Line 1:
Line 1:
+
<!-- BEGIN origin interlang links -->
+
<!-- You can edit this section but do NOT remove these comments
+
Links below will be automatically replicated on translated pages by PolyglotBot -->
+
[[fr:Installer_et_configurer_OpenLDAP]]
+
[[es:Instalar_y_configurar_OpenLDAP]]
+
<!-- END interlang links -->
+
[[Category:Admin]]
[[Category:Admin]]
−
{{ToTranslate}}
+
[[Category:Admin_en]]
−
Ce chapitre ne concerne pas Dolibarr. Il contient un exemple d'instructions pour installer un annuaire LDAP qui pourra éventuellement être interfacé avec Dolibarr.
+
+
This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.
= Install LDAP server =
= Install LDAP server =
Line 8:
Line 16:
Once this is done, you have an empty LDAP server launched as a service.
Once this is done, you have an empty LDAP server launched as a service.
−
= Configurer le serveur =
+
= Setup server =
−
Le DN racine, le user et le mot de passe de connexion sont décrits dans le fichier '''slapd.conf'''. Le port peut également l'etre, sinon il s'agit du port par défaut: 389.
+
For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server
+
+
Otherwise the DN root, user and password to connect may be available into:
+
* file '''slapd.conf'''. Port may also be into this file, if not, it is default port value: 389.
+
* file '''olcDatabase={1}hdb.ldif'''. Entry with login/pass are '''olcRootDN''' and '''olcRootPW'''.
−
Arrêtez le service
+
Stop the service
−
Modifiez le fichier '''slapd.conf''' pour utiliser votre nom de domaine (remplacement des dc=my-domain,dc=com par votre choix).
+
Modify file '''slapd.conf''' to use your domain name (replace all dc=my-domain,dc=com by value of your choice).
−
Modifiez le fichier '''slapd.conf''' également pour ajouter les include de schémas dont vous aller avoir besoin pour déclarer vos objets LDAP.
+
Modify file '''slapd.conf''' also to add includes of schemas you will need to declare your LDAP objects.
−
<source lang="ini">
+
<syntaxHighlight lang="ini">
include ./schema/core.schema
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/inetorgperson.schema
include ./schema/nis.schema
include ./schema/nis.schema
−
</source>
+
</syntaxHighlight>
−
Redemarrez le service.
+
or add shemas with
+
<syntaxHighlight lang="ini">
+
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
+
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
+
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
+
</syntaxHighlight>
+
Restart the service.
−
= Tester le serveur =
+
= Test server =
−
A l'aide d'un browser LDAP comme [[wikipedia:JXplorer|JXplorer]], essayer de vous connecter au sevrer LDAP avec le user d'administration LDAP.
+
With a LDAP browser like [[wikipedia:JXplorer|JXplorer]], you can try to connect to your LDAP server using the admin LDAP user.
−
Les identifiants de connexion par défaut seront donc:
+
Credentials by default are:
* Server: Localhost
* Server: Localhost
* Port: 389
* Port: 389
−
* User: cn=Manager,dc=yourdomain,dc=com
+
* User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
* Password: secret
* Password: secret
−
* Base DN (optionnel): ne rien mettre ou mettre dc=yourdomain,dc=com
+
* Base DN (optionnel): keep empty or set dc=mydomain,dc=com
+
+
= Create your LDAP tree =
+
Next step is to define information to store into your LDAP.
+
+
Create a file init.ldif with your organization. For example (take care to keep empty line between each block. With some LDAP, you may also need to create several files for each block):
+
{{TemplateInitLDapDif}}
+
+
Execute file using the LDAP admin user:
+
<syntaxHighlight lang="bash">
+
ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret
+
</syntaxHighlight>
+
+
= Create few users =
+
+
Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block):
+
<syntaxHighlight lang="ini">
+
# Some User
+
dn: sn=someuser,ou=mypeople,dc=nodomain
+
objectClass: inetOrgPerson
+
objectClass: organizationalPerson
+
objectClass: person
+
objectClass: top
+
cn: Some User
+
sn: someuser
+
mail: someuser@nodomain
+
userPassword: {SSHA}hnP4gNK7SbgsAW3eTZYf23a4R7Ob19l2
+
</syntaxHighlight>
−
= Créer votre arbre LDAP =
+
Use '''slappasswd -s passwordtocrypt''' to generate a password.
−
L'étape suivante consiste à définir les informations à stocker dans l'annuaire LDAP et leur organisation.
−
Créer un fichier init.ldif contenant votre organisation. Par exemple:
+
= Troubleshooting =
−
<source lang="ini">
+
With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error
−
# Organization
+
''Program version x.y doesn't match environment version''
−
dn: dc=mydomain,dc=com
−
objectclass: dcObject
−
objectclass: organization
−
dc: mydomain
−
o: Description of annuary
−
description: The description of annuary
−
# Setting up container for Users OU
−
dn: ou=People,dc=mydomain,dc=com
−
objectclass: top
−
objectclass: organizationalUnit
−
ou: People
−
# Setting up container for groups
−
dn: ou=Groups,dc=mydomain,dc=com
−
objectclass: top
−
objectclass: organizationalUnit
−
ou: Groups
−
</source>
−
Executer le fichier avec le compte administrateur LDAP:
+
To confirm problem, go onto DOS under directory data of OpenLDAP and launch command
−
<source lang="bash">
+
<syntaxHighlight lang="bash">
−
ldapadd -f init.ldif -D "cn=Manager,dc=mydomain,dc=com" -w secret
+
..\db_stat -e
−
</source>
+
</syntaxHighlight>
+
If message is the one described, launch repare of base with
+
<syntaxHighlight lang="bash">
+
..\db_recover
+
</syntaxHighlight>
+
Server should be able to start again.