Line 1:
Line 1:
+
<!-- BEGIN origin interlang links -->
+
<!-- You can edit this section but do NOT remove these comments
+
Links below will be automatically replicated on translated pages by PolyglotBot -->
+
[[fr:Installer_et_configurer_OpenLDAP]]
+
[[es:Instalar_y_configurar_OpenLDAP]]
+
<!-- END interlang links -->
+
[[Category:Admin]]
[[Category:Admin]]
−
{{ToTranslate}}
+
[[Category:Admin_en]]
−
Ce chapitre ne concerne pas Dolibarr. Il contient un exemple d'instructions pour installer un annuaire LDAP qui pourra éventuellement être interfacé avec Dolibarr.
+
+
This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.
= Install LDAP server =
= Install LDAP server =
Line 9:
Line 17:
= Setup server =
= Setup server =
−
The DN root, user and password to connect are available into file '''slapd.conf'''. Port may also be into this file, if not, it is default port value: 389.
+
For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server
+
+
Otherwise the DN root, user and password to connect may be available into:
+
* file '''slapd.conf'''. Port may also be into this file, if not, it is default port value: 389.
+
* file '''olcDatabase={1}hdb.ldif'''. Entry with login/pass are '''olcRootDN''' and '''olcRootPW'''.
Stop the service
Stop the service
Line 16:
Line 28:
Modify file '''slapd.conf''' also to add includes of schemas you will need to declare your LDAP objects.
Modify file '''slapd.conf''' also to add includes of schemas you will need to declare your LDAP objects.
−
<source lang="ini">
+
<syntaxHighlight lang="ini">
include ./schema/core.schema
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/inetorgperson.schema
include ./schema/nis.schema
include ./schema/nis.schema
−
</source>
+
</syntaxHighlight>
+
or add shemas with
+
<syntaxHighlight lang="ini">
+
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
+
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
+
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
+
</syntaxHighlight>
Restart the service.
Restart the service.
−
= Tester le serveur =
+
= Test server =
−
A l'aide d'un browser LDAP comme [[wikipedia:JXplorer|JXplorer]], essayer de vous connecter au sevrer LDAP avec le user d'administration LDAP.
+
With a LDAP browser like [[wikipedia:JXplorer|JXplorer]], you can try to connect to your LDAP server using the admin LDAP user.
−
Les identifiants de connexion par défaut seront donc:
+
Credentials by default are:
* Server: Localhost
* Server: Localhost
* Port: 389
* Port: 389
−
* User: cn=Manager,dc=yourdomain,dc=com
+
* User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
* Password: secret
* Password: secret
−
* Base DN (optionnel): ne rien mettre ou mettre dc=yourdomain,dc=com
+
* Base DN (optionnel): keep empty or set dc=mydomain,dc=com
+
+
= Create your LDAP tree =
+
Next step is to define information to store into your LDAP.
+
+
Create a file init.ldif with your organization. For example (take care to keep empty line between each block. With some LDAP, you may also need to create several files for each block):
+
{{TemplateInitLDapDif}}
+
+
Execute file using the LDAP admin user:
+
<syntaxHighlight lang="bash">
+
ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret
+
</syntaxHighlight>
+
+
= Create few users =
+
+
Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block):
+
<syntaxHighlight lang="ini">
+
# Some User
+
dn: sn=someuser,ou=mypeople,dc=nodomain
+
objectClass: inetOrgPerson
+
objectClass: organizationalPerson
+
objectClass: person
+
objectClass: top
+
cn: Some User
+
sn: someuser
+
mail: someuser@nodomain
+
userPassword: {SSHA}hnP4gNK7SbgsAW3eTZYf23a4R7Ob19l2
+
</syntaxHighlight>
−
= Créer votre arbre LDAP =
+
Use '''slappasswd -s passwordtocrypt''' to generate a password.
−
L'étape suivante consiste à définir les informations à stocker dans l'annuaire LDAP et leur organisation.
−
Créer un fichier init.ldif contenant votre organisation. Par exemple:
+
= Troubleshooting =
−
<source lang="ini">
+
With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error
−
# Organization
+
''Program version x.y doesn't match environment version''
−
dn: dc=mydomain,dc=com
−
objectclass: dcObject
−
objectclass: organization
−
dc: mydomain
−
o: Description of annuary
−
description: The description of annuary
−
# Setting up container for Users OU
−
dn: ou=People,dc=mydomain,dc=com
−
objectclass: top
−
objectclass: organizationalUnit
−
ou: People
−
# Setting up container for groups
−
dn: ou=Groups,dc=mydomain,dc=com
−
objectclass: top
−
objectclass: organizationalUnit
−
ou: Groups
−
</source>
−
Executer le fichier avec le compte administrateur LDAP:
+
To confirm problem, go onto DOS under directory data of OpenLDAP and launch command
−
<source lang="bash">
+
<syntaxHighlight lang="bash">
−
ldapadd -f init.ldif -D "cn=Manager,dc=mydomain,dc=com" -w secret
+
..\db_stat -e
−
</source>
+
</syntaxHighlight>
+
If message is the one described, launch repare of base with
+
<syntaxHighlight lang="bash">
+
..\db_recover
+
</syntaxHighlight>
+
Server should be able to start again.