Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i'm trying, very unsuccessfully to get my OpenLDAP server up and going on my RHEL box. i'm just wondering if anyone knows of maybe a program out there such as a setup wizard that will edit the conf files for me and then i can go back and have a look at them and see what it has done? or a web tool or something that can help me out anything with an interface would be great.
webmin does have an LDAP users and groups icon and i've spent the last weeks trying tog et that working but it requires the net::ldap program from cpan and trust me i've tryed every way i can think of to get it working and i can't .... if anyone can help me out there that'd be great.
Distribution: SuSE since 5.2 - currently enjoying OpenSuSE 10.3 and testing 11.0 alphas
Posts: 24
Rep:
Hi,
I'm also trying to get to grips with OpenLDAP. There's a lot of stuff at their web-site http://www.openldap.org and on their mailing lists but it's not a lot of use to us newbies
I've got the O'Reilly book "LDAP system administration" which is helping - along with a great tool phpldapadmin from http://phpldapadmin.sourceforge.net (down side is that it needs to run through a web server, which means installing apache as well. Good learning curve though!).
It seems as though the process is -
1. define your database / directory structure
2. find or write a schema to suit
3. build a simple slapd.conf per the openLDAP quickstart guide, but include the above schema
4. Add to it with phpldapadmin and / or LDIF and CLI tools such as slapadd
Hope this helps, but it's a case of the blind leading the blind!
Richard.
Most of the time, you're using LDAP for a particular reason that's been used before. LDAP can be used to route email a certain way using Sendmail, it can replace (to an extent) the /etc/passwd file. LDAP can even store Kerberos prinicipals and spamassassin configuration. Or, perhaps you just want to use a dead simple Thunderbird or Outlook Express email address book. Any of these above uses already have a openldap-provided schema defination, so there's no need to write your own.
Writing your own schema is very difficult to do, especially for a noob, given all the checks and balances that are built into the current versions of OpenLDAP.
My advice is this: Figure out what you're going do store in LDAP, and make sure you have the right schema available. You can figure this out by looking at the files in /etc/openldap/schema, and by looking at the list of available ObjectClasses in phpLDAPadmin. Once the right schema has been added to the system, you can use one of the awesome wizards in phpLDAPadmin to create the objects you need, or you can use it's Custom wizard if phpLDAPadmin doesn't have what you're looking for.
For the webmin user: Webmin is Perl based and therefore needs the Perl module for LDAP in order to work. Installing this from CPAN should be a piece of cake:
1. su -
2. perl -MCPAN -e shell;
3. install Net::LDAP
If you've never used CPAN before, you may have to run through a battery of questions the first time you use it. Just hit enter everywhere to accept the defaults (minus the section that asks you what continent you live on). You will also need to make sure you've installed gcc (and friends) on your RHEL box, as I think there's some building required for Net::LDAP where you'd need the gcc compiler.
Quite honestly though, nothing beats phpLDAPadmin for administering a LDAP directory.
Distribution: SuSE since 5.2 - currently enjoying OpenSuSE 10.3 and testing 11.0 alphas
Posts: 24
Rep:
Thanks Bentz,
I'd completely agree that sticking to existing schemas is highly desirable and probably addresses 99% of applications.
However, somehow the project I'm doing (for a Masters degree, as a mature student (!)) increasingly looks as though it will centre on writing my own - I plan to use the 'local' OID arc 1.1.x as it will be confined to my LAN, at least for the foreseeable future.
Glad to see someone else is using phpLDAPadmin, as you say the wizards are just awesome. Wish I knew more php too...
I see. That's a little different scenario from the average LDAP noob.
Remember a few things if you're going to write your own schema:
Only one structural objectclass will be allowed for a given object. This is a new requirement.
At least one structural objectclass must be provided for a given object.
MUST attributes have to be present
MAY attributes are optional
/usr/sbin/slaptest is your friend
Use examples heavily. I great example is the sendmail schema I mentioned earlier. Mostly because it's "small" (comparively) and simple, and isn't glued in with the standard OpenLDAP distribution, therefore it must be included separately from slapd.conf. Take a look at /usr/share/sendmail-cf/sendmail.schema (path taken from Red Hat/Fedora).
Also, you can always cheat. It's not recommended, but to get started you can always take an existing ObjectClass and glue a new MAY (or even MUST) attribute to it.
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ favoriteFood ) )
Then move from there. Make you're own objectClass (which is preferred over mucking up an existing one like 'person'), then make you're own structural ObjectClass. Baby steps, you know? Pretty soon you'll have written the next release of IBM Tivoli Direcory Server 9.3 running on AS/400s everywhere.
Distribution: SuSE since 5.2 - currently enjoying OpenSuSE 10.3 and testing 11.0 alphas
Posts: 24
Rep:
Many thanks.
I was initially only trying to help the OP, but that looks like a great help for me! I was already considering hacking some existing objectclasses and attributes - it is quite a simple database and won't need many.
Sounds like I'll be better posting here if (when?) I get stuck rather than on the mailing lists - some of them aren't too tolerant of newbies unfortunately
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.