mathz.nu Asterisk Blacklist Hobby webbhotell

2015/09/21

Install OpenLDAP on Ubuntu 14.04

Filed under: LDAP — Mathz @ 13:11

Install

apt-get update
apt-get install slapd ldap-utils

Set password for admin

Configure

vim /etc/ldap/ldap.conf (not existing)


#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=example,dc=com
URI ldap://10.10.0.100 ldap://10.10.0.100:389

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt

Start reconfigure

dpkg-reconfigure slapd

Omit OpenLDAP server config: No
DNS domain name: example.com
Orgianization name: MyCompany
Administrato password:
Database backend to use: HDB
Do you want the database to be removed when slapd is purged: Yes
Move old database: Yes (backup of database)
Allow LDAPv2 protocol: No

Now you can see your config

ldapsearch -x

2015/06/04

MemberOf LDAP Ubuntu

Filed under: LDAP,Server — Mathz @ 21:12

The first LDIF file:


dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/ldap
olcModuleLoad: memberof

Second LDIF file:

dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf

Add them into the config database using ldapadd (same as normal config stuff).

It does not automatically update the existing data in the database, so I needed to use slapcat to copy everything out into a temporary file, and visit each group, delete the group and add the same group back in again (forces the memberOf attributes to update correctly). If you are starting with an empty database, then it will correctly update the attributes as objects are added.

Also, note that “olcDatabase={1}hdb” is very typical, but not guaranteed to match your setup. Be sure to check that one.

Powered by WordPress