Notes on setting up an LDAP server

Install OpenLDAP if you don't already have it.
Use WebMin to configure it. The defaults are pretty good.
Do this so you don't get complaints on startup:
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
restart TWICE. The first time there will be another warning. After that, no more warnings.

Install phpLDAPadmin. Copy the example config as described in the setup instructions.
To verify that it works, try this:
ldapsearch -x -b 'dc=montessorifamily,dc=com' '(objectclass=*)'

To verify the auth, do this:
ldapsearch -x -b 'dc=montessorifamily,dc=com' '(objectclass=*)' -D 'cn=Manager,dc=montessorifamily,dc=com' -W

The "-x" says "use simple auth instead of SASL"

Create the basic structure by putting this into a file:

dn:     dc=montessorifamily, dc=com
objectClass:    top
objectClass:    dcObject
objectClass:    organization
dc:     montessorifamily
o:      Montessori Family School
dn:     ou=addressbook, dc=montessorifamily, dc=com
objectClass:    top
objectClass:    organizationalUnit
ou:     addressbook

Do not use a cleartext password in slapd.conf or WebMin won't know how to auth. Use WebMin to set the password and it'll use the '{crypt]' syntax and all will be well. phpLDAPAdmin doesn't seem happy with simple auth. Change it, or change LDAP? 'person', 'inetOrgPerson', 'organizationalPerson' are part of core.schema And the plural of schema is schemata (or "schemas" in a pinch.) See OnLamp article This Linux Magazine article requires one to register at their site. There is more about security, schemata, and replication, so I ignored it.

Labels: ldap

0 comments