FreeBSD Practical Instructions for Creating an OpenLDAP Server and Client

LDAP (Lightweight Directory Access Protocol) is a TCP-based protocol used to access directory services. Directory services provide users with information about other users and resources in the network (usually in the form of address book entries). Entries are stored in a central database and accessed from an LDAP server (OpenLDAP, Windows Server Active Directory, etc.) via an LDAP-enabled client (Microsoft Outlook, Mozilla Thunderbird, etc.).

OpenLDAP complies with the X.500 series directory services standards developed by ITU-T (the standards division of the International Telecommunications Union). This program provides LDAP interoperability between X.500-based applications. As per the X.500 standard, LDAP entries are stored in a hierarchical format consisting of a set of attributes within the entry directory:

-DOMAIN COMPONENT (.com)
     -DOMAIN COMPONENT (example)
         -ORGANIZATIONAL UNIT (People)
             -USER ID (jdoe)
                 -TELEPHONENUMBER (phone number)
                 -GIVENNAME (doe)

LDAP was created by Tim Howes, Steve Kille, and Wengyik Yeong in 1992. It started as a project to provide a service directory alongside the University of Michigan's email system. A company called Net Boolean Inc. was formed to provide email services to businesses in early 1998. Commercially available LDAP implementation was too expensive for this young company.

Net Boolean creates Boolean LDAP from open source LDAP software provided by the University of Michigan. Kurt Zeilenga of Net Boolean then founded the OpenLDAP Foundation and project in August 1998. OpenLDAP development currently consists of a core team that includes founders Kurt Zeilenga, Howard Chu, and Pierangelo Masarati.

This time we will try to install OpenLDAP on the FreeBSD 13.2 system. To start installing OpenLDAP on FreeBSD you must log in as a super user or root user. So that all OpenLDAP dependencies can be installed, you should use the ports system on FreeBSD to install OpenLDAP.

root@router2:~ # cd /usr/ports/net/openldap26-server
root@router2:~ # make config && make install clean
root@router2:~ # rehash

After that, continue by installing openldap26-client.

root@router2:~ # cd /usr/ports/net/openldap26-client
root@router2:~ # make config && make install clean
root@router2:~ # rehash
After the OpenLDAP installation process is complete, it's time to configure OpenLDAP so that it can be used on the FreeBSD system. Set up an OpenLDAP root password. OpenLDAP stores the LDAP administrator password stored in the /usr/local/etc/slapd.conf file. OpenLDAP can read this password as plain text or as a hash. Hashes obscure passwords with their unique algorithm, so they are not obvious.

The next step is to edit the /usr/local/etc/slapd.conf file. If your FreeBSD Server domain name is unixexplore.com, enter "dc=unixexplore,dc=com". Continue to the next line, rootdn, and enter the same information, leaving out the "cn=Manager" segment. To make it clearer, follow the script below:

root@router2:~ #  ee /usr/local/etc/openldap/slapd.conf
suffix "dc=unixexplore,dc=com"
rootdn "cn=Manager,dc=unixexplore,dc=com"
In the slapd.conf file located in the /usr/local/etc/openldap folder, under the script include /usr/local/etc/openldap/schema/core.schema, add the following script:

include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
Now we continue by copying the cosine.schema.sample file to cosine.schema.

root@router2:~ # cp /usr/local/etc/openldap/schema/cosine.schema.sample cosine.schema
Then in the openldap client we edit the /usr/local/etc/openldap/ldap.conf file and add the script below to the ldap.conf file.

root@ns1:~ # ee /usr/local/etc/openldap/ldap.conf
URI ldap://192.168.5.2
BASE dc=unixexplore,dc=com
BINDDN cn=Manager,dc=unixexplore,dc=com

SIZELIMIT 12
TIMELIMIT 15
DEREF never
We continue by creating the Start Up rc.d file, add the following script to the /etc/rc.conf file.

root@router2:~ # ee /etc/rc.conf
slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"
Create an ldap user and group.

root@router2:~ # chown -R ldap:ldap /usr/local/etc/openldap/
root@router2:~ # chown -R ldap:ldap /var/run/openldap/
Now let's do a test to see if there is anything wrong with the OpenLDAP configuration. Type the following command line.

root@router2:~ # service slapd restart
Stopping slapd.
Waiting for PIDS: 47346.
Performing sanity check on slap configuration: OK
Starting slapd.
root@router2:~ #
What is the meaning of the word,

Waiting for PIDS: 47346.
Performing sanity check on slap configuration: OK
Starting slapd

This means that your OpenLDAP Server is running or has been RUNNING on the FreeBSD system.

We check once again with the ldapsearch -x script, if something like the following appears, openldap is running normally.

root@ns1:~ # ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=unixexplore,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
Because ldapadd is sensitive to syntax errors, adding entries to the LDAP database manually (as we did in the test section above) can be a pain. There are utilities that allow you to manage LDAP databases more efficiently and user-friendly. phpLDAPadmin is a web-based LDAP browser designed to manage LDAP databases more intuitively.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post