Hi, if you want to configure LDAP (OpenLDAP) properly and you have never done it, I advise you to read a lot of
LDAP tree
nonsense out there that people write on blogs like mine, before actually trying. After reading a lot of that the you can try, and let me tell you a secret, the best documentation is the one that they provide on their own website, just that sometimes that one is a bit complex to understand.
Well fist the fist, my LDAP version 2.4 never worked installing from repositories on Debian 7. How unable am I or how silly… I don’t know. Bot it did not work as it use to do with earlier versions. I was unable to set the user, password, domain and those initial things using the installer package.deb and dpkg-reconfigure. So I decided immediately that if I am losing the power of having a repository because of this nonsense, then I do not need them any more. I am going to compile the package myself from source. I tried so… but I struggled with the ./configure options. I could not fins the proper ones. and this error report thread gave me the clue to be able to follow the LDAP manual.
After reading this manual I ended up with a file that contains this:
root@helpDesk10000:~# cat base.ldif
# example config file - global configuration entry
dn: cn=config
objectClass: olcGlobal
cn: config
# olcReferral: ldap://root.openldap.org# internal schema dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
# include the core schema include: file:///usr/local/etc/openldap/schema/core.ldif
# global database parameters dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig olcDatabase: frontend olcAccess: to * by * read
# set a rootpw for the config database so we can bind.
# deny access to everyone else.
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootPW: {SSHA}EQpw7T2x2Num+krwRjq/ZYczmRgaX1Km
olcAccess: to * by * none# BDB definition for example.com
dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcSuffix: dc=helpdesk,dc=co,dc=bw
olcDbDirectory: /var/lib/ldap-database
olcRootDN: cn=Manager,dc=helpdesk,dc=co,dc=bw
olcRootPW: {SSHA}teY3/6WO7uoGrCmaDu9NKmvgn87WlCCw
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn pres,eq,approx,sub
olcDbIndex: objectClass eq
olcAccess: to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Admin,dc=helpdesk,dc=co,dc=bw" write
by * none
olcAccess: to *
by self write
by dn.base="cn=Admin,dc=helpdesk,dc=co,dc=bw" write
by * read
root@helpDesk10000:~#Nice, but now I needed to run the file and there is when the LDAP commands are helpful. you should-must read out there about them, but I am just going to put the one I used:
root@helpDesk10000:~# ldapadd -Y EXTERNAL -H ldapi:/// -vn -f base.ldif
add objectClass:
olcGlobal
add cn:
config
!adding new entry "cn=config"add objectClass: olcSchemaConfig add cn: schema !adding new entry "cn=schema,cn=config"
add objectClass:
olcSchemaConfig
add cn:
core
add olcAttributeTypes:
( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
( 2.5.4.4 NAME(...)
add olcDbDirectory:
/var/lib/ldap-database
add olcRootDN:
cn=Manager,dc=helpdesk,dc=co,dc=bw
add olcRootPW:
{SSHA}teY3/6WO7uoGrCmaDu9NKmvgn87WlCCw
add olcDbIndex:
uid pres,eq
cn,sn pres,eq,approx,sub
objectClass eq
add olcAccess:
to attrs=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=helpdesk,dc=co,dc=bw" write by * none
to * by self write by dn.base="cn=Admin,dc=helpdesk,dc=co,dc=bw" write by * read
!adding new entry "olcDatabase=bdb,cn=config"root@helpDesk10000:~#
The other thing pending is to start say to your LDAP to start using the slapd.d. Make sure to launch slapd(8) with the -F option to specify the configuration directory if you are not using the default directory path.
root@helpDesk10000:~# /path/to/slapd -F /path/to/slapd.d
If it worked for you that’s perfect, if it did not please check it again and otherwise post your problem, maybe I can help you.
Cheers