29,349
edits
Changes
m
no edit summary
Line 1:
Line 1:
+{{ToTranslate}}+Ce chapitre ne concerne pas Dolibarr. Il contient un exemple d'instructions pour installer un annuaire LDAP qui pourra éventuellement être interfacé avec Dolibarr.+
+
+* Sous Ubuntu ou Debian, installer le package ldap.+* Sous Windows, vous pouvez utiliser le programme d'installation OpenLDAP Windows.
−Une fois cette opération faite, vous disposez d'un serveur LDAP vierge lancé en tant que service.
−= Configurer le serveur =+Le DN racine, le user et le mot de passe de connexion sont décrits dans le fichier '''slapd.conf'''. Le port peut également l'etre, sinon il s'agit du port par défaut: 389.+Arrêtez le service+Modifiez le fichier '''slapd.conf''' pour utiliser votre nom de domaine (remplacement des dc=my-domain,dc=com par votre choix).+Modifiez le fichier '''slapd.conf''' également pour ajouter les include de schémas dont vous aller avoir besoin pour déclarer vos objets LDAP.+Redemarrez le service.+A l'aide d'un browser LDAP comme JXplorer, essayer de vous connecter au sevrer LDAP avec le user d'administration LDAP.+Les identifiants de connexion par défaut seront donc:+
+
+
+
+
+= Créer votre arbre LDAP =+L'étape suivante consiste à définir les informations à stocker dans l'annuaire LDAP et leur organisation.
−Créer un fichier init.ldif contenant votre organisation. Par exemple:+<source lang="ini">+# Organization+dn: dc=mydomain,dc=com
−objectclass: dcObject
−objectclass: organization
−dc: mydomain
−o: Description of annuary
−description: The description of annuary
−# Setting up container for Users OU
−dn: ou=People,dc=mydomain,dc=com
−objectclass: top
−objectclass: organizationalUnit
−ou: People
−# Setting up container for groups
−dn: ou=Groups,dc=mydomain,dc=com
−objectclass: top
−objectclass: organizationalUnit
−ou: Groups
−</source>
−Executer le fichier avec le compte administrateur LDAP:+ldapadd -f init.ldif -D "cn=Manager,dc=mydomain,dc=com" -w secret+
<!-- BEGIN origin interlang links -->
+<!-- You can edit this section but do NOT remove these comments
+ Links below will be automatically replicated on translated pages by PolyglotBot -->
+[[fr:Installer_et_configurer_OpenLDAP]]
+[[es:Instalar_y_configurar_OpenLDAP]]
+<!-- END interlang links -->
+
[[Category:Admin]]
[[Category:Admin]]
−[[Category:Admin_en]]
−This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.
+= Install LDAP server =
+* With Ubuntu or Debian, install package slapd and ldap.
+* With Windows, you can use the install program of OpenLDAP.
+Once this is done, you have an empty LDAP server launched as a service.
−= Installer le serveur LDAP =
+= Setup server =
−For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server
−Otherwise the DN root, user and password to connect may be available into:
−* file '''slapd.conf'''. Port may also be into this file, if not, it is default port value: 389.
+* file '''olcDatabase={1}hdb.ldif'''. Entry with login/pass are '''olcRootDN''' and '''olcRootPW'''.
−Stop the service
−Modify file '''slapd.conf''' to use your domain name (replace all dc=my-domain,dc=com by value of your choice).
−Modify file '''slapd.conf''' also to add includes of schemas you will need to declare your LDAP objects.
−<source lang="ini">
+<syntaxHighlight lang="ini">
include ./schema/core.schema
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/inetorgperson.schema
include ./schema/nis.schema
include ./schema/nis.schema
−</source>
+</syntaxHighlight>
−or add shemas with
+<syntaxHighlight lang="ini">
+sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
+sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
+sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
+</syntaxHighlight>
+Restart the service.
−= Tester le serveur =
+= Test server =
−With a LDAP browser like [[wikipedia:JXplorer|JXplorer]], you can try to connect to your LDAP server using the admin LDAP user.
−Credentials by default are:
* Server: Localhost
* Server: Localhost
* Port: 389
* Port: 389
−* User: cn=Manager,dc=yourdomain,dc=com
+* User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
* Password: secret
* Password: secret
−* Base DN (optionnel): ne rien mettre ou mettre dc=yourdomain,dc=com
+* Base DN (optionnel): keep empty or set dc=mydomain,dc=com
+= Create your LDAP tree =
+Next step is to define information to store into your LDAP.
+Create a file init.ldif with your organization. For example (take care to keep empty line between each block. With some LDAP, you may also need to create several files for each block):
+{{TemplateInitLDapDif}}
+Execute file using the LDAP admin user:
+<syntaxHighlight lang="bash">
+ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret
+</syntaxHighlight>
+= Create few users =
+Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block):
+<syntaxHighlight lang="ini">
+# Some User
+dn: sn=someuser,ou=mypeople,dc=nodomain
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Some User
+sn: someuser
+mail: someuser@nodomain
+userPassword: {SSHA}hnP4gNK7SbgsAW3eTZYf23a4R7Ob19l2
+</syntaxHighlight>
−Use '''slappasswd -s passwordtocrypt''' to generate a password.
−= Troubleshooting =
−With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error
−''Program version x.y doesn't match environment version''
−To confirm problem, go onto DOS under directory data of OpenLDAP and launch command
−<source lang="bash">
+<syntaxHighlight lang="bash">
−..\db_stat -e
−</source>
+</syntaxHighlight>
+If message is the one described, launch repare of base with
+<syntaxHighlight lang="bash">
+..\db_recover
+</syntaxHighlight>
+Server should be able to start again.