent protocol, so that it runs on all Linux/Unix like systems,Windows, AIX, Solaris and Android.
12 0 0 4
0 0
ADVETISE HERE !!!
UNIXMENHOME
NEWSTODAY
LINUXDISTRIBUTIONS
TUTORIALSKNOWLEDGE BASE
OPENSOURCENEWS
ANDROIDNEWS
FREQUENTLYASKED QUESTION
ASKUNIXMEN
HOME ABOUT US ADVERTISING SITEMAP PRIVACY CONTACT US
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
In this tutorial i am gonna to show you how to install and configureOpenLDAP server in Ubuntu 12.10 server. Though it is tested onUbuntu 12.10, it may work on Debian too. In this how-to my testboxdetails are given below.
Operating System : Ubuntu 12.10 Server
Hostname : server.unixmen.com
IP Address : 192.168.1.200
Replace the above values with your own scenario.
Install OpenLDAP inUbuntu 12.10 serverunixmen@server:~$ sudo apt-get install slapd ldap-utils
During the installtion it will ask the password for LDAP adminaccount. Enter your admin password here.
Re-enter the password.
DONATE TO UNIXMEN
We need your assistance
to stay live and contribute
more articles on Unix.
Forquestionspleaserefer to ourQ/A forumat :http://ask.unixmen.com/
LIKE US ON FACEBOOK
Unixmen
39,569 people like Unixmen.
Like
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Configure OpenLDAPOpen the /etc/ldap/ldap.conf file and find and edit the lines asshown below with your domain name and IP Address.
unixmen@server:~$ sudo vi /etc/ldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writ
able.
BASE dc=unixmen,dc=com
URI ldap://192.168.1.200
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Facebook social plugin
UNIXMEN LATEST TWEETS
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Run the Configuration assistant.
unixmen@server:~$ sudo dpkg-reconfigure slapd
The following screen should appear. Select No and press Enter.
Enter the DNS domain name.
Unixmen
+ 7,580
Follow +1
Tweets by @unixmen
UNIXMEN LATEST TWEETS
TOP 10 RECENTCOMMENTS
LeonardoMondayit looks ok,so far . but
in the linux version youcan't use the...
faharuruHi..... i'vCentOS 6.5
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Enter the Organization name(i.e your company name).
Enter the LDAP admin password which you created in the earlierstep.
CentOS 6.564bit on
vps here's my java javaversion "1.7.0_55"OpenJDK RuntimeEnvironment (rhel-2.4.7.1.el6_5-x86_64u55-b13) OpenJDK...
JesseIn .conkyrcchange
own_window_typeoverride toown_window_typedesktop
asdfPlease don'tencouragepeople to
pipe to bash from theinternet! This can gowrong...
fairozHi Thanksyou fordetail
explanation about conkyit worked perfectly forme...
Enock SethNyamadorWelcomeJahFou! :-D
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Re-enter the password.
Select the backend database.
markzonaThe lastyears Iused the
standard text basedconky, but this one looksmuch...
JahFouThanksfor this
SKThanks forthe
appreciation. It gives usthe encourage to workhard.
ElmerHello myfriend, SK..Thanks for
this a wonderful sharecame to you.. i hopingmore...
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Select Yes to delete the database automatically when we areplanning to remove LDAP server.
.
Select Yes to move old database.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Select No and Press Enter.
LDAP server is up and running now.
Test LDAP server
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Enter the following command ldapsearch -x, then you will havethe following result.
unixmen@server:~$ ldapsearch -x
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# unixmen.com
dn: dc=unixmen,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen
# admin, unixmen.com
dn: cn=admin,dc=unixmen,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
LDAP ServerAdministration
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Administration of LDAP server in command mode is quite difficult, sothat here i have used a easier GUI administration tool calledphpldapadmin.
Install phpldapadminunixmen@server:~$ sudo apt-get install phpldapadmin
Create a symbolic link for phpldapadmin directory.
unixmen@server:~$ sudo ln -s /usr/share/phpldapadmin/ /
var/www/phpldapadmin
Now open the /etc/phpldapadmin/config.php file and replacethe domain names with your own values. Goto Define LDAPServers section in the config file and edit the following lines asshown below.
unixmen@server:~$ sudo vi /etc/phpldapadmin/config.php
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','Unixmen LDAP Server
');
$servers->setValue('server','host','192.168.1.200');
$servers->setValue('server','base',array('dc=unixmen,dc
=com'));
$servers->setValue('login','bind_id','cn=admin,dc=unixm
en,dc=com');
Restart the apache service.
unixmen@server:~$ sudo /etc/init.d/apache2 restart
Make sure that you have opened apache server port 80 and LDAPdefault port 389 in your firewall/router configuration.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
unixmen@server:~$ sudo ufw allow 80
Rules updated
Rules updated (v6)
unixmen@server:~$ sudo ufw allow 389
Rules updated
Rules updated (v6)
Now point your web browser withhttp://192.168.1.200/phpldapadmin. The following screenshould appear.
Click login on the left pane and make sure the domain details arecorrect and enter ldap admin password which you have created inthe previous steps and press Authenticate.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Now the main console screen of phpldapadmin will open. You can seethe LDAP domain unixmen.com will be found there. Here you canadd objects such as Organizational Unit, Users and groups etc.
Sample ConfigurationLets create some sample objects using phpldapadmin interface andcheck them whether they are presented in the LDAP serverconfiguration.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Click on the + sign near the line dc=unixmen and clickCreate new entry here link.
Select Generic-Organizational Unit and enter the name of theOrganizational unit(Ex.sales) and Click Create Object.
Click Commit.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Now the newly created OU will be found under the main ldap domain.
Click on the sales ou tree on the left pane and click on Create achild entry.
Select Generic:Address book entry. Enter firstname as
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
senthil, last name as kumar and Common name(cn) assenthil kumar and click Create Object.
Click Commit.
Now the newly created user senthil kumar will be found undersales ou.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Also you can verify using the command ldapsearch -x.
unixmen@server:~$ ldapsearch -x
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# unixmen.com
dn: dc=unixmen,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen
# admin, unixmen.com
dn: cn=admin,dc=unixmen,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# sales, unixmen.com
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
dn: ou=sales,dc=unixmen,dc=com
objectClass: organizationalUnit
objectClass: top
ou: sales
# senthil kumar, sales, unixmen.com
dn: cn=senthil kumar,ou=sales,dc=unixmen,dc=com
cn: senthil kumar
givenName: senthil
sn: kumar
objectClass: inetOrgPerson
objectClass: top
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4
For questions please refer to our Q/A forum at :http://ask.unixmen.com/
Share this Article: 12 0 0 4
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
0 0
0 people like this
SK
Senthilkumar, aka SK, is a Linux enthusiast, FOSS
Supporter & Linux Consultant from Tamilnadu, India. A
passionate and dynamic person, aims to deliver quality
content to IT professionals and loves very much to write
and explore new things about Linux, Open Source, Computers and
Internet.
Linux distributions, Linux Mint, Linux tutorials, opensource, Ubuntu,Uncategorized
LDAP openldap
Setup LDAP Server inCentOS, RHEL, Scientificlinux 6.5/6.4/6.3
Howto-Install SVNserver in Centos 6.x
Install LDAP Server inCentos Step by Step
Solaris 10 DirectoryServer LDAP
RECOMMENDED FOR YOU LDAP OPENLDAP LINUX DISTRIBUTIONS
LINUX TUTORIALS
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Comments for this thread are now closed.
Comments Community
Sort by Newest
Suresh 5 months ago
Thanks you for this post. I have one doubthow to make ldap server to support anonymous bind....
SASIKUMAR K . RHCSS 5 months ago
Hai,, now my current project is based on this only,,Also I want to integrate Ldap users on GIT repository users.... pls help me,,,,,
Lukas 5 months ago
thanks for the good article!
Reetesh Chauhan 6 months ago
When i put ldapsearch -x, I am also getting--
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
Share
Share
Share
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
search: 2
result: 32 No such object
Please help me. Either reply me here or mail me solution at [email protected]
# numResponses: 1
Raghuram 5 months ago Reetesh Chauhan
hi,i am also getting same issue, if you have any solution please inform me.e-mail: [email protected]
Michael St. John 6 months ago
do you have also an article to add clients to authenticate via ldap like ubuntu workstation or mac os x workstation?
Pramod 8 months ago
Hi SK,
How to add ubuntu and apple mac systems as clinet for the DC
Quang 8 months ago
Thanks so much for your document
Rahul Janghel 8 months ago
Hi, I have 12.04 Ubuntu configured as LDAP server. A 12.04 ubuntu is working fine as client, but facing difficulty making a RHEL 6.4 machine LDAP client for sameserver. Can you pls share steps for RHEL client as well. Thanks.
Matz 9 months ago
Thanks pal, this really helped me.
Share
Share
Share
Share
Share
Share
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
JnrP 9 months ago
When i put ldapsearch -x I get
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
1
Jaison 6 months ago JnrP
Got the same issue. Any helpful clues, pls?
Vivek Nambiar 10 months ago
Hi SK,
How to replicate this LDAP server with Windows Active directory... Any way to do that.
Thanks for advance
dara.phornn 11 months ago
Share
Share
Share
Share
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
many thank!
max 11 months ago
hislapd cant work instead of windows active directory?can i join winodws to openldap?regards
Duy Hung Nguyen 11 months ago
hi, i love openLDAP ;)
i think this is the shortest way to say goodbye MS Windows SRV.
Leo Bernat 11 months ago
Thanks buddy
Tibo 11 months ago
Thank you for you tuto :)I would like to create an SFTP server, with openssh, and use LDAP to authenticate users... But I have no idea onhow I could proceed ...
6
Rakesh Vijayan a year ago
Hi SK
I am Rakesh vijayan thanks for your great work ,by your work I start to learn what is ldap , my request is will youmake tutorial for ldap and samba pdc for us on ubuntu 12.04
SK a year ago Rakesh Vijayan
Here you go..
http://www.unixmen.com/setup-s...
Share
Share
Share
Share
Share
Share
Share
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
SK a year ago Rakesh Vijayan
I am working on it. Stay tuned. Thanks for the comment.
Snake a year ago SK
Wow, great. That's what i'm waiting for too. I want to make DC with LDAP ( Active Directoryalternative) and SAMBA on Ubuntu. :-)
SK a year ago Snake
http://www.unixmen.com/setup-s...
Jean a year ago
Thank you very much. Worked like a charm
Alan McAlexander a year ago
Great how-to. Thank you very much!
SK a year ago Alan McAlexander
Thanks for your feedback Alan.
beastman 6 months ago SK
Great work SK - I've completed a few of your tut's thanks a million for sharing your knowledge andtime.
Subscribe
Share
Share
Share
Share
Share
Share
Share
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Add Disqus to your site
FAVORITE LINKS
LinuxHost: Webdesing, SEO &
Internet Marketing.
Ubuntu Linux Tutorials, Howtos,
Tips and News.
News on Free/libre and Open
Source software.
UNIXMEN ARCHIVES
Select Month
CREATIVE COMMONS LICENSE
This work is
licensed under a
Creative Commons
Attribution-
NonCommercial 4.0
International
License.
39569
7580
U29
android browser Centos DebianFedora games gaming gnomeLinux linux distribution LinuxMintlucid lynx news opensourcesecurity server software
ubuntu
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Copyright 2014 Unixmen, All Rights Reserved. Website Design and Maintained by Anblik.