====== ldap ======
open-ldap slapd ldap
http://www.zytrax.com/books/ldap/
===== InstalaciĆ³n =====
sudo aptitude install slapd ldap-utils
===== ldap.conf =====
sudo mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.bak
sudo vim /etc/ldap/ldap/ldap.conf
#
###### SAMPLE 1 - SIMPLE DIRECTORY ############
#
# NOTES: inetorgperson picks up attributes and objectclasses
# from all three schemas
#
# NB: RH Linux schemas in /etc/openldap
#
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
# NO SECURITY - no access clause
# defaults to anonymous access for read
# only rootdn can write
# NO REFERRALS
# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile /var/run/slapd.pid
# enable a lot of logging - we might need it
# but generates huge logs
loglevel 255
# MODULELOAD definitions
# not required (comment out) before version 2.3
moduleload back_bdb.la
# NO TLS-enabled connections
# backend definition not required
#######################################################################
# bdb database definitions
#
# replace example and com below with a suitable domain
#
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################
database bdb
suffix "dc=example, dc=com"
# root or superuser
rootdn "cn=jimbob, dc=example, dc=com"
rootpw dirtysecret
# The database directory MUST exist prior to running slapd AND
# change path as necessary
directory /srv/ldapdb
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
===== Arrancar ldap =====
No se por que demonios el '/etc/init.d/slpad start' me arranca malamente el demonio. Mejor hacerlo a mano (con mucho debug, con la opcion -d):
sudo /usr/sbin/slapd -f /etc/ldap/ldap.conf -g openldap -u openldap -h ldap://192.168.1.17 &
Comprobar que ha arrancado:
ps ax | grep ldap
9122 ? Ssl 0:00 /usr/sbin/slapd -f /etc/ldap/ldap.conf -g openldap -u openldap -h ldap://192.168.1.17
Para pararlo matar el proceso con kill
===== Insertar registro =====
1. Crear un archivo .ldif:
sudo vim /tmp/ejemplo1.ldif
Con el siguiente contenido:
## DEFINE DIT ROOT/BASE/SUFFIX ####
## uses RFC 2377 format
## replace example and com as necessary below
## or for experimentation leave as is
## dcObject is an AUXILLIARY objectclass and MUST
## have a STRUCTURAL objectclass (organization in this case)
# this is an ENTRY sequence and is preceded by a BLANK line
dn: dc=example,dc=com
dc: example
description: My wonderful company as much text as you want to place
in this line up to 32K continuation data for the line above must
have or i.e. ENTER works
on both Windows and *nix system - new line MUST begin with ONE SPACE
objectClass: dcObject
objectClass: organization
o: Example, Inc.
## FIRST Level hierarchy - people
## uses mixed upper and lower case for objectclass
# this is an ENTRY sequence and is preceded by a BLANK line
dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit
## SECOND Level hierarchy
## ADD a single entry under FIRST (people) level
# this is an ENTRY sequence and is preceded by a BLANK line
# the ou: Human Resources is the department name
dn: cn=Robert Smith,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Robert Smith
cn: Robert J Smith
cn: bob smith
sn: smith
uid: rjsmith
userpassword: rJsmitH
carlicense: HISCAR 123
homephone: 555-111-2222
mail: r.smith@example.com
mail: rsmith@example.com
mail: bob.smith@example.com
description: swell guy
ou: Human Resources
2. Insertar el registro:
ldapadd -H ldap://192.168.1.17 -x -D "cn=jimbob,dc=example,dc=com" -f /srv/example.ldif -w dirtysecret
===== Buscar registro =====
ldapsearch -H ldap://192.168.1.17 -LL -b ou=people,dc=example,dc=com "{mail=*smith*)" sn cn mail
Me ha salido bien antes, ahora no me furrula (quiza porque borre el registro
ldapsearch -xh 192.168.1.17 -b '' -s base subschemaSubentry