ComTech: IT Support Stirling
TwitterFacebookGoogle

How to set up an Ldap Server on Ubuntu 12.04 LTS

ComTech: IT Support Stirling


Today I will show you how to set up an ldap server on Ubuntu 12.04 LTS.

First we need to install the packages we need so in a terminal type:

sudo apt-get install slapd ldap-utils

During installation you will be asked for an ldap administrator password.  You should choose one and then retype it.

The configurations example that follows uses a FQDN of comtech.com. You should change this to the FQDN of your organisation.

Now we need to add some additional schema files. In a terminal enter:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

Now make a file called backend.comtech.com.ldif somewhere on your system and add the following configuration to it.

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=comtech,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=comtech,dc=com
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn=”cn=admin,dc=comtech,dc=com” write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base=”” by * read
olcAccess: to * by dn=”cn=admin,dc=comtech,dc=com” write by * read

We now need to add the LDIF to the directory so in a terminal type:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f  backend.comtech.com.ldif

Now create a file called frontend.comtech.com.ldif somewhere on your system and add the following configuration to it.

# Create top-level object in domain
dn: dc=comtech,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Comtech
dc: comtech
description: Comtech LDAP Configuration

# Admin user.
dn: cn=admin,dc=comtech,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (ADD YOUR OWN PASSWORD HERE)

dn: ou=people,dc=comtech,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=comtech,dc=com
objectClass: organizationalUnit
ou: groups

dn: uid=bob,ou=people,dc=comtech,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: Bob
sn: Wates
givenName: Bob
cn: Bob Wates
displayName: Bob Wates
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: Bob Wates
loginShell: /bin/bash
homeDirectory: /home/bob
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: bob.wates@comtech.com
postalCode: CF24
l: Cardiff
o: Comtech
mobile: +44 (0)7 xx xx xx xx
homePhone: +44 (0)1 xx xx xx xx x
title: System Administrator
postalAddress:
initials: BW

dn: cn=comtech,ou=groups,dc=comtech,dc=com
objectClass: posixGroup
cn: comtech
gidNumber: 10000

Now we need to add the entries to the LDAP directory.  In a terminal type:

sudo ldapadd -x -D cn=admin,dc=comtech,dc=com -W -f frontend.comtech.com.ldif

You will be asked for the ldap administration password.  This is the password in the admin section of the frontend.comtech.com.ldif file.

All that is left to do is to test the configuration so in a terminal type:

ldapsearch -xLLL -b “dc=comtech,dc=com” uid=bob sn givenName cn

If your files are configured correctly then you get the following output.

dn: uid=bob,ou=people,dc=comtech,dc=com
cn: Bob Wates
sn: Wates
givenName: Bob

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to small businesses in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

15 thoughts on “How to set up an Ldap Server on Ubuntu 12.04 LTS

  1. When I install ldap on Ubuntu 12.04 LTS server then After basic configuration of ldap ,I searched using following command:
    ldapsearch -x -W -LLL
    then asked for password and I entered password which I mention in the configuration file, I got following error:
    ldap_bind:Invalid credentials(49) error
    I search for the same error on the google but it didn’t work

  2. Michael B, Robert P, LOORA, Trogdan and Rick R,

    Ubuntu, and all Debian builds contain a fabulous command few people use to it’s full potential. When things get hosed up, as they did with me too, you’ll want to remove slapd and start over.

    Do NOT delete anything in /etc yourself, headaches will follow!

    Do run this command: `sudo dpkg purge slapd`
    This removes slapd and all of its configuration files (which is where most of our problems lie).

    Then reinstall slapd, and ldap-utils if you need to, with apt-get. Answer the questions that you are prompted for.

    Then, here is the important part, run `sudo dpkg-reconfigure`; this will remove the dc=example,dc=com, and other records, such as administrator credentials. This gives you a chance to put your values in the config file. Once that is done use the instructions provided by Chris to set up your LDAP server.

    PS: I recommend the phpLDAPadmin package, you can use it to manage your server, after it is installed, configured and working. It is nice, but, like all admin GUI applications, it can be a little rigid. For example, when adding a new user the GUI forced several field values I was not able to change. However, once the record is in the database you can go back to it and modify the values to what you wanted when you added a new user. This is inconvenient, and what I think Chris is trying to avoid using the command line tools. It’s just my opinion.

    Good luck everyone.

    Chris, nice succinct tutorial, Thanks.

    Dennisj.

  3. Thanks, good tutorial.
    When using ldapadd I was getting the error: ldap_add: Other (e.g., implementation specific) error (80)
    additional info: handler exited with 1
    Then I noticed the reason for that.
    When I copypasted the backend.ldif file from this page, there were curly quotation marks instead of straight quotation marks (“”) and that was a syntax error from the ldap software point of view :) Of course the curly quotes are there because of the blog’s automatic text formatting ;) But it took me a while to notice that…

  4. I got the same error

    I don’t know if I did something wrong, I just changed my tree to teste.local

    Take a look:

    sudo ldapadd -x -D cn=admin,dc=teste,dc=local -W -f frontend.teste.local.ldif
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)

    Any Help!?

  5. I removed and re-installed a few times using apt-get remove and apt-get install.

    I was not prompted for a password during the install and my commands are rejected for lack of a password.

  6. Thanks for your Tutorial. Sadly i’m struggling since a few days with the ldap system we have here. Well o.k. i am quite new to LDAP, so it’s a little complicated for me. therefore many thanks, that you posted this article, it was helpful. One last question: How do you delete an whole ldad archive? i use also phpldapadmin on the webserver, but when i try to delete it, it says “E_WARNING: Illegal offset type” … soso, well, i hope to figure it out soon…

  7. If you follow this instruction on clean Ubuntu 12.04 desktop I think you will get the following error message. It won’t work.

    my-vbox:~$ sudo ldapadd -Y ENTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
    ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available: No worthy mechs found

  8. I get the same error as Rick

    sudo ldapadd -x -D cn=admin,dc=projectxanadu,dc=com -W -f frontend.projectxanadu.com.ldif
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)

  9. +1 On the Samba+LDAP request…could really use a hand with this. I got it working for the most part…but no matter what I do I get “Network path not found” when the test client logs in…bah.

  10. Hmmm… I get up to this point:

    sudo ldapadd -x -D cn=admin,dc=comtech,dc=com -W -f frontend.comtech.com.ldif

    I have the dn modified to reflect my org (really, a fake one; this is for testing), but that's changed uniformly. I've used only one password for everything, so I know I'm using the correct password. But then I get:

    xnat@ubuntu:~$ sudo ldapadd -x -D cn=admin,dc=xnattest,dc=org -W -f frontend.xnattest.org.ldif
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)

    Any idea what might be going wrong?

Leave a comment

Your email address will not be published.

CyberChimps
Follow

Get every new post delivered to your Inbox

Join other followers

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera
WP Like Button Plugin by Free WordPress Templates