Got my LDAP server finally running and up on Ubuntu.

In some discussion on database performance i came across this term called LDAP. LDAP (Lightweight Directory Access Protocol), yes sounds simple but i almost spent a whole day understanding what it is and getting its server(OpenLDAP) running on Ubuntu. LDAP is a protocol(Not a database or dbms) and from what i understood, its 'like' an interface for data that makes retrieval easy and quick. It represents data in the form of directories (hierarchy,tree). There is a root node under which all your data is stored as child nodes. The fact that its quick is due to its ability to maintain an index for desired attributes. But the performance of LDAP usually depends on where it is been used. For optimal performance, the reads are expected to be huge compared to writes. The reason being the index, which in opposite case will need lots of updates and make it slow.

The form in which the data is represented by LDAP may not be how it is stored. LDAP can use different backends to save its data, like berkleys database (bdb), mysql etc you just need to specify which one to use and not how to use.

Next thing was to run the OpenLDAP server, and was heck of a job. OpenLDAP went a crucial change but its documentation did not. I referred to old documentations initially (readily available) and found most of the things missing in my current server, specially the slapd.conf configuration of the OpenLDAP server slapd. Later i came to know that versions from 2.3 allow dynamically configuring the server and does not use slapd.conf for this purpose. slapd.conf may be still used but any updates to it need server restart.

What i Expected
During installation process it was supposed to ask for a fresh password.
There was supposed to be slapd.conf.

What i found
No password is asked. So there is some other way of configuring your server.
slapd.conf in new versions is replaced by slapd.d or cn=config which holds the ACLs or access control list, backend information and root information.

Installing OpenLDAP on Ubuntu
$sudo apt-get install slapd ldap-utils
The server and utilities will be installed and the slapd server will start.
To completely remove the OpenLDAP for fresh install :
$sudo dpkg --remove slapd ldap-utils
$sudo dpkg --purge slapd ldap-utils
To configure(initial) OpenLDAP :
$sudo dpkg-reconfigure slapd
To start,stop,restart :
$sudo /etc/init.d/slapd start
$sudo /etc/init.d/slapd stop
$sudo /etc/init.d/slapd restart

Creating Admin
Since no password was asked during installation we will have to create one for us.
It is better we create a separate directory to store our ldif files, say initialize created in /etc/ldap. ldif (ldap data interchange format) files are used as a medium for communicating to the server. Move to the initialize directory.
$cd /etc/ldap
$sudo mkdir initialize
$cd /initialize
Create a file called admin-create.ldif which will contain our new password.
$sudo nano admin-create.ldif
Change the password(olcRootPW) and paste this code into above file :

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: 1234

Save it.
The password used above is in plaintext and not secure. To generate encrypted password use slappasswd utility.
$slappasswd -h {MD5}
$slappasswd -h {SSHA}

Next we have to add that information it to cn=config like this :
$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f admin-create.ldif
Admin has been created.

Trying the admin privileges.
$sudo ldapsearch -W -D 'cn=admin,cn=config' -b 'cn=config'
You will get lots of entries, one showing your password if it is not encrypted.

Please feel free to correct me if i am wrong or my concepts are wrong.
In my next post i will write about creating root node and adding child nodes.
Code Connect