SDB:LDAP server

Jump to: navigation, search
Tested on openSUSE Recommended articles Related articles
Icon-checked.png

Icon-manual.png Icon-help.png

There are some advantages in using openSUSE's Yast2 for the basic installation. You will then get a basic working setup with the LDAP schemas needed for normal operation.

Installing the SW

  • Use your packet manager to add the "yast2-auth-server" module.
  • Restart Yast and go to Network Services and start the "Authentication Server" module.
  • Choose to start the LDAP server and choose Configure.
  • Select whether you like to install a stand-alone-, a master- or a replica-server.
  • Select whether or not to enable TLS. This is highly recommended but requires a certificate to be installed.
  • Select "Database" and then "Add"
  • Select a Base-DN in the form of "dc=example,dc=com" or "dc=test,dc=example,dc=com". This would normally mimic your network domain like example.com or test.example.com. Or use dc=local if you are not on the internet.
  • choose a password for the Administrator and then "OK".
  • You may now also setup Kerberos-Authentication (which is not explained here)

Testing your LDAP-server, starting and stopping

You must be able to (re)start your LDAP-server. Test it like this:

# stop your ldap server
systemctl stop slapd.service
# start your ldap server
systemctl start slapd.service
# verify your ldap server is running
systemctl status slapd.service

Your LDAP-server server must be reachable via network. To check this, run this command:

nmap localhost | grep -P '389|636'

The response to this command should contain a line

389/tcp  open  ldap

Connecting

To test if your database is properly set up, enter

slapcat

You should receive a response like

dn: dc=example,dc=com
dc: example
o: example
objectClass: organization
objectClass: dcObject
structuralObjectClass: organization
entryUUID: 7ab95c2e-0c8f-102d-9e51-5b50a42d05ab
creatorsName: cn=Administrator,dc=example,dc=com
createTimestamp: 20080901163340Z
entryCSN: 20080901163340Z#000000#00#000000
modifiersName: cn=Administrator,dc=example,dc=com
modifyTimestamp: 20080901163340Z

Adding an OU

This example assumes you chose dc=example,dc=com as base DN. To add an organizational unit do the following:

# stop your ldap server
systemctl stop slapd.service

# then create a file and add its content to your directory
cat >orgunit<<EOF
dn: ou=orgunit1,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: orgunit1
description: Test orgUnit
EOF
slapadd -v -l orgunit

# start your ldap server
systemctl start slapd.service

You should receive a response like

added: "ou=orgunit1,dc=example,dc=com" (00000002)

Adding a person

This example assumes you have added orgunit1 as described above. To add a person to the directory run this code:

cat >person<<EOF
dn: cn=James Attah,ou=orgunit1,dc=Amaglobal,dc=local
objectclass: top
objectclass: person
objectclass: organizationalPerson
sn: James
cn: James Attah
EOF
slapadd -v -l person

Using an application

You can now test your ldap server using e.g. kaddressbook. Search for "John" and you will find John Johnson.