Skip to content

Install and Configure OpenLDAP

February 11, 2010
tags: , , , ,

In my recent project,  I worked on OpenLDAP directory server. I would like to share my experience on it.

The OpenLDAP(The open source implementation of LDAP protocol) software suite consists of,

  1. openldap-server(Directory Server)
  2. openldap-clients(Provides tools to communitcate with server like ldapsearch, ldapadd, etc.)

Let’s see how to install and configure it on CentOS5.3.

Installing OpenLDAP Clients:

[root@localhost openldap]# yum install openldap-clients

This command will install the OpenLDAP clients on the system. It has one main configuration file can be found at /etc/openldap/ldap.conf

Installing  OpenLDAP Server :

[root@localhost openldap]# yum install openldap-servers

This command will install the OpenLDAP Server(slapd daemon) on Port 389.  SLAPD has one main configuration file can be found at /etc/openldap/slapd.conf and other auxiliary config files.

Configuring the LDAP Server :

Step 1. In order to use the slapd LDAP server, modify its main configuration file /etc/openldap/slapd.conf, to match your environment by specifing the correct domain and server.

- For Example :

# slapd.conf
database     bdb
suffix       "dc=example,dc=com"
rootdn       "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw       examplepasswd
# rootpw     {crypt}ijFYNcSNctBYg
# The database directory must exists prior to running slapd and should
# only be accessible by the slapd and slap tools.
# Mode 700 recommended
directory    /var/lib/ldap

Where,

  • database -> Defines the database backend used by openldap, here it is Berkeley DB backend.
  • suffix ->  Root of the directory tree
  • rootdn -> The Distinguish name of the superuser of the directory
  • rootpw -> Password for superuser
  • directory -> Database storage area

Step 2. Copy /etc/openldap/DB_CONFIG.example file in /var/lib/ldap directory.

- This file should be placed in the directory as specified by the directory configuration option in the slapd.conf file.

Step 3. Start the daemon

- Once we have setup the server, we need to start the LDAP daemon.The script for LDAP daemon is placed at /etc/init.d/ldap

- For Example:

[root@localhost openldap]# /etc/init.d/ldap start
Checking configuration files for slapd:  config file testing succeeded
[  OK  ]
Starting slapd:                                            [  OK  ]

Step 4. Check whether server is running or not.

[root@localhost openldap]# ldapsearch -x -h localhost -b "dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object

Here the we are getting the result as “No such object” which indicates that our LDAP server is up and running but unable to locate the data.

Step 5. Create the base data for the LDAP server.

- Create the example.ldif file

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

Step 6. Add the data to the directory

[root@localhost openldap]# ldapadd -x -D "cn=Manager,dc=example,dc=com" \
-W -f example.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"

Where,

  • -D -> Specifies username
  • -W ->  Specified that the password will be prompted
  • -f -> Specifies the name of the LDIF file
  • -x -> Specifies simple authentication

Now we have successfully created the base of the directory, Lets do a test.

[root@localhost openldap]# ldapsearch -x -h localhost -b "dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

You’re Finished!!! :)

Till now we have added the base of our directory, further you can add more data using ldapadd command.

21 Comments
from → OpenLDAP

Header issue in PHP

September 21, 2009
tags:

I remember back in the days when I was new to PHP, was so strange to why I can’t do echo before header.
Then I started googling :) about this topic.

Basically, when you send body content to the browser before sending your header content with the header()/setcookie()/setrawcookie() methods, you wiil get an error message “Cannot modify header information – headers already sent“.

This is because the HTTP status header line will always be the first sent to the client, regardless of the actual header() call being the first or not. The status may be overridden by calling header() with a new status line at any time unless the HTTP headers have already been sent.

The output buffering solves this issue. While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.

By default the output buffering is disabled in php.ini file. There are two ways of enabling output buffering,

1. Enable output_buffering in php.ini
e.g. output_buffering = on

2. Call ob_start() method to turn on output buffering.

Let’s take an example, how it works :

Example :

1. Example with error

<?php
echo "Test";
setcookie('name', 'value');
?>

The above script will throw an error “Cannot modify header information – headers already sent”, only if the output_buffering is disabled in php.ini file.

2. Example without error

<?php
ob_start();// Turn on output buffering
echo "Test";
setcookie('name', 'value');
ob_end_flush(); // Flush (send) the output buffer and turn off output buffering
?>

The above script will work with zero error plus zero warning. :)

Reference : http://in2.php.net/manual/en/function.header.php

3 Comments
from → PHP

Magic in PHP5

September 19, 2009
tags:

PHP5 has made a lot of improvements over php4 as regarding OOPS is concerned and performance as well.

PHP5 provides various magic methods like  __construct(),  __destruct(), __set(), __get(), __call(), __toString(), __sleep(), __wakeup(), __isset(), __unset(), __autoload(), __clone(). Don’t create functions with thsese names in your class unless you want the magic functionality associated with them.

These magic methods are widely used by many PHP open source frameworks like CakePHP, Garden, etc.

Lets take an example of how __call() works :

The magic method __call() gets automatically called when a call to undeclared or undefined method of a class is made.

class MyClass{
       public function __call($name, $args) {
        echo "Function Name : "; print_r($name);
        echo "<br />";
        echo "Arguments : ";    print_r($args);
        }
}

$myClass = new MyClass();
$myClass->setName('Mayank'); // This will call __call() method.

Output :

Function Name : setName
Arguments : Array ([0] => Mayank )

3 Comments
from → PHP

Hello world!

August 10, 2008

Hello Everyone,

Finally, I’ve started blogging.

Leave a comment
from → Uncategorized
Follow

Get every new post delivered to your Inbox.