LDAP or OpenLDAP Configuration in Debian
What is LDAP?
LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.
A directory is similar to a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be OK, as long as they get in sync eventually.
There are many different ways to provide a directory service. Different methods allow different kinds of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, how it is protected from unauthorized access, etc. Some directory services are local, providing service to a restricted context (e.g., the finger service on a single machine). Other services are global, providing service to a much broader context.
LDAP Installation in Debian
# apt-get install apt-get install ldap-server ldap-client
Which will install in fact
# apt-get install slapd ldap-utils
If you want to configure LDAP you need to edit /etc/ldap/slapd.conf file
Definition of base LDAP
suffix "dc=ruchi,dc=com"
rootdn "cn=admin,dc=ruchi,dc=com"
rootpw admin
#rootpw {SSHA}yaZf/SRMvP+glo/KI+fG1idsm7FimhuD
Access right management
access to attribute=userPassword
by dn="cn=admin,dc=ruchi,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=ruchi,dc=com" write
by * read
Now you need to restart the LDAP server using the following command
# /etc/init.d/slapd restart
Creating root for base LDAP
dn: dc=ruchi,dc=com
objectClass: dcObject
objectClass: organization
o: ruchi SAS
dc: ruchi
You need to add the below order to the root
ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f AjoutRacine.ldif
Creating a new card
You want to write AjoutRacine.ldif file you need to write the following card
dn: cn=tej baj,dc=ruchi,dc=com
objectClass: inetOrgPerson
cn: tej baj
givenName: tej
sn: baj
You need to add the below order to card
ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f AjoutFiche.ldif
Query LDAP databse
Order to post all the recordings of the base
ldapsearch -x -b "dc=ruchi,dc=com"
Order to seek a part of the recordings
ldapsearch -x -b "dc=ruchi,dc=com" "mail=tej*"
If you want to turn on all recording you need to enter the following order
ldapsearch -x -b "dc=ruchi,dc=com" "objectclass=*"
Modifying existing card
If you want to add telephone number to existing card ModifFiche.ldif
dn: cn=tej baj,dc=ruchi,dc=com
changetype: modify
add: telephonenumber
telephonenumber: 03 80 97 98 99
You need to enter the following order to modify the card
ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f ModifFiche.ldif
Remove an existing card
you need to write the file "SuppFiche.ldif" to remove a card
dn: cn=tej baj,dc=ruchi,dc=com
changetype: delete
You need to enter the following order to modify the card
ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f SuppFiche.ldif