Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenLDAP with MySQL Backend - Ubuntu 18.04
## installation openldap with backend mysql
sudo apt update && sudo apt upgrade -y && sudo reboot
sudo apt install mysql-server unixodbc make gcc libmysqlclient-dev unixodbc-dev groff ldap-utils
## mysql login as root
sudo mysql -u root
CREATE DATABASE ldap
CREATE USER 'ldap'@'%' IDENTIFIED BY 'S3cureP4ssw0rd$';
GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'%';
CREATE USER 'ldap'@'localhost' IDENTIFIED BY 'S3cureP4ssw0rd$';
GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'localhost';
FLUSH PRIVILEGES;
EXIT
## create table to ldap database
git clone https://gist.github.com/mahirrudin/bdde7e60fe2a4a3e7b17c5ee28bf02c0 init-ldap.sql
sudo mysql -u root ldap < init-ldap.sql
## install mysql odbc connector
wget https://dev.mysql.com/get/Downloads/Connector-ODBC/8.0/mysql-connector-odbc-8.0.11-linux-ubuntu18.04-x86-64bit.tar.gz
tar -xvzf mysql-connector-odbc-8.0.11-linux-ubuntu18.04-x86-64bit.tar.gz
cd mysql-connector-odbc-*/
sudo cp lib/libmyodbc8* /usr/lib/x86_64-linux-gnu/odbc/
## create file /etc/odbcinst.ini
[MySQL Unicode]
Description = MySQL ODBC 8.0 Unicode Driver
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8w.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8S.so
FileUsage = 1
[MySQL ANSI]
Description = MySQL ODBC 8.0 ANSI Driver
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8a.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8S.so
FileUsage = 1
## edit /etc/odbc.ini
[ldap]
Description = MySQL Connector for LDAP
Driver = MySQL Unicode
Database = ldap
Server = 127.0.0.1
User = ldap
Password = ldap
Port = 3306
## check ldap connection if it works
sudo echo "show databases" | isql -v ldap
+---------------------------------------+
| Connected! |
| |
| sql-statement |
| help [tablename] |
| quit |
| |
+---------------------------------------+
SQL> show databases
+-----------------------------------------------------------------+
| Database |
+-----------------------------------------------------------------+
| information_schema |
| ldap |
+-----------------------------------------------------------------+
## download, compile, and install openldap from source
## more information http://www.linuxfromscratch.org/blfs/view/svn/server/openldap.html
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.46.tgz
tar -xvzf openldap-2.4.46.tgz
sudo mv openldap-2.4.* /opt/openldap
cd /opt/openldap
sudo ./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --enable-sql --disable-bdb --disable-ndb --disable-hdb
sudo make depend
sudo make
sudo make install
## create password for openldap configuration
sudo /usr/sbin/slappasswd -h {SSHA}
## edit /etc/openldap/slapd.conf
################### Start of Configuration ############################
# OpenLDAP Configuration by mahirrudin
#######################################################################
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
#######################################################################
# SQL database definitions
#######################################################################
database sql
suffix "dc=boekoe,dc=id"
rootdn "cn=administrator,dc=boekoe,dc=id"
rootpw {SSHA}Th2pCgWlUzNg2gghclpU1IF4lWfPRIKV
# SQL configuration
dbname ldap
dbuser ldap
dbpasswd S3cureP4ssw0rd$
has_ldapinfo_dn_ru no
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
################### End of Configuration ##############################
## running openldap
sudo /opt/openldap/servers/slapd/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/openldap/slapd.conf &
## check if ldap working normally
ldapsearch -x -b "dc=life,dc=com"
@samcookies

This comment has been minimized.

Copy link

@samcookies samcookies commented Nov 6, 2018

Can you please help me with below error message...

sudo echo "show databases" | isql -v openldap
[IM002][unixODBC][Driver Manager]Data source name not found, and no default driver specified
[ISQL]ERROR: Could not SQLConnect

@twloog

This comment has been minimized.

Copy link

@twloog twloog commented Nov 14, 2018

edit /etc/odbc.ini 密碼應該是mysql 授權給 ldap 的密碼

@twloog

This comment has been minimized.

Copy link

@twloog twloog commented Nov 14, 2018

可以再撰寫加入 phpldapadmin 會更完美,另外這個設定 "cn=administrator,dc=boekoe,dc=id" 是如何來的,查詢時又怎會查 ldapsearch -x -b "dc=life,dc=com" 這個 dc ,不解?

@samcookies

This comment has been minimized.

Copy link

@samcookies samcookies commented Nov 21, 2018

Thanks... thats resolved now.

But now Im not able to start openldap.. here is the error message Im getting

5bf4bc5a backsql_db_open(): schema mapping failed, exiting
5bf4bc5a backend_startup_one (type=sql, suffix="dc=domain,dc=com"): bi_db_open failed! (1)
5bf4bc5a slapd shutdown: initiated
5bf4bc5a ==>backsql_db_close()
5bf4bc5a <==backsql_db_close()
5bf4bc5a slapd destroy: freeing system resources.
5bf4bc5a ==>backsql_close_db_handle(0x21ab440)
5bf4bc5a <==backsql_close_db_handle(0x21ab440)
5bf4bc5a ==>backsql_db_destroy()
5bf4bc5a ==>backsql_free_db_env()
5bf4bc5a <==backsql_free_db_env()
5bf4bc5a ==>destroy_schema_map()
5bf4bc5a <==destroy_schema_map()
5bf4bc5a <==backsql_db_destroy()
5bf4bc5a slapd stopped.

@logan2211

This comment has been minimized.

Copy link

@logan2211 logan2211 commented Mar 13, 2019

@Olivier-Metzinger

This comment has been minimized.

Copy link

@Olivier-Metzinger Olivier-Metzinger commented Apr 3, 2019

Hello, got the same error as @samcookies

someone have the solution ?

@Olivier-Metzinger

This comment has been minimized.

Copy link

@Olivier-Metzinger Olivier-Metzinger commented Apr 3, 2019

Ok I fix it. you need to clean the /etc/openldap/slapd.conf file and add the following text (same as tutorial) :

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

database sql
suffix "dc=boekoe,dc=id"
rootdn "cn=administrator,dc=boekoe,dc=id"
rootpw {SSHA}Th2pCgWlUzNg2gghclpU1IF4lWfPRIKV

dbname ldap
dbuser ldap
dbpasswd S3cureP4ssw0rd$
has_ldapinfo_dn_ru no
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"

@mrugesha

This comment has been minimized.

Copy link

@mrugesha mrugesha commented Jun 6, 2019

Can you please help me with ldap client configuration,

I am able to fetch user details using command line on client machine but login is not happening.

Please help.

@hieugiap

This comment has been minimized.

Copy link

@hieugiap hieugiap commented Mar 3, 2020

When i start Open ldap : " Failed to start slapd.service: Unit slapd.service not found" and " Failed to start openldap.service: Unit openldap.service not found. "
Please help

@peppelinux

This comment has been minimized.

Copy link

@peppelinux peppelinux commented Apr 27, 2020

When i start Open ldap : " Failed to start slapd.service: Unit slapd.service not found" and " Failed to start openldap.service: Unit openldap.service not found. "
Please help

is slapd server installed?
see journalctl -xe

@sudhir372

This comment has been minimized.

Copy link

@sudhir372 sudhir372 commented May 27, 2020

When I start, I received permission denied (13) error. Kindly suggest.

root@ubuntu:/opt# /usr/sbin/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/slapd.conf
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_url_parse_ext(ldap://172.16.0.217:389)
ldap_init: HOME env is /home/java
ldap_init: trying /home/java/ldaprc
ldap_init: trying /home/java/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
5ece5296 @(#) $OpenLDAP: slapd (Ubuntu) (May 1 2020 17:11:29) $
buildd@lgw01-amd64-003:/build/openldap-GN0ofv/openldap-2.4.42+dfsg/debian/build/servers/slapd
ldap_pvt_gethostbyname_a: host=ubuntu, r=0
5ece5296 daemon_init: ldap:/// ldapi:///
5ece5296 daemon_init: listen on ldap:///
5ece5296 daemon_init: listen on ldapi:///
5ece5296 daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
5ece5296 daemon: listener initialized ldap:///
ldap_url_parse_ext(ldapi:///)
5ece5296 daemon: listener initialized ldapi:///
5ece5296 daemon_init: 3 listeners opened
ldap_create
5ece5296 slapd init: initiated server.
5ece5296 slap_sasl_init: initialized!
5ece5296 could not open config file "/etc/slapd.conf": Permission denied (13)
5ece5296 slapd destroy: freeing system resources.
5ece5296 slapd stopped.
5ece5296 connections_destroy: nothing to destroy.

@492162921

This comment has been minimized.

Copy link

@492162921 492162921 commented Apr 14, 2021

按照文档在ubuntu18下执行,有如下注意事项:
1、第9行:CREATE USER 'ldap'@'localhost' IDENTIFIED BY 'S3cureP4ssw0rd$';
这里是mysql的数据库账号:ldap , 密码:S3cureP4ssw0rd$ ,密码在后面需要使用。

2、第18行:sudo mysql -u root ldap < init-ldap.sql
这里定义了表结构,需要额外添加数据
https://github.com/openldap/openldap/blob/master/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
https://github.com/openldap/openldap/blob/master/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql

3、第46行:Password = ldap
修改成 Password = S3cureP4ssw0rd$

4、第80行:sudo /usr/sbin/slappasswd -h {SSHA}
要求输入密码,这里根据testdb_data.sql中字段,输入"mit"。
返回 {SSHA}JvQPNRew1UBxGZoqYoMy+tXYfVE0ZnVT ,加密密码后面需要使用。

5、第100行,101行,102行,根据sql文件中内容修改如下:
suffix "dc=example,dc=com"
rootdn "cn=Mitya Kovalev,dc=example,dc=com"
rootpw {SSHA}JvQPNRew1UBxGZoqYoMy+tXYfVE0ZnVT

6、第117行:ldapsearch -x -b "dc=life,dc=com"
修改sql中定义的信息 ldapsearch -x -b "dc=example,dc=com"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment