Categories
Uncategorised

Configure and Populate LDAP Service in Apache Directory Server

Here we document the steps required to configure Apache Directory Server for Project Potato. This guide is a follow on from an earlier post: Install Apache Directory Server on Ubuntu 16.04

Firstly we need to get the LDAP server running on standard port 389, create a partition to store our user and group information and enable the NIS schema.

Open Directory Studio by opening a terminal and changing directory into the extracted archive. In my case it is: ~/Downloads/ApacheDirectoryStudio

To start Directory Studio execute the following from the shell

./ApacheDirectoryStudio &
  • Close the Welcome tab, then in the ‘Connections’ pane, ‘Right Click’ and select ‘New Connection’
  • Enter a Connection Name, Hostname is: localhost, Port is: 10389
  • Click ‘Check Network Parameter’ and if all went well should return ‘The connection was established successfuly’
  • Click ‘Next’, Authentication Method is: Simple Authentication, Bind DN is: uid=admin,ou=system, Bind Password is: secret, Click ‘Check Authentication’, Click ‘Finish’
  • Now we are in, right click our newly created connection and select ‘Open Configuration’
  • In the Configuration pane click the ‘LDAP/LDAPS Servers’ tab, then make sure that ‘Enable LDAP Server’ is checked, change ‘Port’ to 389 (this is only possible because we are running this service as root). Optionally you can change ‘Address’ to an IP interface on your system. The default of 0.0.0.0 means listen on all available IP addresses. Optionally uncheck ‘Enable LDAPS Server’
  • In the Configuration pane click the ‘Partitions’ tab, then click the ‘Add’ button, ‘Partition Type’ is JDBM, ‘ID’ is whatever you like but keep it short,  ‘Suffix’ is usually your domain name split into domain components. In my case this might be: ‘dc=fukr,dc=org,dc=uk’ or an organizational unit: ‘ou=potato’
  • Save your configuration by clicking ‘File’ on the menu bar, the click ‘Save’
  • In the DIT(directory information tree) browse to ou=schema->cn=nis and modify the ‘m-disabled’ attribute to FALSE
  • Exit Apache Directory Studio’ and restart the service by issuing 
    sudo /etc/init.d/apacheds-2.0.0-M23-default restart

    at the terminal

  • When you restart Apache Directory Studio, modify the port setting from 10389 to 389 in the LDAP connection that you created. Close the ‘Properties’ dialog then double click the LDAP connection that you created you should see the partition that you created.
  • Now it’s time to add some content to our directory. First we create an ‘ou’ called ‘people’ under your partition.
  • Right click our partition and select ‘New’->’New entry’
  • Select ‘Create entry from scratch’
  • Click ‘next’ then add ‘organizationalUnit’ from the list of available objectClasses
  • Click ‘Next’, then In the ‘RDN’ field, select ‘ou’ and set it’s value to ‘people’
  • Click ‘Next’, then click ‘Finish
  • Next we create an ‘ou’ called ‘groups’ under your partition.
  • Right click our partition and select ‘New’->’New entry’ hen select ‘Create entry from scratch’
  • Click ‘next’\n * Add ‘organizationalUnit’ from the list of available objectClasses
  • Click ‘Next’ then in the ‘RDN’ field, select ‘ou’ and set it’s value to ‘groups’
  • Click ‘Next’ then click ‘Finish’
  • Now lets add a group. Right click our ‘groups’ ou and select ‘New’->’New entry’ then select ‘Create entry from scratch’
  • Click ‘next’ and add ‘posixGroup’ from the list of available objectClasses (you may need to refresh the available objectClasses)
  • Click ‘Next’ then in the ‘RDN’ field, select ‘cn’ and set it’s value to ‘net-users’
  • Click ‘Next’ then in the ‘Integer Editor’ give the group an id number. I start at 5000 so as it wont clash with the built in groups on client operating systems, then click ‘Finish’
  • Now lets add a user. Right click our ‘people’ ou and select ‘New’->’New entry’ then select ‘Create entry from scratch’
  • Click ‘next’ then add ‘inetOrgPerson,posixAccount,shadowAccount’ from the list of available objectClasses
  • Click ‘Next’ then in the ‘RDN’ field, select ‘uid’ and set it’s value to ‘testuser’
  • Click ‘Next’ then set the following attribute values to:
    ‘cn’ = testuser
    ‘gidNumber’ = 5000
    ‘homeDIrectory’ = /home/testuser
    ‘sn’ = YourLastName
    ‘uidNumber’ = 10001
  • Then click ‘Finish’
  • Select the newly created user object in the DIT and right click in the blank space in the pane to the right of the DIT and select ‘New Attribute’
  • Set ‘Attribute Type’ to userPassword
  • Click ‘Finish’ and in the ‘Password Editor’, set a good password. Other attributes can be added too eg. gecos(set this to full name), givenName(set this to first name)
  • Select the group object called net-users in the DIT and right click in the blank space in the pane to the right of the DIT and select ‘New Attribute’ and set ‘Attribute Type’ to ‘memberUid’
  • Click ‘Finish’ then set the memberUid value to the value of the uidNumber that you set for the user object that you created in the last step

That was quite a long winded post but that is mainly because of trying to describe what to do in a GUI. This can probably be completed in five minutes. I’ll make a recording of a desktop session and link it here later.