Dave’s Occasional Brainfart

OpenLDAP & Ubuntu Karmic for an LDAP Addressbook

With the advent of Ubuntu Karmic setting up OpenLDAP has gotten stupid and difficult.

Below are the steps I used to get OpenLDAP working as an LDAP addressbook.

NOTE: Change the domain to something appropriate for you.

NOTE: This is not a step by step instruction manual. It’s for my edification so I can figure it out again later without perusing 30 odd different sites. It will require some thought and intelligence to use.

---

First start off by installing OpenLDAP

apt-get install slapd ldap-utils

This results in a basic setup of OpenLDAP with bugger all configured, even the old school slapd.conf is missing. You need to install all the extra schemas and set up passwords yourself as the installer does nothing at all.

Next install some schemas

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

NIS can be left out if you don’t intend on using the LDAP server for authentication.

The following ldif contains all the configuration to get a new database up and running, stash it in a file somewhere.

If you are not using NIS then leave out the shadowLastChange attribute. Also set the passwords to whatever you want using the slappasswd tool, or you can probably type a password in cleartext.

###########################################################
# DATABASE SETUP
###########################################################
# Load modules for database type
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb

# Create directory database
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=kayosdesign,dc=com
olcRootDN: cn=admin,dc=kayosdesign,dc=com
olcRootPW: {SSHA}8QDckoodrIsXgv/BG43Hf5WAbgmzZYEf
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=kayosdesign,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=kayosdesign,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq

##########################################################
# DEFAULTS MODIFICATION
###########################################################
# Some of the defaults need to be modified in order to allow
# remote access to the LDAP config. Otherwise only root
# will have administrative access.
dn: cn=config
changetype: modify
delete: olcAuthzRegexp

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}8QDckoodrIsXgv/BG43Hf5WAbgmzZYEf

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

Install this by using

ldapadd -Y EXTERNAL -H ldapi:/// -f /root/db.ldif

Now create an ldif for an admin user

# Root of the LDAP tree
dn: dc=kayosdesign,dc=com
objectClass: dcObject
objectClass: organization
o: kayosdesign.com
dc: kayosdesign
description: Tree Root

#LDAP admin
dn: cn=admin,dc=kayosdesign,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {SSHA}8QDckoodrIsXgv/BG43Hf5WAbgmzZYEf
description: LDAP administrator account

Insert this into the directory with the following

ldapadd -x -D cn=admin,dc=home,dc=com -W -f /root/base.ldif

You should now be able to search the directory

ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
ldapsearch -xLLL -b dc=home,dc=com

Once the above is working you can now move on to creating the Addressbook.

Create yet another ldif file with data such as

# Addressbook branch
dn: ou=addressbook,dc=kayosdesign,dc=com
objectClass: organizationalUnit
ou: addressbook
description: LDAP Addressbook

# Addressbook entry
dn: cn=Test Account+mail=test@kayosdesign.com,ou=addressbook,dc=kayosdesign,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Test
sn: Account
cn: Test Account
mail: test@kayosdesign.com
homePhone: 1234567
telephoneNumber: 76543421
fax: 01928374
mobile: 44556677
street: 1 Street
l: MyTown
st: MyState
postalCode: 666
title: Grand Poo Bah
o: Snorks Anonymous

Insert the entry into the directory with the following

ldapadd -x -D cn=admin,dc=kayosdesign,dc=com -W -f /root/addressbook.ldif

You can now hook whatever addressbook system you want into the LDAP server using the BaseDN

ou=addressbook,dc=kayosdesign,dc=com

Ubuntu Gutsy Bluetooth #2

After getting bluetooth devices connected and talking to the PC it was time to get them to connect and talk automagically. Using the power of teh internets and some trial and error I discovered how.

Firstly I added each device to the /etc/bluetooth/hcid.conf file

device <MAC Address> {
name “Logitech diNovo Keyboard”
auth enable;
encrypt enable;
}

device <MAC Address> {
name “Logitech Mediapad”
auth enable;
encrypt enable;
}

device <MAC Address> {
name “Logitech MX1000 mouse”
}

I have no idea if the  auth and encrypt lines are required. but it works and I’m lazy so I’m not going to go experimenting turning them off.

In the options setting in the same file I have the following settings.

autoinit yes;

security auto;

pairing multi;

passkey “12345″;

Then edit /etc/default/bluetooth

and set

HIDD_ENABLED=1

On reboot your pc should now automagically connect to the devices.

No idea what is or is not necessary. but this is working.

Note: Devices need to negotiate a connection so when you first move the mouse or hit a key it will start up a connection to the machine. This takes a second or so and means what you type wont show up straight away. You will need to wait a bit.

I want this to happen, rather than forcing a connection at boot every time, because I have a laptop. The laptop moves but the keyboard & mouse don’t always go with me.

I believe you can force a connection everytime by altering HIDD_OPTIONS

and putting in a -i <MAC Address> for each device. I think this will cause the laptop to time out if the device isn’t present and active on boot however.

Ubuntu Gutsy Bluetooth

Along with the WiFi issue there are also problems with Bluetooth from a usability side. There is no graphical manager to handle the installation/paring of bluetooth devices and you need to use the command line. Which is a pain.

To get my shiny Logitech DiNovo keyboard/mouse set working I had to figure out how to do it from the command line.

Thankfully there are a lot of others out there with the same issue.

First put your devices in discovery mode.  At the command prompt type

hcitool scan

Which will try and find all the devices and give you their name & MAC address.  To pair them you can then type

sudo hidd –connect <MAC Address>

Which gives you a decent keyboard and mouse to use other than the laptop keyboard (which in my case is raised and a pain in the bum to use in it’s normal home.

Ubuntu Gutsy WiFi

I decided to toss in the towel on Vista because it was giving me the shits. So I installed Gutsy Gibbon Tribe 4 on my laptop (Dell Latitude D620).

Installs fine. no issues discovered initially.

However, when trying to connect to my home wireless (802.11G WPA2 Personal with hidden SSID) I find that the built in wireless manager doesn’t work.

Turns out that this is a known issue. From previous experiences I know there are ways around this editing config files and getting the wireless card to connect on boot but I don’t want a static wifi link on the laptop.

Instead I just turned the hidden SSID off and it connected without issues.