adapted from: http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html Install packages —————— ubuntu@ubuntu:~$ sudo apt-get install slapd ldap-utils libldap2 libldap2-dev db4.2-util Edit config files —————— generate password: ubuntu@ubuntu:/etc/ldap$ sudo /usr/sbin/slappasswd New password: Re-enter new password: {SSHA}LIm5A5ziH+ACcSR3JzDJyIRKktUnoqOU /etc/ldap/slapd.conf /etc/default/slapd (defaults should be ok) ubuntu@ubuntu:/etc/ldap$ sudo vi slapd.conf /etc/ldap/slapd.conf: # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema #include /etc/openldap/schema/nis.schema #include /etc/openldap/schema/redhat/rfc822-MailMember.schema #include /etc/openldap/schema/redhat/autofs.schema #include /etc/openldap/schema/redhat/kerberosobject.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # Load dynamic backend modules: modulepath /usr/lib/ldap # moduleload back_ldap.la moduleload back_ldbm # moduleload back_passwd.la # moduleload back_shell.la # To allow TLS-enabled connections, create TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA TLSCertificateFile /opt/certs/server/hostname.crt TLSCertificateKeyFile /opt/certs/server/hostname.key ####################################################################### # ldbm database definitions ####################################################################### database ldbm #suffix “dc=stooges,dc=org” suffix “o=stooges” rootdn “cn=StoogeAdmin,o=stooges” rootpw {SSHA}Tu42RpXnCOTClc2bT6IJXurzM1d2d0yJ directory /var/lib/ldap/stooges defaultaccess read schemacheck on lastmod on #allow * # Indices to maintain #index objectClass eq #index objectClass,uid,uidNumber,gidNumber eq #index cn,mail,surname,givenname eq,subinitial index cn,sn,st eq,pres,sub database ldbm suffix “o=delta” # Only one suffix allowed per database #suffix “dc=delta,dc=org” rootdn “cn=DeanWormer,o=delta” rootpw secret2 directory /var/lib/ldap/fraternity defaultaccess read schemacheck on lastmod on index cn,sn,st eq,pres,sub * ubuntu@ubuntu:/var/lib/ldap$ sudo mkdir stooges fraternity ubuntu@ubuntu:/var/lib/ldap$ sudo useradd ldap ubuntu@ubuntu:/var/lib/ldap$ sudo groupadd ldap ubuntu@ubuntu:/var/lib/ldap$ sudo chown ldap.ldap stooges fraternity /etc/ldap/slapd.conf Start server ———— ubuntu@ubuntu:/etc/ldap$ sudo /etc/init.d/slapd start Add data ——– ldapadd -f stooges.ldif -xv -D “cn=StoogeAdmin,o=stooges” -h 127.0.0.1 -W stooges.ldif: * dn: o=stooges objectClass: top objectClass: organization o: stooges description: The Three Stooges dn: cn=StoogeAdmin,o=stooges objectClass: organizationalRole cn: StoogeAdmin description: LDAP Directory Administrator dn: ou=MemberGroupA,o=stooges ou: MemberGroupA objectClass: top objectClass: organizationalUnit description: Members of MemberGroupA dn: ou=MemberGroupB,o=stooges ou: MemberGroupB objectClass: top objectClass: organizationalUnit description: Members of MemberGroupB dn: cn=Larry Fine,ou=MemberGroupA,o=stooges ou: MemberGroupA o: stooges cn: Larry Fine objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: LFine@isp.com givenname: Larry sn: Fine uid: larry homePostalAddress: 15 Cherry Ln.$Plano TX 78888 postalAddress: 215 Fitzhugh Ave. l: Dallas st: TX postalcode: 75226 telephoneNumber: (800)555-1212 homePhone: 800-555-1313 facsimileTelephoneNumber: 800-555-1414 userPassword: larrysecret title: Account Executive destinationindicator: /bios/images/lfine.jpg dn: cn=Moe Howard,ou=MemberGroupA,o=stooges ou: MemberGroupA o: stooges cn: Moe Howard objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: MHoward@isp.com givenname: Moe sn: Howard uid: moe initials: Bob homePostalAddress: 16 Cherry Ln.$Plano TX 78888 postalAddress: 216 South Fitzhugh Ave. l: Dallas st: TX postalcode: 75226 pager: 800-555-1319 homePhone: 800-555-1313 telephoneNumber: (800)555-1213 mobile: 800-555-1318 title: Manager of Product Development facsimileTelephoneNumber: 800-555-3318 manager: cn=Larry Howard,ou=MemberGroupA,o=stooges userPassword: moesecret destinationindicator: /bios/images/mhoward.jpg dn: cn=Curley Howard,ou=MemberGroupB,o=stooges ou: MemberGroupB o: stooges cn: Curley Howard objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: CHoward@isp.com givenname: Curley sn: Howard uid: curley initials: Joe homePostalAddress: 14 Cherry Ln.$Plano TX 78888 postalAddress: 2908 Greenville Ave. l: Dallas st: TX postalcode: 75206 pager: 800-555-1319 homePhone: 800-555-1313 telephoneNumber: (800)555-1214 mobile: 800-555-1318 title: Developemnt Engineer facsimileTelephoneNumber: 800-555-3318 userPassword: curleysecret destinationindicator: /bios/images/choward.jpg *** Maintain directory —————— ubuntu@ubuntu:/etc/ldap$ sudo apt-get install gq