The Go Blog

openldap

bantana
15 July 2015

intro

design

dc=aozsky, dc=com
|- ou=people
|    |- uid=user1
|    |- uid=user2
|- ou=groups
     |- cn=dev

dn: cn=admin, dc=aozsky, dc=com
dn: ou=people, dc=aozsky, dc=com
dn: ou=groups, dc=aozsky, dc=com
dn: cn=dev, ou=groups, dc=aozsky, dc=com

base dn:

dc=aozsky, dc=com

ldap administrator:

dn: cn=admin,dc=aozsky,dc=com

addgroup1.ldif:

dn: ou=people,dc=aozsky,dc=com
objectClass: organizationalUnit
ou: people

addgroup2.ldif:

dn: ou=groups,dc=aozsky,dc=com
objectClass: organizationalUnit
ou: groups

dev.groups.ldif:

dn: cn=dev,ou=groups,dc=aozsky,dc=com
objectClass: posixGroup
cn: dev
gidNumber: 5000

user1:

version: 1

dn: uid=user1,ou=people,dc=aozsky,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
cn: user1
gidNumber: 5000
homeDirectory: /home/user1
sn: User
uid: user1
uidNumber: 1000
displayName: user1
gecos: develop user
givenName: user1
loginShell: /bin/bash
userPassword: {SSHA}xGXadLyLB00NDzKywChJeIAdAsHXLogu

user2:

version: 1

dn: uid=user2,ou=people,dc=aozsky,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
cn: user2
gidNumber: 5000
homeDirectory: /home/user2
sn: User
uid: user2
uidNumber: 1001
displayName: user2
gecos: develop user
givenName: user2
loginShell: /bin/bash
userPassword: {SSHA}xGXadLyLB00NDzKywChJeIAdAsHXLogu

install

sudo apt-get install slapd ldap-utils
sudo dpkg-reconfigure slapd

usage

slappasswd:

$ slappasswd -s uh5xeith9Iejeejo
{SSHA}xGXadLyLB00NDzKywChJeIAdAsHXLogu

add ldif:

ldapadd -x -H ldap://localhost -D cn=admin,dc=aozsky,dc=com -W -f user1.ldif

ldapdelete:

ldapdelete -x -H ldap://localhost -D cn=admin,dc=aozsky,dc=com -W "uid=user1,ou=people,dc=aozsky,dc=com"

ldapsearch:

ldapsearch  -x -H ldap://localhost -D cn=admin,dc=aozsky,dc=com -W -b "uid=user1,ou=people,dc=aozsky,dc=com"

unix account

sudo apt-get install libpam-ldapd libnss-ldapd

sudo dpkg-reconfigure libnss-ldapd

sudo dpkg-reconfigure libpam-ldapd

/etc/pam.d/common-session:

session optional        pam_mkhomedir.so skel=/etc/skel umask=077

faq