openldap
OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.
LDAP for Rocket Scientists: http://www.zytrax.com/books/ldap/
SlackBuild
- mkdir -p /tmp/openldap
- cd /tmp/openldap
touch openldap.SlackBuild
- touch slack-desc
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.35.tgz
chmod 755 openldap.SlackBuild
./openldap.SlackBuild
- installpkg /tmp/openldap-2.4.35-i486-1_VBo.tgz
Package 32 bit: openldap-2.4.35-i486-1_VBo.tgz
Package 64 bit: openldap-2.4.35-x86_64-1_VBo.tgz
Contents of openldap.SlackBuild
1 #!/bin/sh -e
2 # Adapted from http://www.slackwiki.com/Writing_A_SlackBuild_Script
3 # V.B. revision date 2013/06/13
4 # Set initial variables:
5 CWD=$(pwd)
6 if [ "$TMP" = "" ]; then
7 TMP=/tmp
8 fi
9
10 VERSION=2.4.35 # The version which appears in the application's filename
11 PKG_VERSION=2.4.35 # the version which appears in the package name.
12 ARCH=${ARCH:-i486} # the architecture on which you want to build your package
13 #ARCH=${ARCH:-x86_64} # the architecture on which you want to build your package
14 BUILD=${BUILD:-1_VBo}
15 APP=openldap # The application's name
16 PKG=$TMP/package-$APP # The installation directory of the package
17
18 # set SLACKFLAGS
19 if [ "$ARCH" = "i486" ]; then
20 SLKCFLAGS="-O2 -march=i486 -mtune=i686"
21 elif [ "$ARCH" = "x86_64" ]; then
22 SLKCFLAGS="-O2 -fPIC"
23 fi
24
25 ### Extract Sources
26 # Delete the leftover directories if they exist (due to a previous build)
27 # and (re)create the packaging directory
28 rm -rf $PKG
29 mkdir -p $TMP $PKG
30 rm -rf $TMP/$APP-$VERSION
31 cd $TMP || exit 1 # Change to the TMP directory
32 tar -xvzf $CWD/$APP-$VERSION.tgz || exit 1 # Extract the application source in TMP
33 cd $APP-$VERSION || exit 1 # Change to the application source directory
34 # Change ownership and permissions if necessary
35 # This may not be needed in some source tarballs, but it never hurts
36 chown -R root:root .
37 chmod -R u+w,go+r-w,a-s .
38
39 ### Configure and Compile Sources
40 # To check configure available options run ./configure --help
41 # Set configure options
42 # If your app is written in C++, you'll also need to add a line for CXXFLAGS
43 CFLAGS="$SLKCFLAGS" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --build=$ARCH-slackware-linux --host=$ARCH-slackware-linux
44
45 # compile the source, but exit if anything goes wrong
46 make depend || exit #openldap requires make depend
47 make || exit
48
49 # Install everything into the package directory, but exit if anything goes wrong
50 make install DESTDIR=$PKG || exit
51
52 ### Install Documentation
53 # Create a directory for documentation
54 mkdir -p $PKG/usr/doc/$APP-$VERSION
55 # Copy documentation to the docs directory and fix permissions
56 # inside the source folder there are the files CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT
57 cp -a CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT $PKG/usr/doc/$APP-$VERSION
58 find $PKG/usr/doc/$APP-$VERSION -type f -exec chmod 644 {} \;
59
60 ### Final Touches
61 # Create the ./install directory and copy the slack-desc into it
62 mkdir -p $PKG/install
63 cat $CWD/slack-desc > $PKG/install/slack-desc
64 # Add doinst.sh to package (if it exists)
65 if [ -e $CWD/doinst.sh.gz ]; then
66 zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
67 fi
68 # Strip some libraries and binaries
69 ( cd $PKG
70 find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
71 find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
72 )
73 # Compress man pages if they exist
74 if [ -d $PKG/usr/man ]; then
75 ( cd $PKG/usr/man
76 find . -type f -exec gzip -9 {} \;
77 for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
78 )
79 fi
80 # Compress info pages if they exist (and remove the dir file)
81 if [ -d $PKG/usr/info ]; then
82 gzip -9 $PKG/usr/info/*.info
83 rm -f $PKG/usr/info/dir
84 fi
85
86 ### Build the Package
87 cd $PKG
88 /sbin/makepkg -l y -c n $TMP/$APP-$PKG_VERSION-$ARCH-$BUILD.tgz
Contents of slack-desc
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in. You must
# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
openldap: OpenLDAP
openldap:
openldap: Open source implementation of the Lightweight Directory Access
openldap: Protocol.
openldap:
openldap: The suite includes:
openldap: slapd - stand-alone LDAP daemon (server)
openldap: libraries implementing the LDAP protocol, and utilities, tools,
openldap: and sample clients.
openldap:
openldap: Homepage: http://www.openldap.org/
Configuration
- cd /etc/openldap
- cp slapd.conf slapd.conf.orig
- vi /etc/openldap/slapd.conf
- /usr/libexec/slapd -Tt # Test config file
- cp /var/openldap-data/DB_CONFIG.example /var/openldap-data/DB_CONFIG
- /usr/libexec/slapd #run slapd
ldapsearch -x -b -s base '(objectclass=*)' namingContexts # test slapd
- vi organization.ldif #create LDIF for organization
- vi manager.ldif #create LDIF for Manager
- vi groups.ldif
- vi users.ldif
Add LDIF to LDAP:
- ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f organization.ldif
- ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f manager.ldif
- ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f groups.ldif
- ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f users.ldif
Queries:
- ldapsearch -x -b 'cn=Jane Doe,ou=Operations,dc=example,dc=net' '(objectclass=*)'
- ldapsearch -x -b 'dc=example,dc=net' '(objectclass=*)'
Contents of /etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw secret directory /var/openldap-data
Contents of organization.ldif:
dn: dc=example,dc=net objectclass: dcObject objectclass: organization o: AcmeCorp dc: example
Contents of manager.ldif:
dn: cn=Manager,dc=example,dc=net objectclass: organizationalRole cn: Manager
Contents of groups.ldif:
dn: ou=Developers,dc=example,dc=net objectclass: organizationalUnit ou: Developers dn: ou=Operations,dc=example,dc=net objectclass: organizationalUnit ou: Operations
Contents of users.ldif:
dn: cn=John Doe,ou=Developers,dc=example,dc=net objectclass: inetOrgPerson cn: John Doe cn: J. Doe sn: Doe uid: john.doe userpassword: pass123456 mail: john.doe@example.net description: The Doe ou: Developers dn: cn=Jane Doe,ou=Operations,dc=example,dc=net objectclass: inetOrgPerson cn: Jane Doe cn: J. Doe sn: Doe uid: jane.doe userpassword: pass1122 mail: john.doe@example.net description: Ops Jane ou: Operations
Links
http://www.howtoforge.com/install-and-configure-openldap-on-centos-5
http://www.server-world.info/en/note?os=CentOS_6&p=ldap
Securing LDAP connections
https://help.ubuntu.com/community/SecuringOpenLDAPConnections
/etc/ldap.conf, set your client machine to use SSL to connect to LDAP and also allow the self-signed certificate.
URI ldaps://server.mybusiness.com/ TLS_REQCERT allow
openssl s_client -connect server.mybusiness.com:636 -showcerts
How to save the LDAP SSL Certificate from OpenSSL
http://stackoverflow.com/questions/7084482/how-to-save-the-ldap-ssl-certificate-from-openssl
openssl s_client -connect 192.168.1.225:636
Copy everything between
BEGIN CERTIFICATE
and
END CERTIFICATE
(including these delimiters) and paste it in a new text file (usually with the extension .pem or .crt).