Paranoid Penguin - Authenticate with LDAP
Second, whenever I create a user record, I need to make sure that an objectclass: inetOrgPerson statement is present.
So, how do you create user records? Ideally, with the GUI of your choice. Last month I mentioned gq, which is a standard package in many distros; another excellent tool is ldapbrowser, available at www.iit.edu/~gawojar/ldap. Initially, however, you'll probably want to add at least your organizational entry manually, by creating an ldif file and writing it to the database via the ldapadd command. An ldif file is a text file containing a list of attribute/object class declarations, one per line; a simple one follows:
dn: dc=wiremonkeys,dc=org objectclass: top objectclass: organization o: Wiremonkeys of St. Paul
Here, we're defining the organization wiremonkeys.org. We specify its distinguished name, associate it with the object classes' top (mandatory for all records) and organization and specify the organization's name (Wiremonkeys of St. Paul), which is the only mandatory attribute for these two object classes.
To write this record to the database, issue this command:
bash-$ ldapadd -x -H ldaps://localhost/ \ -D "cn=ldapguy,dc=wiremonkeys,dc=org" \ -W -f wiremonkeys_init.ldif
As with most OpenLDAP commands, -x specifies simple password authentication, -H specifies the LDAP server's URL, -D specifies the DN of the administrator account and -W causes a prompt for the administrator's password. The -f option specifies the path to our ldif file.
Confused yet? I've packed a lot of information into this month's column, but our LDAP server is very nearly done. To finish yours without waiting for next month, see the OpenLDAP Administrator's Guide at www.openldap.org/doc for more information about TLS, startup flags, schema and ldif files.
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant for Upstream Solutions LLC in Minneapolis, Minnesota. Mick spends his copious free time chasing little kids (strictly his own) and playing music, sometimes simultaneously. Mick is author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).
|diff -u: What's New in Kernel Development||Sep 04, 2015|
|Android Candy: Copay—the Next-Generation Bitcoin Wallet||Sep 03, 2015|
|The True Internet of Things||Sep 02, 2015|
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
- diff -u: What's New in Kernel Development
- Using tshark to Watch and Inspect Network Traffic
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- The True Internet of Things
- Android Candy: Copay—the Next-Generation Bitcoin Wallet
- September 2015 Issue of Linux Journal: HOW-TOs
- Firefox Security Exploit Targets Linux Users and Web Developers
- Concerning Containers' Connections: on Docker Networking
- Where's That Pesky Hidden Word?
- A Project to Guarantee Better Security for Open-Source Projects