Loading
OpenLDAP Everywhere
Step-by-step instructions for sharing e-mail directories, having a unified login and sharing files in a mixed environment.
LDAP can be seen as a tree, with foo.com at the trunk. Branches are created as organizational units (ou), as shown in Figure 2.
Figure 2. Organizational units are branches on the LDAP tree.
Each entry in the directory is uniquely identified with a distinguished name (dn). The dn for the LDAP manager looks like dn: cn=manager, dc=foo, dc=com.
The ou provides a method for grouping entries, as shown in Table 1.
Table 1. ou Method for Grouping Entries
We create the individual entries in LDIF (LDAP Interchange Format) and save them to top.ldif:
dn: dc=foo, dc=com objectclass: dcObject objectclass: organization o: Foo Company dc: foo dn: cn=manager, dc=foo, dc=com objectclass: organizationalRole cn: manager dn: ou=people, dc=foo, dc=com ou: people objectclass: organizationalUnit objectclass: domainRelatedObject associatedDomain: foo.com dn: ou=contacts, ou=people, dc=foo, dc=com ou: contacts ou: people objectclass: organizationalUnit objectclass: domainRelatedObject associatedDomain: foo.com dn: ou=group, dc=foo, dc=com ou: group objectclass: organizationalUnit objectclass: domainRelatedObject
Add the top-level entries to the directory with ldapadd:
ldapadd -x -D 'cn=manager,dc=foo,dc=com' -W \ -f top.ldifThen, test your work with ldapsearch to retrieve all entries:
ldapsearch -x -b 'dc=foo,dc=com'
At this point, we have enough structure in LDAP to put it to real use. We'll start by sharing our e-mail contacts, which also should be in LDIF.
To simplify the process, you may be able to export your e-mail address book in LDIF. For example, in Mozilla 1.0, you can export in LDIF from the Tools menu on the address book window. Microsoft Outlook Express also allows exporting the address book in LDIF. You will need to process the resulting file so it looks like our contacts example below; I suggest using Perl for the task.
Contacts are uniquely identified by their e-mail addresses. Here is the dn for a sample contact:
dn: uid=someone@somewhere.com,ou=contacts,
ou=people, dc=foo,dc=com
With all of the attributes, the full entry for a contact looks like:
dn: uid=someone@somewhere.com,ou=contacts,
ou=people, dc=foo,dc=com
cn: Someone Youknow
mail:
uid:
givenname: Someone
sn: Youknow
objectclass: person
objectClass: top
objectClass: inetOrgPerson
Separate each contact entry with a blank line, and save it to a
file called contacts.ldif. Then you can add the contacts to the
directory with ldapadd:
ldapadd -x -D 'cn=manager,dc=foo,dc=com' -W \ -f contacts.ldifOnce again, test your work with an ldapsearch that retrieves all entries:
ldapsearch -x -b 'dc=foo,dc=com'
Now it's time to configure Mozilla to use the new LDAP server (see Figure 3).
Figure 3. Directory Server Properties Dialog Box in Mozilla
From the Edit menu in the Mozilla Mail and News window, select Mail & Newsgroup Account Setting. In the Addressing tab, select Use a different LDAP server, then select Edit Directories and then Add. Fill in the Directory Server Properties dialog with:
Name: FOO Server: ldapserver.foo.com base DN: ou=people,dc=foo,dc=com
Next, tell Mozilla to look up addresses in your directory. Under Addressing in the Mail and Newsgroups preferences, select Address Autocompletion and fill in FOO for Directory Server.
Test your settings by composing a message to one of your contacts in your LDAP directory. The address should autocomplete as you type. Another test is to search the LDAP directory from within the Mozilla Mail Address Book. A search for Name or E-mail that contains * should return all of the contact entries. Similarly, you can also configure Microsoft Outlook Express to use the LDAP directory.
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Designing Electronics with Linux
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- Validate an E-Mail Address with PHP, the Right Way
- Linux Systems Administrator
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Reply to comment | Linux Journal
20 min 8 sec ago - Dynamic DNS
54 min 11 sec ago - Reply to comment | Linux Journal
1 hour 52 min ago - Reply to comment | Linux Journal
2 hours 42 min ago - Not free anymore
6 hours 44 min ago - Great
10 hours 32 min ago - Reply to comment | Linux Journal
10 hours 40 min ago - Understanding the Linux Kernel
12 hours 54 min ago - General
15 hours 24 min ago - Kernel Problem
1 day 1 hour ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Featured Jobs
| Linux Systems Administrator | Houston and Austin, Texas | Host Gator |
| Senior Perl Developer | Austin, Texas | Host Gator |
| Technical Support Rep | Houston and Austin, Texas | Host Gator |
| UX Designer | Austin, Texas | Host Gator |
| Web & UI Developer (JavaScript & j Query) | Austin, Texas | Host Gator |
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
If i want to use fstab to
If i want to use fstab to mount homeDirectory. what i must do ?
(HOST ldapserver.foo.com
BASE dc=foo,dc=com)
automount using LDAP
Hello guys,
It seems that RedHat automount uses cn property to identify username. Is there any way to change it to uid as authentication does?
Thank you in advance!
/SergeyK
Woo, using Perl for crypt and salting... WHY?
perl -e "print crypt('passwd','salt_string',);"
Why would one do this, when slappasswd is available? It comes with openldap.
# slappasswd -hslappasswd: option requires an argument -- h
Usage: slappasswd [options]
-h hash password scheme
-s secret new password
-c format crypt(3) salt format
-u generate RFC2307 values (default)
-v increase verbosity
-T file read file for new password
By default it uses SSHA. Easier and less prone to error.
--
greg@gregfolkert.net
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets used at the local large parking lot.
--
greg@gregfolkert.net
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little mod