Omldapsync HowTo - Seven
Contents
Appendix D - OpenLDAP
Installing OpenLDAP The majority of readers interested in the OpenLDAP portions of this document will have an OpenLDAP Server already functioning in their production environment; sometimes, however, it's nice to set up a lab machine for testing or proof of concept. This section will step you through installing a minimal OpenLDAP Server on Ubuntu.
This document was written for OpenLDAP version 2.3.35 running on Ubuntu 7.10 (Gutsy Gibbon) on an X86 laptop. The information should be applicable to other platforms and versions, within reason.
Getting the Software
Install the slapd package via Synaptic (System -> Administration -> Synaptic Package Manager) or apt-get (apt-get install slapd).
Start and stopping OpenLDAP
/etc/init.d/slapd start /etc/init.d/slapd start /etc/init.d/slapd restart
Configuration
Configuration information is generally stored in /etc/ldap/slapd.conf though some OpenLDAP servers use /etc/openldap/slapd.conf.
You'll need to update the following lines in slapd.conf:
suffix "dc=mydomain,dc=net"
rootdn "cn=admin,dc=mydomain,dc=net"
rootpw {SSHA}EGBbPLdQg0o5RoUQBwIQBkymApuC/YFa
directory "/var/lib/ldap/mydomain"
You can define multiple databases but each must have its own directory, they can't all share one directory.
The encrypted rootpw is created by running slappasswd; to create an encryption of the password "secret" you'd run:
# slappasswd -s secret
{SSHA}91EpYZ0u6luAaVB4Q08TdrmhDfGVg8Hy
Schema
The schema definition is stored in multiple files in the etc/ldap/schema directory.
If your schema files are not in this location, check your slapd.conf file to see where they are located.
Inital Population of the Database
You can easily set up a basic structure with an LDIF file similar to the one below:
# cat init.ldif dn: dc=mydomain,dc=net objectClass: dcObject objectClass: organizationalUnit dc: mydomain ou: MyDomain Dot Net dn: ou=people,dc=mydomain,dc=net objectClass: organizationalUnit ou: people dn: ou=groups,dc=mydomain,dc=net objectClass: organizationalUnit ou: groups
Then add these values with an ldapadd command:
# ldapadd -x -D cn=admin,dc=mydomain,dc=net -w secret -f init.ldif
Appendix E - Sun ONE Directory Server
Installing Sun ONE Directory Server The majority of readers interested in the Sun ONE portions of this document will have a Sun ONE Directory Server already functioning in their production environment; sometimes, however, it's nice to set up a lab machine for testing or proof of concept. This section will step you through installing a minimal Sun ONE Directory Server.
This document was written for Sun ONE Directory Server version 5.2 P6 2005Q4 running on Solaris 10 on an X86 laptop. The information should be applicable to other platforms and versions, within reason. System Requirements The Sun ONE Directory Server is available for the following OS: Solaris 9 and 10 Red Had Enterprise Linux Advanced Server (AS) 3 and 4 HP-UX 11.11 (PA-RISC) Microsoft Windows 2000 Server and Advanced Server Microsoft Windws Server 2003 Standard Edition and Enterprise Edition
You will need 400 Gb of disk space.
More specification information is available from the vendor at http://www.sun.com/software/products/directory_srvr_ee/specs.jsp
Getting the Software To get the software, go to Sun's download page at http://www.sun.com/download/index.jsp Under "Identity Management", select "Directory Server" Click to download "Directory Server" Click "Download Now" Step 1: Select Component - Directory Server Step 2: Select Version - 5 2005Q4 (5.2 P6) Step 3: Select Delivery Type - Native Package (PKG) Note - only patches are available for X86 in ZIP format Step 4: Select Platform - Solaris 10 X86 Click "View Downloads"
Download and Install the System Patches Download On the web page listing your selection results, select one of the System Patches; you will get an error in a new browser window because you are not logged in. Login (register if you have not yet done so). Go back to the original window and select the patch again. Select "Download Patch: HTTP" and save to disk; save in /var/spool/patch. Download all the patches in this manner.
Install For each patch, uncompress as follows: unzip patchname.zip For example: unzip 119811-04.zip This will create a directory named patchname, for example 119811-04.
Add the patch: patchadd /var/spool/patch/119811-04 Download and Install Directory Server On the web page listing your selection results, click "Base Full Install for Directory Server 5 2005Q4". This will launch Sun's Download Center. Accept the License Agreement, then select the following components. Be careful when using the "check all" box in any section; it will select all the boxes in another section as well.
Solaris x86 Platform - Sun Java Identity Management Suite - Solaris X86 Platform Sun Java TM Directory Server (java_es_05Q4_directory-ga-solaris-x86.zip)
Click the orange button that says "Download selected with Sun Download Manager" If you are presented with a dialog box asking if you want to save to disk or open with Sun Java 5.0 Web Start, choose to open with Sun Java 5.0 Web Start.
If the zip file does not self-extract, uncompress it with the following command: unzip java_es_05Q4_directory-ga-solaris-x86.zip
The Sun Java System Directory Server 5 2005Q4 is actually a portion of the Sun Java Enterprise System, so we will be installing the Enterprise System and only selecting the System Directory Server component. You must be root to install the Sun Java Enterprise System.
cd java_es_05Q4_directory/Solaris_x86 ./installer -nodisplay
Read and accept the license agreement.
Select which language(s) you want installed.
Installation Type - when prompted "Do you want to install the full set of Sun Java(TM) Enterprise System Products and Services?" answer no.
Select Sun Java(TM) System Directory Server 5 2005Q4 (option 3)
Press Enter to accept the list of applications that the installer will install.
If prompted to upgrade the J2SE(TM) Software Development Kit, choose the automatic update option.
Accept the default location for the installation directories when prompted.
Select 1 to continue the installation.
Select 1 to configure now.
Answer the questions when prompted, making a note of the Server admin User ID (default "admin") and password, DN (default "cn=Directory Manager") and password.
When prompted about how you would like to populate the directory server with data, if you select 1 or 3, sample data will be automatically loaded. If you select 2 or 3, you must have an LDIF file on disk from which data can be loaded.
After answering all the questions, select 1 to Install the Java Enterprise System Directory Server.
View the installation summary and verify everything is correct.
Download Directory Server patch Note: This is only necessary if you have an older installation of Sun ONE Directory Server and need to update it. If you have just completed the full installation, you will be up to date and no patches are required.
On the web page listing your selection results, click "Directory Server 5 2005Q4 (5.2 Pg) PKG Patch". Select "Download Patch: HTTP" and save to disk. Uncompress as follows: unzip patchname.zip For example: unzip 115615-28.zip This will create a directory named patchname, for example 115615-28.
Add the patch: patchadd /var/spool/patch/115615-28
About the Directory Server
Start and stopping the server
Both of these scripts must run with the same UID and GID as the Directory Server. For example, if the Directory Server runs as nobody, you must run the start-slapd and stop-slapd utilities as nobody.
/usr/sbin/directoryserver start or ServerRoot/slapd-serverID/start-slapd (example: /var/opt/mps/serverroot/slapd-fubar/start-slapd)
/usr/sbin/directoryserver stop or ServerRoot/slapd-serverID/stop-slapd (example: /var/opt/mps/serverroot/slapd-fubar/stop-slapd)
Getting Around Configuration Configuration information is stored in the following file: ServerRoot/slapd-serverID/config/dse.ldif example: /var/opt/mps/serverroot/slapd-fubar/config/dse.ldif As the filename suggests, it is in LDAP Data Interchange Format (LDIF). Schema The schema definition is stored in multiple files in the following directory: ServerRoot/slapd-serverID/config/schema example: /var/opt/mps/serverroot/slapd-fubar/config/schema These files are in the LDAP Data Interchange Format (LDIF).
