A Little Black Book Is Born - Administration

Now that you know how LDAP works, it's time to put it intopractice. In this article, find out how to compile, install and configurethe OpenLDAP software suite, create an LDAP directory for your organization,and add entries to it. Also included: a detailed discussion of how to searchthe database using both the UNIX client tools supplied with OpenLDAP, andthe LDAP client built into Qualcomm Eudora.

TABLE OF CONTENTS:

By: icarus, (c) Melonfire

Poor Best

Rating:

/ 15

March 05, 2003

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Once you've got the server up and running, the next step is to populate the database with a few entries. There are two ways to do this: add entries one at a time using the "ldapadd" command, or add them all at once via an LDIF file (basically, a single text file containing a series of entries in a defined format). I'll show you both techniques here. Let's try the second method first - create an ASCII text file named "entries.ldif" and place the following data in it:

dn: dc=melonfire, dc=com
objectclass: dcObject
objectclass: organization
o: Melonfire
dc: melonfire.com
dn: mail=root@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
dn: mail=joe@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639

Most of this should be familiar to you from the first part of this article - each entry has a DN which uniquely identifies it, an object identifier that indicates which class It belongs to (and therefore which rules it must adhere to), and a series of attribute-value pairs that make up the data for the entry. Note that the first two entries are essential - these are the entries for the root of the tree and for the database administrator, respectively. It should be noted at this point that the rules for selecting a base DN for the DIT are fairly arbitrary - if your LDAP directory serves a particular domain, you can use an instance of the "dcObject" class for your base DN,

dn: dc=melonfire, dc=com
objectclass: dcObject
dc: melonfire.com

whereas if your LDAP directory serves an entire organization, you could use the "organization" class in your base DN.

dn: o=Melonfire, c=IN
objectclass: organization
o: Melonfire

You can add more entries for other users in the organization to the end of the file (as I said, only the first two are essential) and, when you're done, you can import them all into the database using the following command:

[root@olympus] $ /usr/local/openldap/bin/ldapadd -x -D
"cn=root,dc=melonfire,dc=com" -W -f entries.ldif -c

When you're prompted for a password, enter the password value supplied for the "rootpw" configuration directive in "slapd.conf" ("secret", in the example above). This is necessary because adding, removing and editing entries are tasks that can only be performed by the directory administrator. You should see something like this:


adding new entry "dc=melonfire, dc=com"
adding new entry "mail=root@melonfire-mail.com, dc=melonfire, dc=com"
adding new entry "mail=joe@melonfire-mail.com, dc=melonfire, dc=com"
adding new entry mail=sarah@melonfire-mail.com, dc=melonfire, dc=com

In other words, the LDAP server has accepted and saved your entries to the database. You can also add entries one at a time by using the "ldapadd" command in interactive mode:

[root@olympus] $ /usr/local/openldap/bin/ldapadd -x -D
"cn=root,dc=melonfire,dc=com" -W Enter LDAP Password: ****
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
adding new entry "mail=saraha@melonfire-mail.com, dc=melonfire, dc=com"

Next: Digging Deep >>