Home arrow Site Administration arrow Page 5 - Understanding LDAP (part 2)

A Little Black Book Is Born - Administration

Now that you know how LDAP works, it's time to put it intopractice. In this article, find out how to compile, install and configurethe OpenLDAP software suite, create an LDAP directory for your organization,and add entries to it. Also included: a detailed discussion of how to searchthe database using both the UNIX client tools supplied with OpenLDAP, andthe LDAP client built into Qualcomm Eudora.

TABLE OF CONTENTS:
  1. Understanding LDAP (part 2)
  2. Opening Up
  3. Building Blocks
  4. The Root Of All Evil
  5. A Little Black Book Is Born
  6. Digging Deep
  7. Changing Things Around
  8. You Have Mail
  9. Link Zone
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 15
March 05, 2003

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Once you've got the server up and running, the next step is to populate the database with a few entries. There are two ways to do this: add entries one at a time using the "ldapadd" command, or add them all at once via an LDIF file (basically, a single text file containing a series of entries in a defined format). I'll show you both techniques here. Let's try the second method first - create an ASCII text file named "entries.ldif" and place the following data in it:
dn: dc=melonfire, dc=com
objectclass: dcObject
objectclass: organization
o: Melonfire
dc: melonfire.com
dn: mail=root@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
dn: mail=joe@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
Most of this should be familiar to you from the first part of this article - each entry has a DN which uniquely identifies it, an object identifier that indicates which class It belongs to (and therefore which rules it must adhere to), and a series of attribute-value pairs that make up the data for the entry. Note that the first two entries are essential - these are the entries for the root of the tree and for the database administrator, respectively. It should be noted at this point that the rules for selecting a base DN for the DIT are fairly arbitrary - if your LDAP directory serves a particular domain, you can use an instance of the "dcObject" class for your base DN,
dn: dc=melonfire, dc=com
objectclass: dcObject
dc: melonfire.com
whereas if your LDAP directory serves an entire organization, you could use the "organization" class in your base DN.
dn: o=Melonfire, c=IN
objectclass: organization
o: Melonfire
You can add more entries for other users in the organization to the end of the file (as I said, only the first two are essential) and, when you're done, you can import them all into the database using the following command:
[root@olympus] $ /usr/local/openldap/bin/ldapadd -x -D
"cn=root,dc=melonfire,dc=com" -W -f entries.ldif -c
When you're prompted for a password, enter the password value supplied for the "rootpw" configuration directive in "slapd.conf" ("secret", in the example above). This is necessary because adding, removing and editing entries are tasks that can only be performed by the directory administrator. You should see something like this:

adding new entry "dc=melonfire, dc=com"
adding new entry "mail=root@melonfire-mail.com, dc=melonfire, dc=com"
adding new entry "mail=joe@melonfire-mail.com, dc=melonfire, dc=com"
adding new entry mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
In other words, the LDAP server has accepted and saved your entries to the database. You can also add entries one at a time by using the "ldapadd" command in interactive mode:
[root@olympus] $ /usr/local/openldap/bin/ldapadd -x -D
"cn=root,dc=melonfire,dc=com" -W Enter LDAP Password: ****
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
objectclass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
adding new entry "mail=saraha@melonfire-mail.com, dc=melonfire, dc=com"


 
 
>>> More Site Administration Articles          >>> More By icarus, (c) Melonfire
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: