Difference between revisions of "Install and configure OpenLDAP"

From Dolibarr ERP CRM Wiki
Jump to navigation Jump to search
Visual
m
Tag: 2017 source edit
 
(36 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
<!-- BEGIN origin interlang links -->
 +
<!-- You can edit this section but do NOT remove these comments
 +
    Links below will be automatically replicated on translated pages by PolyglotBot -->
 +
[[fr:Installer_et_configurer_OpenLDAP]]
 +
[[es:Instalar_y_configurar_OpenLDAP]]
 +
<!-- END interlang links -->
 +
 
[[Category:Admin]]
 
[[Category:Admin]]
{{ToTranslate}}
+
[[Category:Admin_en]]
Ce chapitre ne concerne pas Dolibarr. Il contient un exemple d'instructions pour installer un annuaire LDAP qui pourra éventuellement être interfacé avec Dolibarr.
+
 
 +
This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.
 +
 
 +
= Install LDAP server =
 +
* With Ubuntu or Debian, install package slapd and ldap.
 +
* With Windows, you can use the install program of OpenLDAP.
 +
Once this is done, you have an empty LDAP server launched as a service.
  
= Installer le serveur LDAP =
+
= Setup server =
* Sous Ubuntu ou Debian, installer le package ldap.
+
For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server
* Sous Windows, vous pouvez utiliser le programme d'installation OpenLDAP Windows.
 
Une fois cette opération faite, vous disposez d'un serveur LDAP vierge lancé en tant que service.
 
  
= Configurer le serveur =
+
Otherwise the DN root, user and password to connect may be available into:
Le DN racine, le user et le mot de passe de connexion sont décrits dans le fichier '''slapd.conf'''. Le port peut également l'etre, sinon il s'agit du port par défaut: 389.
+
* file '''slapd.conf'''. Port may also be into this file, if not, it is default port value: 389.
 +
* file '''olcDatabase={1}hdb.ldif'''. Entry with login/pass are '''olcRootDN''' and '''olcRootPW'''.
  
Arrêtez le service
+
Stop the service
  
Modifiez le fichier '''slapd.conf''' pour utiliser votre nom de domaine (remplacement des dc=my-domain,dc=com par votre choix).
+
Modify file '''slapd.conf''' to use your domain name (replace all dc=my-domain,dc=com by value of your choice).
  
Modifiez le fichier '''slapd.conf''' également pour ajouter les include de schémas dont vous aller avoir besoin pour déclarer vos objets LDAP.
+
Modify file '''slapd.conf''' also to add includes of schemas you will need to declare your LDAP objects.
<source lang="ini">
+
<syntaxHighlight lang="ini">
 
include ./schema/core.schema
 
include ./schema/core.schema
 
include ./schema/cosine.schema
 
include ./schema/cosine.schema
 
include ./schema/inetorgperson.schema
 
include ./schema/inetorgperson.schema
 
include ./schema/nis.schema
 
include ./schema/nis.schema
</source>
+
</syntaxHighlight>
Redemarrez le service.
+
or add shemas with
 +
<syntaxHighlight lang="ini">
 +
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
 +
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
 +
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
 +
</syntaxHighlight>
 +
Restart the service.
  
= Tester le serveur =
+
= Test server =
A l'aide d'un browser LDAP comme [[wikipedia:JXplorer|JXplorer]], essayer de vous connecter au sevrer LDAP avec le user d'administration LDAP.
+
With a LDAP browser like [[wikipedia:JXplorer|JXplorer]], you can try to connect to your LDAP server using the admin LDAP user.
Les identifiants de connexion par défaut seront donc:
+
Credentials by default are:
 
* Server: Localhost
 
* Server: Localhost
 
* Port: 389
 
* Port: 389
* User: cn=Manager,dc=yourdomain,dc=com
+
* User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
 
* Password: secret
 
* Password: secret
* Base DN (optionnel): ne rien mettre ou mettre dc=yourdomain,dc=com
+
* Base DN (optionnel): keep empty or set dc=mydomain,dc=com
 +
 
 +
= Create your LDAP tree =
 +
Next step is to define information to store into your LDAP.
 +
 
 +
Create a file init.ldif with your organization. For example (take care to keep empty line between each block. With some LDAP, you may also need to create several files for each block):
 +
{{TemplateInitLDapDif}}
 +
 
 +
Execute file using the LDAP admin user:
 +
<syntaxHighlight lang="bash">
 +
ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret
 +
</syntaxHighlight>
 +
 
 +
= Create few users =
 +
 
 +
Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block):
 +
<syntaxHighlight lang="ini">
 +
# Some User
 +
dn: sn=someuser,ou=mypeople,dc=nodomain
 +
objectClass: inetOrgPerson
 +
objectClass: organizationalPerson
 +
objectClass: person
 +
objectClass: top
 +
cn: Some User
 +
sn: someuser
 +
mail: someuser@nodomain
 +
userPassword: {SSHA}hnP4gNK7SbgsAW3eTZYf23a4R7Ob19l2
 +
</syntaxHighlight>
  
= Créer votre arbre LDAP =
+
Use '''slappasswd -s passwordtocrypt''' to generate a password.
L'étape suivante consiste à définir les informations à stocker dans l'annuaire LDAP et leur organisation.
 
  
Créer un fichier init.ldif contenant votre organisation. Par exemple:
+
= Troubleshooting =
<source lang="ini">
+
With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error
# Organization
+
''Program version x.y doesn't match environment version''
dn: dc=mydomain,dc=com
 
objectclass: dcObject
 
objectclass: organization
 
dc: mydomain
 
o: Description of annuary
 
description: The description of annuary
 
# Setting up container for Users OU
 
dn: ou=People,dc=mydomain,dc=com
 
objectclass: top
 
objectclass: organizationalUnit
 
ou: People
 
# Setting up container for groups
 
dn: ou=Groups,dc=mydomain,dc=com
 
objectclass: top
 
objectclass: organizationalUnit
 
ou: Groups
 
</source>
 
  
Executer le fichier avec le compte administrateur LDAP:
+
To confirm problem, go onto DOS under directory data of OpenLDAP and launch command
<source lang="bash">
+
<syntaxHighlight lang="bash">
ldapadd -f init.ldif -D "cn=Manager,dc=mydomain,dc=com" -w secret
+
..\db_stat -e
</source>
+
</syntaxHighlight>
 +
If message is the one described, launch repare of base with
 +
<syntaxHighlight lang="bash">
 +
..\db_recover
 +
</syntaxHighlight>
 +
Server should be able to start again.

Latest revision as of 12:00, 2 June 2021


This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.

Install LDAP server

  • With Ubuntu or Debian, install package slapd and ldap.
  • With Windows, you can use the install program of OpenLDAP.

Once this is done, you have an empty LDAP server launched as a service.

Setup server

For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server

Otherwise the DN root, user and password to connect may be available into:

  • file slapd.conf. Port may also be into this file, if not, it is default port value: 389.
  • file olcDatabase={1}hdb.ldif. Entry with login/pass are olcRootDN and olcRootPW.

Stop the service

Modify file slapd.conf to use your domain name (replace all dc=my-domain,dc=com by value of your choice).

Modify file slapd.conf also to add includes of schemas you will need to declare your LDAP objects. 

include		./schema/core.schema
include		./schema/cosine.schema
include		./schema/inetorgperson.schema
include		./schema/nis.schema

or add shemas with 

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

Restart the service.

Test server

With a LDAP browser like JXplorer, you can try to connect to your LDAP server using the admin LDAP user. Credentials by default are:

  • Server: Localhost
  • Port: 389
  • User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
  • Password: secret
  • Base DN (optionnel): keep empty or set dc=mydomain,dc=com

Create your LDAP tree

Next step is to define information to store into your LDAP.

Create a file init.ldif with your organization. For example (take care to keep empty line between each block. With some LDAP, you may also need to create several files for each block): 

# Organization
# 2 new lines or end of file after field description
dn: dc=mydomain,dc=com
objectclass: dcObject
objectclass: organization
dc: mydomain
o: Label of mydomain
description: Description for mydomain container


# Setting up container for Users OU
# 2 new lines or end of file after field description
dn: ou=mypeople,dc=mydomain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: mypeople
description: Description for mypeople container


# Setting up container for groups
# 2 new lines or end of file after field description
dn: ou=mygroups,dc=mydomain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: mygroups
description: Description for mygroups container

Execute file using the LDAP admin user: 

ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret

Create few users

Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block): 

# Some User
dn: sn=someuser,ou=mypeople,dc=nodomain
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Some User
sn: someuser
mail: someuser@nodomain
userPassword: {SSHA}hnP4gNK7SbgsAW3eTZYf23a4R7Ob19l2

Use slappasswd -s passwordtocrypt to generate a password.

Troubleshooting

With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error Program version x.y doesn't match environment version

To confirm problem, go onto DOS under directory data of OpenLDAP and launch command 

..\db_stat -e

If message is the one described, launch repare of base with 

..\db_recover

Server should be able to start again.

Retrieved from "https://wiki.dolibarr.org/index.php?title=Install_and_configure_OpenLDAP&oldid=50779"