OpenLDAP with MySQL Backend - Ubuntu 18.04

ubuntu-bionic-openldap-mysql.sh

## installation openldap with backend mysql
sudo apt update && sudo apt upgrade -y && sudo reboot
sudo apt install mysql-server unixodbc make gcc libmysqlclient-dev unixodbc-dev groff ldap-utils

## mysql login as root
sudo mysql -u root

CREATE DATABASE ldap
CREATE USER 'ldap'@'%' IDENTIFIED BY 'S3cureP4ssw0rd$';
GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'%';
CREATE USER 'ldap'@'localhost' IDENTIFIED BY 'S3cureP4ssw0rd$';
GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'localhost';
FLUSH PRIVILEGES;
EXIT

## create table to ldap database
git clone https://gist.github.com/mahirrudin/bdde7e60fe2a4a3e7b17c5ee28bf02c0 init-ldap.sql
sudo mysql -u root ldap < init-ldap.sql

## install mysql odbc connector
wget https://dev.mysql.com/get/Downloads/Connector-ODBC/8.0/mysql-connector-odbc-8.0.11-linux-ubuntu18.04-x86-64bit.tar.gz
tar -xvzf mysql-connector-odbc-8.0.11-linux-ubuntu18.04-x86-64bit.tar.gz
cd mysql-connector-odbc-*/
sudo cp lib/libmyodbc8* /usr/lib/x86_64-linux-gnu/odbc/

## create file /etc/odbcinst.ini
[MySQL Unicode]
Description = MySQL ODBC 8.0 Unicode Driver
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8w.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8S.so
FileUsage = 1

[MySQL ANSI]
Description = MySQL ODBC 8.0 ANSI Driver
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8a.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc8S.so
FileUsage = 1

## edit /etc/odbc.ini
[ldap]
Description = MySQL Connector for LDAP
Driver = MySQL Unicode
Database = ldap
Server = 127.0.0.1
User = ldap
Password = ldap
Port = 3306

## check ldap connection if it works
sudo echo "show databases" | isql -v ldap

+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+---------------------------------------+
SQL> show databases
+-----------------------------------------------------------------+
| Database                                                        |
+-----------------------------------------------------------------+
| information_schema                                              |
| ldap                                                            |
+-----------------------------------------------------------------+

## download, compile, and install openldap from source
## more information http://www.linuxfromscratch.org/blfs/view/svn/server/openldap.html
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.46.tgz
tar -xvzf openldap-2.4.46.tgz
sudo mv openldap-2.4.* /opt/openldap
cd /opt/openldap
sudo ./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --enable-sql --disable-bdb --disable-ndb --disable-hdb
sudo make depend
sudo make
sudo make install

## create password for openldap configuration
sudo /usr/sbin/slappasswd -h {SSHA}

## edit /etc/openldap/slapd.conf

################### Start of Configuration ############################
# OpenLDAP Configuration by mahirrudin
#######################################################################

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

#######################################################################
# SQL database definitions
#######################################################################

database	sql
suffix		"dc=boekoe,dc=id"
rootdn		"cn=administrator,dc=boekoe,dc=id"
rootpw		{SSHA}Th2pCgWlUzNg2gghclpU1IF4lWfPRIKV

# SQL configuration
dbname ldap
dbuser ldap
dbpasswd S3cureP4ssw0rd$
has_ldapinfo_dn_ru no
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"

################### End of Configuration ##############################

## running openldap
sudo /opt/openldap/servers/slapd/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/openldap/slapd.conf &

## check if ldap working normally
ldapsearch -x -b "dc=life,dc=com"

Can you please help me with below error message...

sudo echo "show databases" | isql -v openldap
[IM002][unixODBC][Driver Manager]Data source name not found, and no default driver specified
[ISQL]ERROR: Could not SQLConnect

edit /etc/odbc.ini 密碼應該是mysql 授權給 ldap 的密碼

可以再撰寫加入 phpldapadmin 會更完美,另外這個設定 "cn=administrator,dc=boekoe,dc=id" 是如何來的,查詢時又怎會查 ldapsearch -x -b "dc=life,dc=com" 這個 dc ,不解?

Thanks... thats resolved now.

But now Im not able to start openldap.. here is the error message Im getting

5bf4bc5a backsql_db_open(): schema mapping failed, exiting
5bf4bc5a backend_startup_one (type=sql, suffix="dc=domain,dc=com"): bi_db_open failed! (1)
5bf4bc5a slapd shutdown: initiated
5bf4bc5a ==>backsql_db_close()
5bf4bc5a <==backsql_db_close()
5bf4bc5a slapd destroy: freeing system resources.
5bf4bc5a ==>backsql_close_db_handle(0x21ab440)
5bf4bc5a <==backsql_close_db_handle(0x21ab440)
5bf4bc5a ==>backsql_db_destroy()
5bf4bc5a ==>backsql_free_db_env()
5bf4bc5a <==backsql_free_db_env()
5bf4bc5a ==>destroy_schema_map()
5bf4bc5a <==destroy_schema_map()
5bf4bc5a <==backsql_db_destroy()
5bf4bc5a slapd stopped.

@samcookies: same here, take a look at https://github.com/openldap/openldap/tree/master/servers/slapd/back-sql/rdbms_depend/mysql for example schemas

Hello, got the same error as @samcookies

someone have the solution ?

Ok I fix it. you need to clean the /etc/openldap/slapd.conf file and add the following text (same as tutorial) :

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

database sql
suffix "dc=boekoe,dc=id"
rootdn "cn=administrator,dc=boekoe,dc=id"
rootpw {SSHA}Th2pCgWlUzNg2gghclpU1IF4lWfPRIKV

dbname ldap
dbuser ldap
dbpasswd S3cureP4ssw0rd$
has_ldapinfo_dn_ru no
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"

Can you please help me with ldap client configuration,

I am able to fetch user details using command line on client machine but login is not happening.

Please help.

When i start Open ldap : " Failed to start slapd.service: Unit slapd.service not found" and " Failed to start openldap.service: Unit openldap.service not found. "
Please help

When i start Open ldap : " Failed to start slapd.service: Unit slapd.service not found" and " Failed to start openldap.service: Unit openldap.service not found. "
Please help

is slapd server installed?
see journalctl -xe

When I start, I received permission denied (13) error. Kindly suggest.

root@ubuntu:/opt# /usr/sbin/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/slapd.conf
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_url_parse_ext(ldap://172.16.0.217:389)
ldap_init: HOME env is /home/java
ldap_init: trying /home/java/ldaprc
ldap_init: trying /home/java/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
5ece5296 @(#) $OpenLDAP: slapd (Ubuntu) (May 1 2020 17:11:29) $
buildd@lgw01-amd64-003:/build/openldap-GN0ofv/openldap-2.4.42+dfsg/debian/build/servers/slapd
ldap_pvt_gethostbyname_a: host=ubuntu, r=0
5ece5296 daemon_init: ldap:/// ldapi:///
5ece5296 daemon_init: listen on ldap:///
5ece5296 daemon_init: listen on ldapi:///
5ece5296 daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
5ece5296 daemon: listener initialized ldap:///
ldap_url_parse_ext(ldapi:///)
5ece5296 daemon: listener initialized ldapi:///
5ece5296 daemon_init: 3 listeners opened
ldap_create
5ece5296 slapd init: initiated server.
5ece5296 slap_sasl_init: initialized!
5ece5296 could not open config file "/etc/slapd.conf": Permission denied (13)
5ece5296 slapd destroy: freeing system resources.
5ece5296 slapd stopped.
5ece5296 connections_destroy: nothing to destroy.

按照文档在ubuntu18下执行，有如下注意事项：
1、第9行：CREATE USER 'ldap'@'localhost' IDENTIFIED BY 'S3cureP4ssw0rd$';
这里是mysql的数据库账号：ldap ， 密码：S3cureP4ssw0rd$ ，密码在后面需要使用。

2、第18行：sudo mysql -u root ldap < init-ldap.sql
这里定义了表结构，需要额外添加数据
https://github.com/openldap/openldap/blob/master/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
https://github.com/openldap/openldap/blob/master/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql

3、第46行：Password = ldap
修改成 Password = S3cureP4ssw0rd$

4、第80行：sudo /usr/sbin/slappasswd -h {SSHA}
要求输入密码，这里根据testdb_data.sql中字段，输入"mit"。
返回 {SSHA}JvQPNRew1UBxGZoqYoMy+tXYfVE0ZnVT ，加密密码后面需要使用。

5、第100行，101行，102行，根据sql文件中内容修改如下：
suffix "dc=example,dc=com"
rootdn "cn=Mitya Kovalev,dc=example,dc=com"
rootpw {SSHA}JvQPNRew1UBxGZoqYoMy+tXYfVE0ZnVT

6、第117行：ldapsearch -x -b "dc=life,dc=com"
修改sql中定义的信息 ldapsearch -x -b "dc=example,dc=com"

use phpadmin tools : https://pv-bucket.oss-cn-hongkong.aliyuncs.com/Persistence/%E5%B7%A5%E5%85%B7%E8%AE%BF%E9%97%AE.png
update see : https://gist.github.com/492162921/e5c00cbd6da99f702b9b2ed0e4432819