Changes

m
no edit summary
Line 1: Line 1:  +
<!-- BEGIN origin interlang links -->
 +
<!-- You can edit this section but do NOT remove these comments
 +
    Links below will be automatically replicated on translated pages by PolyglotBot -->
 +
[[fr:Installer_et_configurer_OpenLDAP]]
 +
[[es:Instalar_y_configurar_OpenLDAP]]
 +
<!-- END interlang links -->
 +
 
[[Category:Admin]]
 
[[Category:Admin]]
{{ToTranslate}}
+
[[Category:Admin_en]]
Ce chapitre ne concerne pas Dolibarr. Il contient un exemple d'instructions pour installer un annuaire LDAP qui pourra éventuellement être interfacé avec Dolibarr.
+
 
 +
This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.
 +
 
 +
= Install LDAP server =
 +
* With Ubuntu or Debian, install package slapd and ldap.
 +
* With Windows, you can use the install program of OpenLDAP.
 +
Once this is done, you have an empty LDAP server launched as a service.
   −
= Installer le serveur LDAP =
+
= Setup server =
* Sous Ubuntu ou Debian, installer le package ldap.
+
For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server
* Sous Windows, vous pouvez utiliser le programme d'installation OpenLDAP Windows.
  −
Une fois cette opération faite, vous disposez d'un serveur LDAP vierge lancé en tant que service.
     −
= Configurer le serveur =
+
Otherwise the DN root, user and password to connect may be available into:
Le DN racine, le user et le mot de passe de connexion sont décrits dans le fichier '''slapd.conf'''. Le port peut également l'etre, sinon il s'agit du port par défaut: 389.
+
* file '''slapd.conf'''. Port may also be into this file, if not, it is default port value: 389.
 +
* file '''olcDatabase={1}hdb.ldif'''. Entry with login/pass are '''olcRootDN''' and '''olcRootPW'''.
   −
Arrêtez le service
+
Stop the service
   −
Modifiez le fichier '''slapd.conf''' pour utiliser votre nom de domaine (remplacement des dc=my-domain,dc=com par votre choix).
+
Modify file '''slapd.conf''' to use your domain name (replace all dc=my-domain,dc=com by value of your choice).
   −
Modifiez le fichier '''slapd.conf''' également pour ajouter les include de schémas dont vous aller avoir besoin pour déclarer vos objets LDAP.
+
Modify file '''slapd.conf''' also to add includes of schemas you will need to declare your LDAP objects.
<source lang="ini">
+
<syntaxHighlight lang="ini">
 
include ./schema/core.schema
 
include ./schema/core.schema
 
include ./schema/cosine.schema
 
include ./schema/cosine.schema
 
include ./schema/inetorgperson.schema
 
include ./schema/inetorgperson.schema
 
include ./schema/nis.schema
 
include ./schema/nis.schema
</source>
+
</syntaxHighlight>
Redemarrez le service.
+
or add shemas with
 +
<syntaxHighlight lang="ini">
 +
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
 +
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
 +
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
 +
</syntaxHighlight>
 +
Restart the service.
   −
= Tester le serveur =
+
= Test server =
A l'aide d'un browser LDAP comme JXplorer, essayer de vous connecter au sevrer LDAP avec le user d'administration LDAP.
+
With a LDAP browser like [[wikipedia:JXplorer|JXplorer]], you can try to connect to your LDAP server using the admin LDAP user.
Les identifiants de connexion par défaut seront donc:
+
Credentials by default are:
 
* Server: Localhost
 
* Server: Localhost
 
* Port: 389
 
* Port: 389
* User: cn=Manager,dc=yourdomain,dc=com
+
* User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
 
* Password: secret
 
* Password: secret
* Base DN (optionnel): ne rien mettre ou mettre dc=yourdomain,dc=com
+
* Base DN (optionnel): keep empty or set dc=mydomain,dc=com
 +
 
 +
= Create your LDAP tree =
 +
Next step is to define information to store into your LDAP.
 +
 
 +
Create a file init.ldif with your organization. For example (take care to keep empty line between each block. With some LDAP, you may also need to create several files for each block):
 +
{{TemplateInitLDapDif}}
 +
 
 +
Execute file using the LDAP admin user:
 +
<syntaxHighlight lang="bash">
 +
ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret
 +
</syntaxHighlight>
 +
 
 +
= Create few users =
 +
 
 +
Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block):
 +
<syntaxHighlight lang="ini">
 +
# Some User
 +
dn: sn=someuser,ou=mypeople,dc=nodomain
 +
objectClass: inetOrgPerson
 +
objectClass: organizationalPerson
 +
objectClass: person
 +
objectClass: top
 +
cn: Some User
 +
sn: someuser
 +
mail: someuser@nodomain
 +
userPassword: {SSHA}hnP4gNK7SbgsAW3eTZYf23a4R7Ob19l2
 +
</syntaxHighlight>
   −
= Créer votre arbre LDAP =
+
Use '''slappasswd -s passwordtocrypt''' to generate a password.
L'étape suivante consiste à définir les informations à stocker dans l'annuaire LDAP et leur organisation.
     −
Créer un fichier init.ldif contenant votre organisation. Par exemple:
+
= Troubleshooting =
<source lang="ini">
+
With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error
# Organization
+
''Program version x.y doesn't match environment version''
dn: dc=mydomain,dc=com
  −
objectclass: dcObject
  −
objectclass: organization
  −
dc: mydomain
  −
o: Description of annuary
  −
description: The description of annuary
  −
# Setting up container for Users OU
  −
dn: ou=People,dc=mydomain,dc=com
  −
objectclass: top
  −
objectclass: organizationalUnit
  −
ou: People
  −
# Setting up container for groups
  −
dn: ou=Groups,dc=mydomain,dc=com
  −
objectclass: top
  −
objectclass: organizationalUnit
  −
ou: Groups
  −
</source>
     −
Executer le fichier avec le compte administrateur LDAP:
+
To confirm problem, go onto DOS under directory data of OpenLDAP and launch command
<source lang="bash">
+
<syntaxHighlight lang="bash">
ldapadd -f init.ldif -D "cn=Manager,dc=mydomain,dc=com" -w secret
+
..\db_stat -e
</source>
+
</syntaxHighlight>
 +
If message is the one described, launch repare of base with
 +
<syntaxHighlight lang="bash">
 +
..\db_recover
 +
</syntaxHighlight>
 +
Server should be able to start again.