Differences

This shows you the differences between two versions of the page.

--- tech:ubuntu_ldap [2011-10-13 09:26 (14 years ago)] – created ian
+++ tech:ubuntu_ldap [2011-10-13 11:37 (14 years ago)] (current) – Title update ian
@@ Line 1: / Line 1: @@
-====== Installing and Configuring OpenLDAP ======
+====== OpenLDAP: Installation and Configuration  ======
 Often it is advantageous to have authentication, security and application settings centralised for ease of management.  Microsoft provide Active Directory for Windows users and through the use of [[http://www.openldap.org/|OpenLDAP]], we can duplicate this behaviour in a cross-platform and open-source way.  An [[wp>LDAP|LDAP]] directory can be used to provide single sign-on for Linux, Windows, OSX and web-based applications as well as network authentication via [[wp>RADIUS|RADIUS]].
@@ Line 37: / Line 37: @@
 ===== Schema Creation =====
 A schema defines the objects and attributes in the LDAP database.  Depending on the applications we are going to hook into the directory, different schema files will be needed.
+<note important>LDIF files are sensitive to white space and may not import correctly if you simply copy and paste them from this page.  Please click on the header at the top of each file to download a copy in its original format instead.</note>
 Log on and become root:
@@ Line 47: / Line 49: @@
 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif</code>
-For each of the additional application schema definitions below, download the file to ''application.schema'' and then execute:
-<code>ldapadd -Y EXTERNAL -H ldapi:/// -f application.schema</code>
-If you would like to see which schema modifications are already loaded or verify that they have loaded correctly, type
-<code>ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn</code>
 ==== Sudo via LDAP ====
@@ Line 89: / Line 83: @@
  udoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )
 </file>
+Apply the schema modifications with the following command:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f sudo.ldif</code>
 ==== Password Policy ====
@@ Line 140: / Line 138: @@
   $ pwdAllowUserChange $ pwdSafeModify ) )
 </file>
+Apply the schema modifications with the following command:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicy.ldif</code>
 ==== Thunderbird Contacts ====
@@ Line 203: / Line 205: @@
  $ title ) )
 </file>
+Apply the schema modifications with the following command:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f mozillaAbPersonAlpha.ldif</code>
 ==== FreeRADIUS ====
@@ Line 406: / Line 412: @@
   top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) )
 </file>
+Apply the schema modifications with the following command:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f freeradius.ldif</code>
 ==== Pure FTP ====
@@ Line 411: / Line 421: @@
 To control [[http://www.pureftpd.org/|Pure-FTPd]] users, home directories, quotas, bandwidth, etc. via the directory, load the file below.  It was converted from the original, located in ''/usr/share/doc/pure-ftpd-common/pureftpd.schema'' on an Ubuntu system once the ''pure-ftpd-common'' package has been installed.
-<file ldif pureftpd.schema>
+<file ldif pureftpd.ldif>
 dn: cn=pureftpd,cn=schema,cn=config
 objectClass: olcSchemaConfig
@@ Line 447: / Line 457: @@
   $ FTPUploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) )
 </file>
+Apply the schema modifications with the following command:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f pureftpd.ldif</code>
 ==== SAMBA v3 ====
@@ Line 675: / Line 689: @@
  n $ description ) )
 </file>
+Apply the schema modifications with the following command:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f samba.ldif</code>
 ==== Apple OS X ====
@@ Line 1253: / Line 1271: @@
  otAfter ) )
 </file>
+Apply the schema modifications with the following commands:
+<code>ldapadd -Y EXTERNAL -H ldapi:/// -f apple_auxillary.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f apple.ldif</code>
 ===== Configuration =====
@@ Line 1358: / Line 1381: @@
 <code>ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif</code>
-The above command can be used with the files below to add the required application functionality into the database.
 ==== Sudo ====
@@ Line 1385: / Line 1406: @@
 sudoCommand: ALL
 </file>
+To import this file we must use the following command and enter the directory administrator's password when prompted:
+<code>ldapadd -x -D cn=admin,dc=example,dc=com -W -f sudo.apps.example.com.ldif</code>
 To improve the performance of sudoers lookups via LDAP, we must add an additional index:
@@ Line 1428: / Line 1453: @@
 pwdSafeModify: FALSE
 </file>
+To import this file we must use the following command and enter the directory administrator's password when prompted:
+<code>ldapadd -x -D cn=admin,dc=example,dc=com -W -f policies.example.com.ldif</code>
 To load the password policy overlay and point it to the default policy, we must download the following file:
@@ Line 1474: / Line 1503: @@
 uniquemember: uid=user1,ou=people,dc=example,dc=com
 </file>
+To import this file we must use the following command and enter the directory administrator's password when prompted:
+<code>ldapadd -x -D cn=admin,dc=example,dc=com -W -f mail.apps.example.com.ldif</code>
 To improve the performance of e-mail address lookups via LDAP, we must add an additional index:
@@ Line 1663: / Line 1696: @@
 objectClass: apple-configuration
 </file>
+To import this file we must use the following command and enter the directory administrator's password when prompted:
+<code>ldapadd -x -D cn=admin,dc=example,dc=com -W -f macosx.example.com.ldif</code>
 ===== Security =====
@@ Line 1761: / Line 1798: @@
 Examine the tail of ''/var/log/syslog'' for any errors or warnings being reported by the ''slapd'' process.
+If you would like to see which schema modifications have been loaded, type
+<code>ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn</code>
 ===== See Also =====
   * [[sigma:how_to]]
   * [[sigma:contact]]