LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-20-2004, 10:37 PM   #1
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Rep: Reputation: 30
LDAP and OpenLDAP


Can someone tell me in layman terms what does LDAP and OpenLDAP do?

I understand that LDAP is just a protocol right? OpenLDAP is something that helps to ease the managing of samba user accounts?

Actually what I'm trying to pick up now is Samba with OpenLDAP as told by my supervisor .

Last edited by subaruwrx; 07-20-2004 at 10:58 PM.
 
Old 07-21-2004, 01:42 AM   #2
egyptian
Member
 
Registered: Aug 2003
Location: egypt
Distribution: Fedora,SuSE9
Posts: 47

Rep: Reputation: 15
i 'll answer you as i still biginner to openldap!!
because of the importance of the centralized authentication,companies use directory services to
have a database of all users in thier network and some information about them (fist name,last name, email address,..)
one of these directory services is ldap and its opensource version (openldap)
 
Old 07-21-2004, 03:30 PM   #3
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
If you install the Samba documentation on your Linux box (there may be a separate package for them), you'll find a really excellent manual in:

/usr/share/doc/<samba-version>/html

which includes how to setup Samba to use an existing LDAP service. That should cover the second part.

As Egyptian says, an LDAP service provides information on users (from it's database). This can include security information on what groups they should be member of, what they're password is etc. as well as contact information. "LDAP" is the network protocol, "OpenLDAP" is a Free implementation of the clients and server. A Kerberos service is often used in conjunction with an LDAP service to provide strong encryption to communications between the user clients and the services that they access.

An LDAP service is often both a contacts directory for mail clients and an authentication source for logins. If you are being asked to set up an LDAP service from scratch, then you need to do a fair bit of reading and planning - as the network's central authority on who users are, it's the most important service after DNS, and it requires a similar amount of effort learning the concepts.
 
Old 07-23-2004, 12:45 PM   #4
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
How about sharing some good links for newbie on ldap and samba with openldap?
 
Old 07-24-2004, 05:43 AM   #5
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
The OpenLDAP site has a good set of documentation about LDAP and setting up the service:

http://www.openldap.org/

The Samba docs I mentioned before are also available from the project's Website.

Between the two you should have enough but again, you'll have to spend a bit of time going over it to grasp the concepts of LDAP.
 
Old 07-29-2004, 04:20 AM   #6
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Ok I tried editing the slapd.conf file from this guide.

Edited the slapd.conf and top.ldif as followed.

But after typing "ldapadd -x -D 'cn=manager,dc=foo,dc=com' -W -f top.ldif", it prompt me for a password. What password do I enter? cn=Manager's password?

slapd.conf file

Code:
# Schemas to use
include  /etc/openldap/schema/core.schema
include  /etc/openldap/schema/cosine.schema
include  /etc/openldap/schema/inetorgperson.schema
include  /etc/openldap/schema/nis.schema
include  /etc/openldap/schema/redhat/
rfc822-MailMember.schema
include  /etc/openldap/schema/redhat/autofs.schema
include  /etc/openldap/schema/redhat/
kerberosobject.schema

database       ldbm
suffix         "dc=foo,dc=com"
rootdn         "cn=Manager, dc=foo,dc=com"
rootpw         secret
directory      /var/lib/ldap

index   default                             eq
index   objectClass,uid,uidNumber,gidNumber eq
index   cn,mail,surname,givenname           eq,sub

# Access Control (See openldap v.2.0 Admin Guide)
access to attr=userPassword
   by self         write
   by anonymous    auth
   by dn="cn=manager,dc=foo,dc=com"       write
   by *    compare
access to *
   by self write
   by dn="cn=manager,dc=foo,dc=com"       write
   by * read
test.ldif

Code:
 
dn: dc=foo, dc=com
objectclass: dcObject
objectclass: organization
o: Foo Company
dc: foo

dn: cn=manager, dc=foo, dc=com
objectclass: organizationalRole
cn: manager

dn: ou=people, dc=foo, dc=com
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: foo.com

dn: ou=contacts, ou=people, dc=foo, dc=com
ou: contacts
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: foo.com

dn: ou=group, dc=foo, dc=com
ou: group
objectclass: organizationalUnit
objectclass: domainRelatedObject
Error msg

Code:
[root@host MISC]# ldapadd -x -D "cn=Manager,dc=foo,dc=com" -W -f test.ldif
Enter LDAP Password:
ldapadd: invalid format (line 1) entry: ""
[root@host MISC]#

Last edited by subaruwrx; 07-29-2004 at 05:10 AM.
 
Old 07-30-2004, 12:09 PM   #7
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
bump
 
Old 08-01-2004, 01:07 AM   #8
egyptian
Member
 
Registered: Aug 2003
Location: egypt
Distribution: Fedora,SuSE9
Posts: 47

Rep: Reputation: 15
password required is the password of the root, that is defined by rootpw (you entered it in the file as "secret")
 
Old 08-01-2004, 01:25 AM   #9
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by egyptian
password required is the password of the root, that is defined by rootpw (you entered it in the file as "secret")
So how do I specify the password? Still don't quite understand rootpw secret.
 
Old 08-01-2004, 03:16 AM   #10
egyptian
Member
 
Registered: Aug 2003
Location: egypt
Distribution: Fedora,SuSE9
Posts: 47

Rep: Reputation: 15
this is the password of the ldap administrator (defined by rootdn)
you can change the field rootpw in the file slapd.conf to your preferred password
or put it encrypted by using ldappasswd (i don't remember the syntax)
 
Old 08-01-2004, 04:25 AM   #11
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by egyptian
this is the password of the ldap administrator (defined by rootdn)
you can change the field rootpw in the file slapd.conf to your preferred password
or put it encrypted by using ldappasswd (i don't remember the syntax)
So I can just simply put "rootpw password" ?
 
Old 08-01-2004, 10:22 AM   #12
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Every database needs an administrator. The administrator has super user rights in the database. He can add users, delete users, etc.

With OpenLDAP, you specify the name of the administrator and his password in the slapd.conf file.

In your example, the administrator is cn=Manager,dc=foo,dc=com

rootdn "cn=Manager, dc=foo,dc=com"

The administrator's password is secret

rootpw secret

ldapadd -x -D 'cn=manager,dc=foo,dc=com' -W -f top.ldif

This command says:

Add information to the LDAP database from the file called top.ldif. ldapadd -f top.ldif
Use simple authentication -x
The request is being made by the administrator -D 'cn=Manager,dc=foo,dc=com'
Prompt for a password -W

At the password prompt, just enter the password that you have specified in the slapd.conf file. secret

By the way, you have spelt the Manager with a capital letter in the slapd.conf so you need to use a capital letter in the command.
 
Old 08-01-2004, 11:05 AM   #13
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by jamrock
Every database needs an administrator. The administrator has super user rights in the database. He can add users, delete users, etc.

With OpenLDAP, you specify the name of the administrator and his password in the slapd.conf file.

In your example, the administrator is cn=Manager,dc=foo,dc=com

rootdn "cn=Manager, dc=foo,dc=com"

The administrator's password is secret

rootpw secret

ldapadd -x -D 'cn=manager,dc=foo,dc=com' -W -f top.ldif

This command says:

Add information to the LDAP database from the file called top.ldif. ldapadd -f top.ldif
Use simple authentication -x
The request is being made by the administrator -D 'cn=Manager,dc=foo,dc=com'
Prompt for a password -W

At the password prompt, just enter the password that you have specified in the slapd.conf file. secret

By the way, you have spelt the Manager with a capital letter in the slapd.conf so you need to use a capital letter in the command.
Thanx.

So, after adding, if I want to check the database, I just need to check the slap.conf file?
 
Old 08-02-2004, 01:23 AM   #14
egyptian
Member
 
Registered: Aug 2003
Location: egypt
Distribution: Fedora,SuSE9
Posts: 47

Rep: Reputation: 15
to check the database simply run:
ldapsearch -xb "dc=foo,dc=com"
 
Old 08-02-2004, 04:51 AM   #15
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by egyptian
to check the database simply run:
ldapsearch -xb "dc=foo,dc=com"
Does it mean that the database is transparent? Not stored in any file?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP: Can't contact master ldap server rulirahm Linux - Networking 2 07-14-2014 02:02 AM
LDAP server not starting as user LDAP klnasveschuk Fedora 1 02-15-2007 04:49 AM
AD, OpenLDAP bentman78 Linux - Networking 1 03-15-2005 12:34 PM
openldap quarry_06 Linux - Networking 7 11-21-2004 01:11 PM
ldap-abook unable to get street name in ldap-entry Jingle Linux - Software 1 06-06-2004 07:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration