I use OpenLDAP, of course 😉
To install it:
aptitude install ldap-server Note: selecting "slapd" instead of the virtual package "ldap-server" The following NEW packages will be installed: libodbc1{a} libperl5.14{a} libslp1{a} slapd 0 packages upgraded, 4 newly installed, 0 to remove and 7 not upgraded. Need to get 2,072 kB of archives. After unpacking 4,899 kB will be used. Do you want to continue? [Y/n/?] Y
To configure it:
dpkg-reconfigure slapd
Omit OpenLDAP server configuration? No DNS domain name: example.com Organization name: example.com Administrator password: <PASSWORD> Confirm password: <PASSWORD> Database backend to use: HDB Do you want the database to be removed when slapd is purged? No Move old database? Yes Allow LDAPv2 protocol? No
Now, modify ldap configuration:
vi /etc/ldap/ldap.conf # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=example,dc=com URI ldap://192.168.12.100
BASE: Specifies the default base DN to use when performing ldap operations ie what you want
URI: Your server name or IP. You can add “:port” at the end of IP/name to change the default port (389 for ldap://, 636 for ldaps://)
Restart the ldap server:
/etc/init.d/slapd restart
Test it:
To test our server, we must install ldap tools:
aptitude install ldap-utils
Then, run the ldapsearch tool or slapcat:
ldapsearch -x # extended LDIF # # LDAPv3 # base <dc=example,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1
All things sound good 🙂
Now, time to set up a bit more:
Missing slapd.conf?
Since version 2.4.23-3 the configuration of OpenLDAP has been changed to /etc/ldap/slapd.d by default. The OpenLDAP packages in Debian provide an automatic migration to the new configuration style. With the new configuration style it is possible to change values on the fly without restarting slapd. Changes are made through the use of ldif files and ldap{add,modify}. In Debian you can use the following command to search the configuration:
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
To modify configuration use the command:
ldapmodify -Y EXTERNAL -H ldapi:/// -f <file.ldif>
For configuration options see the several manpages that exist or the documentation provided upstream.
The use of slapd.conf remains possible (optional).
Indexes:
For better performance do more indexing than the default.
With slapd.conf, modify /etc/ldap/slapd.conf to contain the following:
index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index default sub index uidNumber eq index gidNumber eq index mail,givenName eq,subinitial index dc eq
After any new indexes have been defined or other major database changes have been made (e.g. slapadd was used) it is best to recreate the indexes. Note that you should stop slapd before recreating the indexes and should fix the permissions afterward (no needed with Debian Wheezy).
/etc/init.d/slapd stop slapindex chown -R openldap:openldap /var/lib/ldap /etc/init.d/slapd start
With cn=config
Create a LDIF file : olcDbIndex.ldif
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: cn pres,sub,eq - add: olcDbIndex olcDbIndex: sn pres,sub,eq - add: olcDbIndex olcDbIndex: uid pres,sub,eq - add: olcDbIndex olcDbIndex: displayName pres,sub,eq - add: olcDbIndex olcDbIndex: default sub - add: olcDbIndex olcDbIndex: uidNumber eq - add: olcDbIndex olcDbIndex: gidNumber eq - add: olcDbIndex olcDbIndex: mail,givenName eq,subinitial - add: olcDbIndex olcDbIndex: dc eq
Use ldapmodify to add this settings to the ldap :
ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcDbIndex.ldif
Don’t forget the – ! After the execution, slapd will launch a internal task to create indexes. Don’t stop slapd during this indexation.
Access control
…..