{"id":171,"date":"2008-12-12T00:05:15","date_gmt":"2008-12-12T04:05:15","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=171"},"modified":"2009-03-06T15:56:11","modified_gmt":"2009-03-06T20:56:11","slug":"openldap-for-windows","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=171","title":{"rendered":"OpenLDAP for Windows"},"content":{"rendered":"

http:\/\/www.symas.net\/portal\/index.fcgi<\/a>
\nneed registration and the Symas OpenLDAP 2.3 (CDS v3) Silver Edition is free.<\/p>\n

OpenLDAP Admin Guide can be found at http:\/\/www.openldap.org\/doc\/admin23\/<\/a>
\nHere is nice LDAP how to http:\/\/www.grennan.com\/ldap-HOWTO.html<\/a><\/p>\n

A nice book: Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services by Matt Butcher<\/p>\n

Install<\/strong>
\n-Double click to install and accept all default options.
\n-Copy slapd.conf.default to slapd.conf<\/p>\n

slapd.conf<\/strong><\/p>\n

\r\n# slapd.conf - Configuration file for LDAP SLAPD\r\n##########\r\n# Basics #\r\n##########\r\ninclude   schema\/core.schema\r\ninclude   schema\/cosine.schema\r\ninclude   schema\/inetorgperson.schema\r\n\r\npidfile     slapd.pid\r\nargsfile    slapd.args\r\nloglevel none \r\n\r\nmodulepath  openldap\r\nmoduleload back_hdb\r\n\r\n##########################\r\n# Database Configuration #\r\n##########################\r\n\r\ndatabase hdb\r\nsuffix \"dc=example,dc=com\"\r\nrootdn \"cn=Manager,dc=example,dc=com\"\r\nrootpw secret\r\ndirectory Database\/example\r\n# directory \/usr\/local\/var\/openldap-data\r\nindex objectClass,cn eq\r\n\r\n########\r\n# ACLs #\r\n########\r\naccess to attrs=userPassword\r\n       by anonymous auth\r\n       by self write\r\n       by * none\r\n\r\naccess to *\r\n       by self write\r\n       by * none\r\n<\/pre>\n
Test slap.conf<\/strong><\/p>\n
\r\nslaptest -v -f slapd.conf\r\n<\/pre>\n
Start slapd<\/strong>
\n-Start from services<\/p>\n
ldap.conf<\/strong><\/p>\n
\r\n# LDAP Client Settings\r\n\r\nURI  ldap:\/\/localhost\r\nBASE  dc=example,dc=com\r\nBINDDN  cn=Manager,dc=example,dc=com\r\n\r\nSIZELIMIT  0\r\nTIMELIMIT  0\r\n<\/pre>\n
Test Server<\/strong><\/p>\n
\r\n>ldapsearch -x -W -D \"cn=Manager,dc=example,dc=com\" -b \"\" -s base\r\n\r\nEnter LDAP Password: \r\n# extended LDIF\r\n#\r\n# LDAPv3\r\n# base <> with scope baseObject\r\n# filter: (objectclass=*)\r\n# requesting: ALL\r\n#\r\n\r\n#\r\ndn:\r\nobjectClass: top\r\nobjectClass: OpenLDAProotDSE\r\n\r\n# search result\r\nsearch: 2\r\nresult: 0 Success\r\n\r\n# numResponses: 2\r\n# numEntries: 1\r\n\r\n>ldapsearch -x -W -D \"cn=Manager,dc=example,dc=com\" -b \"\" -s base \"(objectclass=*)\" +\r\n<\/pre>\n
Create Directory Data <\/strong>
\n-in ldif: ldap data interchange format<\/p>\n
\r\n# This is the root of the directory tree\r\ndn: dc=example,dc=com\r\ndescription: Example.Com, your trusted non-existent corporation.\r\ndc: example\r\no: Example.Com\r\nobjectClass: top\r\nobjectClass: dcObject\r\nobjectClass: organization\r\n\r\n# Subtree for users\r\ndn: ou=Users,dc=example,dc=com\r\nou: Users\r\ndescription: Example.Com Users\r\nobjectClass: organizationalUnit\r\n\r\n# Subtree for groups\r\ndn: ou=Groups,dc=example,dc=com\r\nou: Groups\r\ndescription: Example.Com Groups\r\nobjectClass: organizationalUnit\r\n\r\n# Subtree for system accounts\r\ndn: ou=System,dc=example,dc=com\r\nou: System\r\ndescription: Special accounts used by software applications.\r\nobjectClass: organizationalUnit\r\n\r\n##\r\n## USERS\r\n##\r\n\r\n# Matt Butcher\r\ndn: uid=matt,ou=Users,dc=example,dc=com\r\nou: Users\r\n# Name info:\r\nuid: matt\r\ncn: Matt Butcher\r\nsn: Butcher\r\ngivenName: Matt\r\ngivenName: Matthew\r\ndisplayName: Matt Butcher\r\n# Work Info:\r\ntitle: Systems Integrator\r\ndescription: Systems Integration and IT for Example.Com\r\nemployeeType: Employee\r\ndepartmentNumber: 001\r\nemployeeNumber: 001-08-98\r\nmail: mbutcher@example.com\r\nmail: matt@example.com\r\nroomNumber: 301\r\ntelephoneNumber: +1 555 555 4321\r\nmobile: +1 555 555 6789\r\nst: Illinois\r\nl: Chicago\r\nstreet: 1234 Cicero Ave.\r\n# Home Info:\r\nhomePhone: +1 555 555 9876\r\nhomePostalAddress: 1234 home street $ Chicago, IL $ 60699-1234\r\n# Misc:\r\nuserPassword: secret\r\npreferredLanguage: en-us,en-gb\r\n# Object Classes:\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\n\r\n# Barbara Jensen:\r\ndn: uid=barbara,ou=Users,dc=example,dc=com\r\nou: Users\r\nuid: barbara\r\nsn: Jensen\r\ncn: Barbara Jensen\r\ngivenName: Barbara\r\ndisplayName: Barbara Jensen\r\nmail: barbara@example.com\r\nuserPassword: secret\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\n\r\n# LDAP Admin Group:\r\ndn: cn=LDAP Admins,ou=Groups,dc=example,dc=com\r\ncn: LDAP Admins\r\nou: Groups\r\ndescription: Users who are LDAP administrators\r\nuniqueMember: uid=barbara,dc=example,dc=com\r\nuniqueMember: uid=matt,dc=example,dc=com\r\nobjectClass: groupOfUniqueNames\r\n\r\n# Special Account for Authentication:\r\ndn: uid=authenticate,ou=System,dc=example,dc=com\r\nuid: authenticate\r\nou: System\r\ndescription: Special account for authenticating users\r\nuserPassword: secret\r\nobjectClass: account\r\nobjectClass: simpleSecurityObject\r\n<\/pre>\n
Add sample ldif<\/strong>
\n-Stop slapd
\n-Dry run<\/p>\n
slapadd -v -u -c -f slapd.conf -l basics.ldif<\/pre>\n
-Real run<\/p>\n
slapadd -v -f slapd.conf -l basics.ldif\r\nadded: \"dc=example,dc=com\" (000003f3)\r\nadded: \"ou=Users,dc=example,dc=com\" (000003f4)\r\nadded: \"ou=Groups,dc=example,dc=com\" (000003f5)\r\nadded: \"ou=System,dc=example,dc=com\" (000003f6)\r\nadded: \"uid=matt,ou=Users,dc=example,dc=com\" (000003f7)\r\nadded: \"uid=barbara,ou=Users,dc=example,dc=com\" (000003f8)\r\nadded: \"cn=LDAP Admins,ou=Groups,dc=example,dc=com\" (000003f9)\r\nadded: \"uid=authenticate,ou=System,dc=example,dc=com\" (000003fa)<\/pre>\n
-Start slapd<\/p>\n
Clean Data (just in case)<\/strong>
\nremove all file from the database directory except “alock”, “DB_CONFIG”, “DB_CONFIG.example”<\/p>\n
rm __db.* *.bdb log.*<\/pre>\n
ldapsearch<\/strong><\/p>\n
ldapsearch -x -W -D \"cn=Manager,dc=example,dc=com\" -b \"ou=Users,dc=example,dc=com\" \"(uid=barbara)\"<\/pre>\n
ldapadd<\/strong>
\n-Create a new ldif file:<\/p>\n
\r\ndn: uid=david,ou=Users,dc=example,dc=com\r\ncn: David Hume\r\nsn: Hume\r\nuid: david\r\nou: Users\r\nmail: david@example.com\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\n<\/pre>\n
-Run ldapadd:<\/p>\n
ldapadd -x -w secret -D \"cn=Manager,dc=example,dc=com\" -f david.ldif<\/pre>\n","protected":false},"excerpt":{"rendered":"
http:\/\/www.symas.net\/portal\/index.fcgi need registration and the Symas OpenLDAP 2.3 (CDS v3) Silver Edition is free. OpenLDAP Admin Guide can be found at http:\/\/www.openldap.org\/doc\/admin23\/ Here is nice LDAP how to http:\/\/www.grennan.com\/ldap-HOWTO.html A nice book: Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[34,10],"tags":[],"class_list":["post-171","post","type-post","status-publish","format-standard","hentry","category-ldap","category-winos"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-2L","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=171"}],"version-history":[{"count":3,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/171\/revisions"}],"predecessor-version":[{"id":677,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/171\/revisions\/677"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}