LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary

I can imagine the comments we'll see on this article. What about X distribution? And so on... I'm not going to justify my reasons for choosing Debian. You can use whatever distro you want. It's just a matter of preference.

Installing OpenLDAP in Debian

Let's start by getting OpenLDAP from the Debian stable repository. Use the commands:

#apt-get install slapd ldap-utils db4.2-util

As you install LDAP you'll see messages such as:

The DNS domain name is used to construct the base DN of your LDAP directory. Entering foo.bar.org will give you the base DN dc=foo, dc=bar, dc=org. DNS domain name:
centralsoft.org__________

Don't worry about the terminology at this time. Remember that LDAP uses a hierarchal file structure like your Linux directory. In the question above, the install script is asking you to define the root or top of the directory. It uses this strange way of stating it. We'll explain it later.

Whatever you enter here will be stored as the name of your organization in the base DN of your LDAP directory.

Name of your organization: centralsoft.org_

In the directory you will often find reference to the organization. You will see it as o=centralsoft.org or your domain name.

Please reenter the admin password for your LDAP directory for verification. Confirm password:***********

The administrator, admin executes the commands you'll use to put data into the directory.

The slapd daemon now disables the old LDAPv2 protocol by default.

Programs and users are generally expected to be upgraded to LDAPv3. If you have old programs which have not been moved to use LDAPv3 and you still need LDAPv2 support then select this option and 'allow bind_v2' will be added to your slapd.conf to tell slapd to accept LDAPv2 connections.
Allow LDAPv2 protocol?

standalone LDAP daemon

We don't want LDAPv2 protocol. But that's it. Next you will see a message saying slapd is configure and running.

Next, you should see the ending installation dialog:

Setting up slapd (2.2.23-8) ...
Creating initial slapd configuration... done.
Creating initial LDAP directory... done.
Starting OpenLDAP: running BDB recovery, slapd.

Setting up db4.2-util (4.2.52-18) ...
Setting up ldap-utils (2.2.23-8) ...
mail:/home/admin#

OpenLDAP uses slapd which stands for standalone LDAP daemon.

Some perspective

Note: You will see some repetition in these installments. I don't have any justification for that other than to to say sometimes readers drop by without having seen earlier articles. That's the nature of a series of articles.

In the next article, we plan to add data to your directory. But before we go there, I'd like to put a little spin on this Directory Service thing.

System administrators should have LDAP on the top of their priority list of skills to master. Using this Access Protocol becomes more critical to business every day. Why?

First, Information Technology has evolved from Local Area Networks in an isolated business to an open infrastructure. Where we once sent purchase orders to suppliers, we now have Supply Chain Management.

We also have customers setting up accounts on our computer systems so they can purchase products directly. When someone buys a product and pays by credit card, we have to run the transaction through a clearing house that issues an authorization. Then you have to batch those credit card purchases and send them to your bank for credit.

LDAP provides the common interface for interoperabilty between and amongst all those systems. We can build our own SQL databases and hope to interconnect with our customers and suppliers but unless we have a common specification, we can't work together.

LDAP provides an Internet standard that requires LDAP servers to communicate using the same Access Protocol. LDAP is the origin of unified identity management referred to in the industry as single sign-on.

LDAP terminology confuses many professionals. For example, sometimes people use LDAP to refer to the protocol, other times to the protocol and the data. In these articles when we use the term LDAP, we mean a server listening on port 389 providing data to an LDAP client and vice versa.

In computing, we use the word directory often and it can mean different things to different people. For example, to the average user a directory might mean catalogs or folders on his or her desktop.

To a system administrator the Linux file system provides a hierarchical group of directories. The vast majority of operating systems have directory structures and when plotted visually looks like a tree structure.

LDAP uses a hierarchical data structure with a root, limbs and branches. We call that a DIT or Directory Information Tree. When someone comes along and says, give me such and such information from port 389, they need to have an entry in the DIT. If not, they are rejected by OpenLDAP's authentication layer.

Miles to go

I hope you'll understand one thing about LDAP in the Linux environment: You need patience. For example, just because you have an administrator's account doesn't mean you can just enter data. We need to modify some configuration files. Then we need to learn how to authenticate and build the hierarchy

That's just skimming the tip of the iceberg. If you would like to speed up the process of learning this LDAP thing, you'll find plenty of information out on the web. I would start with the OpenLDAP administrator's guide.

You can get started with this link to the The Quick-Start Guide.

Thanks for dropping by and since it's Halloween, remember this: Don't let the turkeys get you down, man.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Great info

worldpeace's picture

Informative article

You are right ...

Passivhaus Niedrigenergiehaus's picture

... to choose Debian. Its nice and fast and free :-)

i am happy

Free URL redirection's picture

oh thankyou..iwas able to install ldap using your instructions..you saved my time..

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState