OpenLDAP for Windows

Posted on December 12, 2008 by Jianming Li

http://www.symas.net/portal/index.fcgi
need registration and the Symas OpenLDAP 2.3 (CDS v3) Silver Edition is free.

OpenLDAP Admin Guide can be found at http://www.openldap.org/doc/admin23/
Here is nice LDAP how to http://www.grennan.com/ldap-HOWTO.html

A nice book: Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services by Matt Butcher

Install
-Double click to install and accept all default options.
-Copy slapd.conf.default to slapd.conf

slapd.conf

# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include   schema/core.schema
include   schema/cosine.schema
include   schema/inetorgperson.schema
 
pidfile     slapd.pid
argsfile    slapd.args
loglevel none 
 
modulepath  openldap
moduleload back_hdb
 
##########################
# Database Configuration #
##########################
 
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory Database/example
# directory /usr/local/var/openldap-data
index objectClass,cn eq
 
########
# ACLs #
########
access to attrs=userPassword
       by anonymous auth
       by self write
       by * none
 
access to *
       by self write
       by * none

Test slap.conf

slaptest -v -f slapd.conf

Start slapd
-Start from services

ldap.conf

# LDAP Client Settings
 
URI  ldap://localhost
BASE  dc=example,dc=com
BINDDN  cn=Manager,dc=example,dc=com
 
SIZELIMIT  0
TIMELIMIT  0

Test Server

>ldapsearch -x -W -D "cn=Manager,dc=example,dc=com" -b "" -s base
 
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
 
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
 
# search result
search: 2
result: 0 Success
 
# numResponses: 2
# numEntries: 1
 
>ldapsearch -x -W -D "cn=Manager,dc=example,dc=com" -b "" -s base "(objectclass=*)" +

Create Directory Data
-in ldif: ldap data interchange format

# This is the root of the directory tree
dn: dc=example,dc=com
description: Example.Com, your trusted non-existent corporation.
dc: example
o: Example.Com
objectClass: top
objectClass: dcObject
objectClass: organization
 
# Subtree for users
dn: ou=Users,dc=example,dc=com
ou: Users
description: Example.Com Users
objectClass: organizationalUnit
 
# Subtree for groups
dn: ou=Groups,dc=example,dc=com
ou: Groups
description: Example.Com Groups
objectClass: organizationalUnit
 
# Subtree for system accounts
dn: ou=System,dc=example,dc=com
ou: System
description: Special accounts used by software applications.
objectClass: organizationalUnit
 
##
## USERS
##
 
# Matt Butcher
dn: uid=matt,ou=Users,dc=example,dc=com
ou: Users
# Name info:
uid: matt
cn: Matt Butcher
sn: Butcher
givenName: Matt
givenName: Matthew
displayName: Matt Butcher
# Work Info:
title: Systems Integrator
description: Systems Integration and IT for Example.Com
employeeType: Employee
departmentNumber: 001
employeeNumber: 001-08-98
mail: mbutcher@example.com
mail: matt@example.com
roomNumber: 301
telephoneNumber: +1 555 555 4321
mobile: +1 555 555 6789
st: Illinois
l: Chicago
street: 1234 Cicero Ave.
# Home Info:
homePhone: +1 555 555 9876
homePostalAddress: 1234 home street $ Chicago, IL $ 60699-1234
# Misc:
userPassword: secret
preferredLanguage: en-us,en-gb
# Object Classes:
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
 
# Barbara Jensen:
dn: uid=barbara,ou=Users,dc=example,dc=com
ou: Users
uid: barbara
sn: Jensen
cn: Barbara Jensen
givenName: Barbara
displayName: Barbara Jensen
mail: barbara@example.com
userPassword: secret
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
 
# LDAP Admin Group:
dn: cn=LDAP Admins,ou=Groups,dc=example,dc=com
cn: LDAP Admins
ou: Groups
description: Users who are LDAP administrators
uniqueMember: uid=barbara,dc=example,dc=com
uniqueMember: uid=matt,dc=example,dc=com
objectClass: groupOfUniqueNames
 
# Special Account for Authentication:
dn: uid=authenticate,ou=System,dc=example,dc=com
uid: authenticate
ou: System
description: Special account for authenticating users
userPassword: secret
objectClass: account
objectClass: simpleSecurityObject

Add sample ldif
-Stop slapd
-Dry run

slapadd -v -u -c -f slapd.conf -l basics.ldif

-Real run

slapadd -v -f slapd.conf -l basics.ldif
added: "dc=example,dc=com" (000003f3)
added: "ou=Users,dc=example,dc=com" (000003f4)
added: "ou=Groups,dc=example,dc=com" (000003f5)
added: "ou=System,dc=example,dc=com" (000003f6)
added: "uid=matt,ou=Users,dc=example,dc=com" (000003f7)
added: "uid=barbara,ou=Users,dc=example,dc=com" (000003f8)
added: "cn=LDAP Admins,ou=Groups,dc=example,dc=com" (000003f9)
added: "uid=authenticate,ou=System,dc=example,dc=com" (000003fa)

-Start slapd

Clean Data (just in case)
remove all file from the database directory except “alock”, “DB_CONFIG”, “DB_CONFIG.example”

rm __db.* *.bdb log.*

ldapsearch

ldapsearch -x -W -D "cn=Manager,dc=example,dc=com" -b "ou=Users,dc=example,dc=com" "(uid=barbara)"

ldapadd
-Create a new ldif file:

dn: uid=david,ou=Users,dc=example,dc=com
cn: David Hume
sn: Hume
uid: david
ou: Users
mail: david@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson

-Run ldapadd:

ldapadd -x -w secret -D "cn=Manager,dc=example,dc=com" -f david.ldif
This entry was posted in ldap, win. Bookmark the permalink.