The form in which the data is represented by LDAP may not be how it is stored. LDAP can use different backends to save its data, like berkleys database (bdb), mysql etc you just need to specify which one to use and not how to use.
Next thing was to run the OpenLDAP server, and was heck of a job. OpenLDAP went a crucial change but its documentation did not. I referred to old documentations initially (readily available) and found most of the things missing in my current server, specially the slapd.conf configuration of the OpenLDAP server slapd. Later i came to know that versions from 2.3 allow dynamically configuring the server and does not use slapd.conf for this purpose. slapd.conf may be still used but any updates to it need server restart.
What i Expected
During installation process it was supposed to ask for a fresh password.
There was supposed to be slapd.conf.
What i found
No password is asked. So there is some other way of configuring your server.
slapd.conf in new versions is replaced by slapd.d or cn=config which holds the ACLs or access control list, backend information and root information.
Installing OpenLDAP on Ubuntu
$sudo apt-get install slapd ldap-utils
The server and utilities will be installed and the slapd server will start.
To completely remove the OpenLDAP for fresh install :
$sudo dpkg --remove slapd ldap-utils
$sudo dpkg --purge slapd ldap-utils
To configure(initial) OpenLDAP :
$sudo dpkg-reconfigure slapd
To start,stop,restart :
$sudo /etc/init.d/slapd start
$sudo /etc/init.d/slapd stop
$sudo /etc/init.d/slapd restart
Creating Admin
Since no password was asked during installation we will have to create one for us.
It is better we create a separate directory to store our ldif files, say initialize created in /etc/ldap. ldif (ldap data interchange format) files are used as a medium for communicating to the server. Move to the initialize directory.
$cd /etc/ldap
$sudo mkdir initialize
$cd /initialize
Create a file called admin-create.ldif which will contain our new password.
$sudo nano admin-create.ldif
Change the password(olcRootPW) and paste this code into above file :
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: 1234
Save it.
The password used above is in plaintext and not secure. To generate encrypted password use slappasswd utility.
$slappasswd -h {MD5}
$slappasswd -h {SSHA}
Next we have to add that information it to cn=config like this :
$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f admin-create.ldif
Admin has been created.
Trying the admin privileges.
$sudo ldapsearch -W -D 'cn=admin,cn=config' -b 'cn=config'
You will get lots of entries, one showing your password if it is not encrypted.
Please feel free to correct me if i am wrong or my concepts are wrong.
In my next post i will write about creating root node and adding child nodes.
Code Connect
No comments:
Post a Comment