amolkhanorkar/LDAP configuration

## LDAP configuration
LDAP server setup
1] Setup Ubuntu Server 64-bit (Use "Minimal install" in "Modes".)

2] sudo apt-get install slapd ldap-utils migrationtools

You will be prompted for the LDAP admin password. Please remember it.

3] sudo mv /etc/ldap/slapd.d /etc/ldap/slap.d.orig

4] sudo dpkg-reconfigure slapd
Omit OpenLDAP server configuration? No
DNS domain name: micbal.net
Organization name: micbal
Password: Use the one you entered in step 2.
Database backend to use: HDB
Do you want the database to be removed when slapd is purged? Yes
Move old database? Yes
Allow LDAPv2 protocol? No

5] sudo /etc/init.d/slapd restart

6]Install migration tools
sudo apt-get install migrationtools

7] Edit /etc/migrationtools/migrate_common.ph . Look for the following variables, and assign them as such:
$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";

8] cd /usr/share/migrationtools/

9] sudo ./migrate_group.pl /etc/group ~/group.ldif

10] sudo ./migrate_passwd.pl /etc/passwd ~/passwd.ldif

11] cd ~

12] Make a frontend.example.com.ldif:
dn: ou=People,dc=example,dc=com
objectclass: organizationalUnit
objectclass: top
ou: People

dn: ou=Group,dc=example,dc=com
objectclass: organizationalUnit
objectclass: top
ou: Group

12] Now we add the LDIF in the following way, entering your admin LDAP password when prompted (the one you set during step 6 of "LDAP server setup"):
sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f frontend.micbal.net.ldif
sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f group.ldif
sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f passwd.ldif

13] To make things handy, you can "sudo apt-get install phpldapadmin".
Edit /etc/phpldapadmin/config.php, and correct the "$servers->setValue('server','base',array('dc=example,dc=com'));" line. In this example, the proper value is "$servers->setValue('server','base',array('dc=micbal,dc=net'));". Also, change "$servers=>setValue('login','bind_id','cn=admin,dc=example,dc=com');" to "$servers=>setValue('login','bind_id','cn=admin,dc=micbal,dc=net');".To access phpldapadmin, fire up a browser and browse http://192.168.1.2/phpldapadmin

14] sudo apt-get install nscd nslcd libnss-ldapd libpam-ldapd
15] When asked for "LDAP server URI:", enter "ldap://balky.micbal.net/"
16] When asked for the "LDAP server search base:", enter "dc=micbal,dc=net"
17] When asked for "Name services to configure:", choose "group", "passwd", and "shadow".
18] sudo mkdir /home/users
19] Edit "/etc/pam.d/common-account", and append the following line:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent
20] In the server: "sudo shutdown -r now". Logins through the server will be done through LDAP from now. It may take a little while after the "login:" prompt's appearance before you could successfully login.
25] To create an user:
Open in a browser(substitute IP if necessary): http://192.168.1.2/phpldapadmin
Login, then expand "dc=micbal,dc=net (3)"
Expand "ou=People".
Click "Create new entry here"
Select "Generic: User Account" template.
Supply the requested information for the new user. I suggest you use "users" for the "GID Number" option. And don't forget to give a shell ("/bin/sh" is safe).

OpenLDAP client setup
1] Setup Ubuntu 64-bit(this guide will also work with a minimal install).
2] sudo apt-get install libnss-ldapd libpam-ldap nscd
LDAP server URI: ldap://ldap.server.ip/
LDAP server search base: dc=example,dc=com
Name services to configure: group, passwd, and shadow
LDAP server Uniform Resource Identifier: ldap://balky.micbal.net/
Distinguished name of the search base: dc=micbal,dc=net
LDAP version to use: 3
Make local root Database admin: yes
Does the LDAP database require login? No
LDAP account for root: cn=admin,dc=micbal,dc=net
LDAP root account password: the password you entered in step 2 in "LDAP server setup"

3] sudo mkdir /home/users

4] Edit "/etc/pam.d/common-account", and append the following line:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent

5] sudo pam-auth-update
- and ensure that LDAP authentication are ONLY enabled -

6] sudo shutdown -r now

7] It may take a while to successfully login after the "login:" prompt appears.
	LDAP server setup
	1] Setup Ubuntu Server 64-bit (Use "Minimal install" in "Modes".)

	2] sudo apt-get install slapd ldap-utils migrationtools

	You will be prompted for the LDAP admin password. Please remember it.

	3] sudo mv /etc/ldap/slapd.d /etc/ldap/slap.d.orig

	4] sudo dpkg-reconfigure slapd
	Omit OpenLDAP server configuration? No
	DNS domain name: micbal.net
	Organization name: micbal
	Password: Use the one you entered in step 2.
	Database backend to use: HDB
	Do you want the database to be removed when slapd is purged? Yes
	Move old database? Yes
	Allow LDAPv2 protocol? No

	5] sudo /etc/init.d/slapd restart

	6]Install migration tools
	sudo apt-get install migrationtools

	7] Edit /etc/migrationtools/migrate_common.ph . Look for the following variables, and assign them as such:
	$DEFAULT_MAIL_DOMAIN = "example.com";
	$DEFAULT_BASE = "dc=example,dc=com";

	8] cd /usr/share/migrationtools/

	9] sudo ./migrate_group.pl /etc/group ~/group.ldif

	10] sudo ./migrate_passwd.pl /etc/passwd ~/passwd.ldif

	11] cd ~

	12] Make a frontend.example.com.ldif:
	dn: ou=People,dc=example,dc=com
	objectclass: organizationalUnit
	objectclass: top
	ou: People

	dn: ou=Group,dc=example,dc=com
	objectclass: organizationalUnit
	objectclass: top
	ou: Group

	12] Now we add the LDIF in the following way, entering your admin LDAP password when prompted (the one you set during step 6 of "LDAP server setup"):
	sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f frontend.micbal.net.ldif
	sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f group.ldif
	sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f passwd.ldif

	13] To make things handy, you can "sudo apt-get install phpldapadmin".
	Edit /etc/phpldapadmin/config.php, and correct the "$servers->setValue('server','base',array('dc=example,dc=com'));" line. In this example, the proper value is "$servers->setValue('server','base',array('dc=micbal,dc=net'));". Also, change "$servers=>setValue('login','bind_id','cn=admin,dc=example,dc=com');" to "$servers=>setValue('login','bind_id','cn=admin,dc=micbal,dc=net');".To access phpldapadmin, fire up a browser and browse http://192.168.1.2/phpldapadmin

	14] sudo apt-get install nscd nslcd libnss-ldapd libpam-ldapd
	15] When asked for "LDAP server URI:", enter "ldap://balky.micbal.net/"
	16] When asked for the "LDAP server search base:", enter "dc=micbal,dc=net"
	17] When asked for "Name services to configure:", choose "group", "passwd", and "shadow".
	18] sudo mkdir /home/users
	19] Edit "/etc/pam.d/common-account", and append the following line:
	session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent
	20] In the server: "sudo shutdown -r now". Logins through the server will be done through LDAP from now. It may take a little while after the "login:" prompt's appearance before you could successfully login.
	25] To create an user:
	Open in a browser(substitute IP if necessary): http://192.168.1.2/phpldapadmin
	Login, then expand "dc=micbal,dc=net (3)"
	Expand "ou=People".
	Click "Create new entry here"
	Select "Generic: User Account" template.
	Supply the requested information for the new user. I suggest you use "users" for the "GID Number" option. And don't forget to give a shell ("/bin/sh" is safe).

	OpenLDAP client setup
	1] Setup Ubuntu 64-bit(this guide will also work with a minimal install).
	2] sudo apt-get install libnss-ldapd libpam-ldap nscd
	LDAP server URI: ldap://ldap.server.ip/
	LDAP server search base: dc=example,dc=com
	Name services to configure: group, passwd, and shadow
	LDAP server Uniform Resource Identifier: ldap://balky.micbal.net/
	Distinguished name of the search base: dc=micbal,dc=net
	LDAP version to use: 3
	Make local root Database admin: yes
	Does the LDAP database require login? No
	LDAP account for root: cn=admin,dc=micbal,dc=net
	LDAP root account password: the password you entered in step 2 in "LDAP server setup"

	3] sudo mkdir /home/users

	4] Edit "/etc/pam.d/common-account", and append the following line:
	session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent

	5] sudo pam-auth-update
	- and ensure that LDAP authentication are ONLY enabled -

	6] sudo shutdown -r now

	7] It may take a while to successfully login after the "login:" prompt appears.