Difference between revisions of "Install and configure OpenLDAP"
| Line 45: | Line 45: | ||
Next step is to define information to store into your LDAP. | Next step is to define information to store into your LDAP. | ||
| − | Create a file | + | Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block): |
<source lang="ini"> | <source lang="ini"> | ||
# Organization | # Organization | ||
Revision as of 11:40, 3 January 2017
This chapter is not related to Dolibarr iself. It contains a tutorial to install a LDAP annuary that could be linked with Dolibarr.
Install LDAP server
- With Ubuntu or Debian, install package slapd and ldap.
- With Windows, you can use the install program of OpenLDAP.
Once this is done, you have an empty LDAP server launched as a service.
Setup server
For Ubuntu, see page http://doc.ubuntu-fr.org/openldap-server
Otherwise the DN root, user and password to connect may be available into:
- file slapd.conf. Port may also be into this file, if not, it is default port value: 389.
- file olcDatabase={1}hdb.ldif. Entry with login/pass are olcRootDN and olcRootPW.
Stop the service
Modify file slapd.conf to use your domain name (replace all dc=my-domain,dc=com by value of your choice).
Modify file slapd.conf also to add includes of schemas you will need to declare your LDAP objects.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/nis.schema
or add shemas with
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
Restart the service.
Test server
With a LDAP browser like JXplorer, you can try to connect to your LDAP server using the admin LDAP user. Credentials by default are:
- Server: Localhost
- Port: 389
- User: cn=admin,dc=example,dc=com or cn=Manager,dc=example,dc=com or cn=admin,dc=nodomain
- Password: secret
- Base DN (optionnel): keep empty or set dc=mydomain,dc=com
Create your LDAP tree
Next step is to define information to store into your LDAP.
Create a file inituser.ldif with your organization. For example (take care to keep empty line between each block):
# Organization
dn: dc=mydomain,dc=com
objectclass: dcObject
objectclass: organization
dc: mydomain
o: Description of annuary
description: The description of annuary
# Setting up container for Users OU
dn: ou=People,dc=mydomain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
# Setting up container for Groups OU
dn: ou=Groups,dc=mydomain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Groups
Execute file using the LDAP admin user:
ldapadd -f init.ldif -D "cn=Manager,dc=mydomain,dc=com" -w secret
or
ldapadd -f init.ldif -D "cn=admin,dc=mydomain,dc=com" -w secret
== Create few users
Create a file init.ldif with your organization. For example (take care to keep empty line between each block):
# Some User
dn: uniqueIdentifier=some.user,ou=people,dc=example,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: PostfixBookMailAccount
objectClass: extensibleObject
cn: Some User
givenName: User
mail: some.user@example.com
mailEnabled: TRUE
sn: Some
uniqueIdentifier: some.user
userPassword: {SSHA}Ifz0oceGr1wwBP1BtBduPLTVbo6A2Qkd
Use slappasswd to generate a password.
Troubleshooting
With Windows, it server is stop suddenly, restart of OpenLDAP may fails with error Program version x.y doesn't match environment version
To confirm problem, go onto DOS under directory data of OpenLDAP and launch command
..\db_stat -e
If message is the one described, launch repare of base with
..\db_recover
Server should be able to start again.