homehowtokbslinksaboutcontactprojectsmusic
AccountosDeployAsteriskMySQL
Index > Help Tutorials > OpenLDAP on Ubuntu 16.04 LTS

Setup parameters


name: dc1
domain/tree: devlab.nt
ip: 192.168.1.30 
admin pass: test
rkhan pass: test

Installation

packages 
sudo apt install slapd ldap-utils libnss-ldap -y
answers, change password, and dn value if needed 
test
test
ldap://127.0.0.1
dc=devlab,dc=nt
3
Yes
No
cn=admin,dc=devlab,dc=nt
test

Configuration

enable logs via ldif 
cat << eot > log.ldif
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: stats
eot
add above ldif 
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f log.ldif
enable LDAP profile for NSS 
sudo auth-client-config -t nss -p lac_ldap
update authentication methods, select ldap if not selected already 
sudo pam-auth-update
edit /etc/ldap.conf and change/uncomment these values 
host 127.0.0.1
base dc=home,dc=nt
uri ldap://127.0.0.1/
rootbinddn cn=admin,dc=devlab,dc=nt
ldap_version 3
bind_policy soft
enable some indexes via ldif 
cat << eot > indexes.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uid eq,pres,sub
eot
add above ldif 
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f indexes.ldif

Population

add basic structure/tree 
cat << eot > base.ldif

dn: OU=people,DC=devlab,DC=nt
changetype: add
objectClass: top
objectClass: organizationalunit
description: People OU

dn: OU=groups,DC=devlab,DC=nt
changetype: add
objectClass: top
objectClass: organizationalunit
description: Groups OU

dn: OU=machines,DC=devlab,DC=nt
changetype: add
objectClass: top
objectClass: organizationalunit
description: Machines OU
eot
add above ldif 
ldapadd -x -D cn=admin,dc=devlab,dc=nt -w test-f base.ldif
add some groups 
cat << eot > group.ldif
dn: cn=radius,ou=groups,dc=devlab,dc=nt
changetype: add
objectclass: top
objectclass: groupOfNames
cn: Administrators
member: 

dn: cn=vpn,ou=groups,dc=devlab,dc=nt
changetype: add
objectclass: top
objectclass: groupOfNames
cn: vpn
member: 
eot
add above ldif 
ldapadd -x -D cn=admin,dc=devlab,dc=nt -w test -f group.ldif
add first user via ldif 
cat << eot > user.ldif
dn: uid=rkhan,ou=people,dc=devlab,dc=nt
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: rkhan
sn: Khan
givenName: Ryaz
cn: Ryaz Khan
displayName: Ryaz Khan
uidNumber: 10000
gidNumber: 10000
userPassword: {SSHA}test
gecos: Ryaz Khan
loginShell: /bin/bash
homeDirectory: /profiles/rkhan
mail: rkhan@devlab.nt
telephoneNumber: 000-000-0000
st: NY
manager: uid=rkhan,ou=people,dc=devlab,dc=nt
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
title: System Administrator
eot
add above ldif 
ldapadd -x -D cn=admin,dc=devlab,dc=nt -w test-f user.ldif

Administration

reset ldap password for rkhan (optional) 
ldappasswd -H ldapi:/// -x -D "cn=admin,dc=devlab,dc=nt" -w test -s test "uid=rkhan,ou=people,dc=devlab,dc=nt"
add rkhan to radius and vpn group. You could add in user.ldif as well 
cat << eot > modify.ldif
dn: cn=radius,ou=groups,dc=devlab,dc=nt
changetype: modify
add: member
member: uid=rkhan,ou=people,dc=devlab,dc=nt

dn: cn=vpn,ou=groups,dc=devlab,dc=nt
changetype: modify
add: member
member: uid=rkhan,ou=people,dc=devlab,dc=nt
eot
add above ldif to ldap database 
sudo ldapmodify -h localhost -p 389 -D "cn=admin,dc=devlab,dc=nt" -w test-f modify.ldif
restart ldap service 
sudo systemctl restart slapd.service
Congrats ! You have full working ldap server. Test it out and ssh rkhan to local system 
ssh rkhan@localhost

Starting over

uninstall packages 
apt purge slapd ldap-utils libnss-ldap
delete ldap database if exists 
rm /var/lib/ldap/*

Troubleshooting

reconfigure base dn and admin account 
sudo dpkg-reconfigure slapd
answers 
No
devlab.nt
devlab.nt
test
test
HDB
Yes
Yes
No
verify dn 
ldapsearch -x -LLL -H ldap:/// -b "dc=devlab,dc=nt" dn