Conklin Technology Group, LLC IT Architecture. Identity Management. Unix Administration

6Apr/100

Getting started with your new LDAP server

So now that you've had a chance to get started with your new cloud-based LDAP server...  (you have fired it up, right?  If not, check out this post for more details on how you can have your own LDAP server running in 10 minutes or so!)

Some of the most common uses of LDAP are for centralized authentication, say, for a group of Linux servers in your office, or perhaps for a company-wide address book.  Today, we'll talk about just getting some basic user data into your directory server.  Next time, we'll tackle the attributes required for Linux authentication.

So, assuming you have followed the directions (found here), you should be able to bring up a browser and use the phpLDAPadmin tool to add a few new entries to your OpenDS instance.  The URL will be something like:  http://ec2-123-34-45-56.compute-1.amazonaws.com/pla   After logging in as the directory manager account (cn=directory manager, default password is dirmgr123), you should see one lone entry, called "o=root".  That's the top of your directory -- all the other groups and entries will be below here.  So, first, let's create two groups, or organizational units.  The first we'll call "ou=people', and the second "ou=groups".  Should be pretty self-explanatory as to what types of objects go into which group...

Using the phpLDAPadmin interface, click on the 'o=root' entry.  One of the options is 'Create a child entry' -- click there, and then choose 'Generic: organisational unit' from the available options.  Type 'people' into the text box, and click 'commit' when prompted if you want to create this entry.  That's it.  Now you've got a new organizational unit into which you can add accounts for people in your organization.

Next we'll create the 'ou=groups' container, but this time, we'll use a different method.  Click on the 'import' icon in the left-hand menu of the phpLDAPadmin screen, and paste the following lines into the text area:

dn: ou=groups,o=root
objectclass: organizationalUnit
objectclass: top
ou: groups

After clicking the 'Proceed' button, you should see a success message like 'Adding ou=groups,o=root Success'.  Also, you can now see in the left-hand menu a new container called 'ou=groups' under the root entry.  Pretty easy stuff.  The LDIF syntax lets you easily add many objects at once, without having to manually create each through the GUI of phpLDAPadmin.

Now that you have created these two containers, let's add one sample user into the people OU.  For our guinea pig, let's use the LDIF method.  Click the 'import' icon, and paste the following into the text area.  Replace values as you see fit:

dn: uid=jsmith,ou=people,o=root
givenname: Joe
sn: Smith
cn: Joe Smith
uid: jsmith
telephonenumber: 123-555-1234
objectclass: top
objectclass: person
objectclass: inetorgperson
dn: uid=jsmith,ou=people,o=root
givenname: Joe
sn: Smith
cn: Joe Smith
uid: jsmith
telephonenumber: 123-555-1234
userpassword: secret 
objectclass: top
objectclass: person
objectclass: inetorgperson

That's it.  Now you've added your first LDAP account -- you should be able to browse to it and view the object with phpLDAPadmin -- it's under 'ou=people'.

Continue to populate data into your LDAP server.  Next time we'll look at how you can start to use it for getting something done, like centralized authentication in Linux.

Filed under: All, LDAP Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.