Dave’s Occasional Brainfart

OpenLDAP & Ubuntu Karmic for an LDAP Addressbook

January 6th, 2010 | No Comments | Posted in Karmic Koala, OpenLDAP

With the advent of Ubuntu Karmic setting up OpenLDAP has gotten stupid and difficult.

Below are the steps I used to get OpenLDAP working as an LDAP addressbook.

NOTE: Change the domain to something appropriate for you.

NOTE: This is not a step by step instruction manual. It’s for my edification so I can figure it out again later without perusing 30 odd different sites. It will require some thought and intelligence to use.

First start off by installing OpenLDAP

apt-get install slapd ldap-utils

This results in a basic setup of OpenLDAP with bugger all configured, even the old school slapd.conf is missing. You need to install all the extra schemas and set up passwords yourself as the installer does nothing at all.

Next install some schemas

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

NIS can be left out if you don’t intend on using the LDAP server for authentication.

The following ldif contains all the configuration to get a new database up and running, stash it in a file somewhere.

If you are not using NIS then leave out the shadowLastChange attribute. Also set the passwords to whatever you want using the slappasswd tool, or you can probably type a password in cleartext.

###########################################################
# DATABASE SETUP
###########################################################
# Load modules for database type
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb

# Create directory database
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=kayosdesign,dc=com
olcRootDN: cn=admin,dc=kayosdesign,dc=com
olcRootPW: {SSHA}8QDckoodrIsXgv/BG43Hf5WAbgmzZYEf
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=kayosdesign,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=kayosdesign,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq

##########################################################
# DEFAULTS MODIFICATION
###########################################################
# Some of the defaults need to be modified in order to allow
# remote access to the LDAP config. Otherwise only root
# will have administrative access.
dn: cn=config
changetype: modify
delete: olcAuthzRegexp

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}8QDckoodrIsXgv/BG43Hf5WAbgmzZYEf

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

Install this by using

ldapadd -Y EXTERNAL -H ldapi:/// -f /root/db.ldif

Now create an ldif for an admin user

# Root of the LDAP tree
dn: dc=kayosdesign,dc=com
objectClass: dcObject
objectClass: organization
o: kayosdesign.com
dc: kayosdesign
description: Tree Root

#LDAP admin
dn: cn=admin,dc=kayosdesign,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {SSHA}8QDckoodrIsXgv/BG43Hf5WAbgmzZYEf
description: LDAP administrator account

Insert this into the directory with the following

ldapadd -x -D cn=admin,dc=home,dc=com -W -f /root/base.ldif

You should now be able to search the directory

ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
ldapsearch -xLLL -b dc=home,dc=com

Once the above is working you can now move on to creating the Addressbook.

Create yet another ldif file with data such as

# Addressbook branch
dn: ou=addressbook,dc=kayosdesign,dc=com
objectClass: organizationalUnit
ou: addressbook
description: LDAP Addressbook

# Addressbook entry
dn: cn=Test Account+mail=test@kayosdesign.com,ou=addressbook,dc=kayosdesign,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Test
sn: Account
cn: Test Account
mail: test@kayosdesign.com
homePhone: 1234567
telephoneNumber: 76543421
fax: 01928374
mobile: 44556677
street: 1 Street
l: MyTown
st: MyState
postalCode: 666
title: Grand Poo Bah
o: Snorks Anonymous

Insert the entry into the directory with the following

ldapadd -x -D cn=admin,dc=kayosdesign,dc=com -W -f /root/addressbook.ldif

You can now hook whatever addressbook system you want into the LDAP server using the BaseDN

ou=addressbook,dc=kayosdesign,dc=com

Categories
- Bluetooth
- Hardware
  - Billion
- Linux
- Microsoft
- Toys
- Uncategorized
- Virtual Server
- VoIP
  - Asterisk
    - FreePBX
- Web Development
  - MySQL
- WiFi
Links
- Chuckles34 Blog
- Riccardo Macri’s Blog

Dave’s Occasional Brainfart

OpenLDAP & Ubuntu Karmic for an LDAP Addressbook

Recent Post

Archives

Categories

Links