Home arrow Site Administration arrow Page 4 - Understanding LDAP (part 2)

The Root Of All Evil - Administration

Now that you know how LDAP works, it's time to put it intopractice. In this article, find out how to compile, install and configurethe OpenLDAP software suite, create an LDAP directory for your organization,and add entries to it. Also included: a detailed discussion of how to searchthe database using both the UNIX client tools supplied with OpenLDAP, andthe LDAP client built into Qualcomm Eudora.

TABLE OF CONTENTS:
  1. Understanding LDAP (part 2)
  2. Opening Up
  3. Building Blocks
  4. The Root Of All Evil
  5. A Little Black Book Is Born
  6. Digging Deep
  7. Changing Things Around
  8. You Have Mail
  9. Link Zone
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 15
March 05, 2003

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Configuration of the "slapd" daemon is handled via a configuration file named "slapd.conf", usually located in your installation's "etc/openldap/" directory. Pop open this file in your favourite text editor, and page down to the end of the file, where the database definitions are stored - you should see something like this:
#######################################################################
# ldbm database definitions
#######################################################################
database        bdb
suffix          "dc=my-domain,dc=com"
rootdn          "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND # should only
be accessible by the slapd/tools. Mode 700 recommended.
directory       /usr/local/openldap/var/openldap-data
# Indices to maintain
index   objectClass     eq
Update this section to reflect your environment - for example, for the "melonfire.com" domain, I have the following entries in this section:
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=melonfire,dc=com"
rootdn "cn=root,dc=melonfire,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
A quick explanation here: the "suffix" configuration directive tells "slapd" which node to use as the root (or "base DN") of the directory tree, while the "rootdn" and "rootpw" directives tell "slapd" which entry has administrative rights to the database. The "directory" directive tells the system where to store its databases - in this case, in the directory "/usr/local/openldap/var/openldap-data".

The base DN to be specified in this section will serve as the root for the LDAP tree, and therefore must exist as an entry in the LDAP directory before you can begin using the service.

Once you're done with this section, go back up to the top of the file and locate the section which contains the schema definitions to be read by "slapd". By default, this section contains only a single entry:
include         /usr/local/openldap/etc/openldap/schema/core.schema
Alter this to include two additional definitions - these will be needed when you try to create "inetOrgPerson" object instances for your LDAP address book.
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
All done? Save the file and exit.

Now, try running "slapd".
[root@olympus] $ /usr/local/openldap/libexec/slapd
If it works, great - flip the page, and find out how to start manipulating your LDAP database. If it doesn't, it's probably because of an error like this:
/usr/local/openldap/libexec/slapd: error in loading shared libraries:
libdb-4.1.so: cannot open shared object file: No such file or directory
This is pretty simple to fix - all you need to do is tell your system where the OpenLDAP and Berkeley DB library files are stored. Pop open the "/etc/ld.so.conf" file and add these directories to the end of the directory list:
/usr/local/openldap/lib
/usr/local/BerkeleyDB.4.1/lib
Now, save the file and recreate the system's library database by running "ldconfig".
[root@olympus] $ ldconfig
Try invoking "slapd" again,
[root@olympus] $ /usr/local/openldap/libexec/slapd
and it should start up normally.

 
 
>>> More Site Administration Articles          >>> More By icarus, (c) Melonfire
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: