Creating A Database :
Move to /etc/ldap ,Create a directory 'data' and move into it. Create a file in the current directory and name it db.ldif. Add the following content to it.
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb
# Create the database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: 12345
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
Save it
Here we define our root node called as, and identified by DN (distinguished name) 'dc=example,dc=com'. We also create an admin for that node with password 12345, required for performing any actions on the root. Again, the password used here is plaintext and this password is used when we alter or perform any action within the root. You will see olcDbIndex attribute which tells the server what attributes it has to index.
Run
$sudo ldapadd -W -D 'cn=admin,cn=config' -f db.ldifThis will create your database. It will ask for a password which is the LDAP admin password we defined when creating an admin for the server (1234).
Next we create an entry for our root node. Create a file called root-node.ldif with following code.
dn: dc=example,dc=com
objectClass: dcObject
objectclass: organization
o: example.com
dc: example
description: My LDAP Root
Then run
$sudo ldapadd -W -D 'cn=admin,dc=example,dc=com' -f base.ldifIt will prompt for a password, which now is the password we defined in db.ldif, for the root node (12345).
Now our root is ready. Lets add child nodes to it, say for example, the organization 'example.com' has departments.
Create a new file departments.ldif and add data below to it.
dn: ou=department1,dc=example,dc=com
objectClass: organizationalUnit
ou: department1
dn: ou=department2,dc=example,dc=com
objectClass: organizationalUnit
ou: department2
Then add it.
$sudo ldapadd -W -D 'cn=admin,dc=example,dc=com' -f dept.ldifEnter password (12345 in my case) and it should be added.
Find it in the root node.
$sudo ldapsearch -W -D 'cn=admin,dc=example,dc=com' -b 'dc=example,dc=com'You will see entries for department1 and department2
Now lets add employees to the departments
For attributes or employees to be identified we have to add schemas(available in /etc/ldap/schema) to cn=config. Other way is including the path in the ldif file itself.
$sudo ldapadd -W -D 'cn=admin,cn=config' -f /etc/ldap/schema/cosine.ldif$sudo ldapadd -W -D 'cn=admin,cn=config' -f /etc/ldap/schema/inetorgperson.ldifPassword is 1234 because this is cn=config
In emp.ldif file
dn: uid=johnsmar,ou=department1,dc=example,dc=com
objectClass: inetOrgPerson
sn: Smart
cn: John Smart
mail: john.smart@example.com
postalCode: 31000
mobile: +33 (0)6 654321
title: Supervisor
postalAddress: h23, smart lane
dn: uid=tonygeek,ou=department1,dc=example,dc=com
objectClass: inetOrgPerson
sn: Geek
cn: Tony Geek
mail: tony.geek@example.com
postalCode: 31001
mobile: +33 (0)6 123456
title: Clerk
postalAddress: h26, geek tower
dn: uid=davidlazy,ou=department2,dc=example,dc=com
objectClass: inetOrgPerson
sn: Lazy
cn: David Lazy
mail: david.lazy@example.com
postalCode: 31000
mobile: +33 (0)6 78987
title: Supervisor
postalAddress: h27, lazy street
Then
$sudo ldapadd -W -D 'cn=admin,dc=example,dc=com' -f emp.ldifThis will add 3 employees,2 (john and tony) to department1 and 1 (david) to department2.
$sudo ldapsearch -W -D 'cn=admin,dc=example,dc=com' -b 'dc=example,dc=com'You should get the entire hierarchy now.
No comments:
Post a Comment