Skip to content

Instantly share code, notes, and snippets.

@amolkhanorkar
Forked from lokesh-webonise/LDAP configuration
Created March 12, 2014 05:35
Show Gist options
  • Save amolkhanorkar/9501442 to your computer and use it in GitHub Desktop.
Save amolkhanorkar/9501442 to your computer and use it in GitHub Desktop.
LDAP server setup
1] Setup Ubuntu Server 64-bit (Use "Minimal install" in "Modes".)
2] sudo apt-get install slapd ldap-utils migrationtools
You will be prompted for the LDAP admin password. Please remember it.
3] sudo mv /etc/ldap/slapd.d /etc/ldap/slap.d.orig
4] sudo dpkg-reconfigure slapd
Omit OpenLDAP server configuration? No
DNS domain name: micbal.net
Organization name: micbal
Password: Use the one you entered in step 2.
Database backend to use: HDB
Do you want the database to be removed when slapd is purged? Yes
Move old database? Yes
Allow LDAPv2 protocol? No
5] sudo /etc/init.d/slapd restart
6]Install migration tools
sudo apt-get install migrationtools
7] Edit /etc/migrationtools/migrate_common.ph . Look for the following variables, and assign them as such:
$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";
8] cd /usr/share/migrationtools/
9] sudo ./migrate_group.pl /etc/group ~/group.ldif
10] sudo ./migrate_passwd.pl /etc/passwd ~/passwd.ldif
11] cd ~
12] Make a frontend.example.com.ldif:
dn: ou=People,dc=example,dc=com
objectclass: organizationalUnit
objectclass: top
ou: People
dn: ou=Group,dc=example,dc=com
objectclass: organizationalUnit
objectclass: top
ou: Group
12] Now we add the LDIF in the following way, entering your admin LDAP password when prompted (the one you set during step 6 of "LDAP server setup"):
sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f frontend.micbal.net.ldif
sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f group.ldif
sudo ldapadd -x -D cn=admin,dc=micbal,dc=net -W -f passwd.ldif
13] To make things handy, you can "sudo apt-get install phpldapadmin".
Edit /etc/phpldapadmin/config.php, and correct the "$servers->setValue('server','base',array('dc=example,dc=com'));" line. In this example, the proper value is "$servers->setValue('server','base',array('dc=micbal,dc=net'));". Also, change "$servers=>setValue('login','bind_id','cn=admin,dc=example,dc=com');" to "$servers=>setValue('login','bind_id','cn=admin,dc=micbal,dc=net');".To access phpldapadmin, fire up a browser and browse http://192.168.1.2/phpldapadmin
14] sudo apt-get install nscd nslcd libnss-ldapd libpam-ldapd
15] When asked for "LDAP server URI:", enter "ldap://balky.micbal.net/"
16] When asked for the "LDAP server search base:", enter "dc=micbal,dc=net"
17] When asked for "Name services to configure:", choose "group", "passwd", and "shadow".
18] sudo mkdir /home/users
19] Edit "/etc/pam.d/common-account", and append the following line:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent
20] In the server: "sudo shutdown -r now". Logins through the server will be done through LDAP from now. It may take a little while after the "login:" prompt's appearance before you could successfully login.
25] To create an user:
Open in a browser(substitute IP if necessary): http://192.168.1.2/phpldapadmin
Login, then expand "dc=micbal,dc=net (3)"
Expand "ou=People".
Click "Create new entry here"
Select "Generic: User Account" template.
Supply the requested information for the new user. I suggest you use "users" for the "GID Number" option. And don't forget to give a shell ("/bin/sh" is safe).
OpenLDAP client setup
1] Setup Ubuntu 64-bit(this guide will also work with a minimal install).
2] sudo apt-get install libnss-ldapd libpam-ldap nscd
LDAP server URI: ldap://ldap.server.ip/
LDAP server search base: dc=example,dc=com
Name services to configure: group, passwd, and shadow
LDAP server Uniform Resource Identifier: ldap://balky.micbal.net/
Distinguished name of the search base: dc=micbal,dc=net
LDAP version to use: 3
Make local root Database admin: yes
Does the LDAP database require login? No
LDAP account for root: cn=admin,dc=micbal,dc=net
LDAP root account password: the password you entered in step 2 in "LDAP server setup"
3] sudo mkdir /home/users
4] Edit "/etc/pam.d/common-account", and append the following line:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent
5] sudo pam-auth-update
- and ensure that LDAP authentication are ONLY enabled -
6] sudo shutdown -r now
7] It may take a while to successfully login after the "login:" prompt appears.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment