openldap

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.

http://www.openldap.org/

LDAP for Rocket Scientists: http://www.zytrax.com/books/ldap/

SlackBuild

Package 32 bit: openldap-2.4.35-i486-1_VBo.tgz

Package 64 bit: openldap-2.4.35-x86_64-1_VBo.tgz

Contents of openldap.SlackBuild 

   1 #!/bin/sh -e
   2 # Adapted from http://www.slackwiki.com/Writing_A_SlackBuild_Script
   3 # V.B. revision date 2013/06/13
   4 # Set initial variables:
   5 CWD=$(pwd)
   6 if [ "$TMP" = "" ]; then
   7   TMP=/tmp
   8 fi
   9 
  10 VERSION=2.4.35 # The version which appears in the application's filename
  11 PKG_VERSION=2.4.35 # the version which appears in the package name. 
  12 ARCH=${ARCH:-i486} # the architecture on which you want to build your package
  13 #ARCH=${ARCH:-x86_64} # the architecture on which you want to build your package
  14 BUILD=${BUILD:-1_VBo}
  15 APP=openldap # The application's name
  16 PKG=$TMP/package-$APP # The installation directory of the package
  17 
  18 # set SLACKFLAGS
  19 if [ "$ARCH" = "i486" ]; then
  20   SLKCFLAGS="-O2 -march=i486 -mtune=i686"
  21  elif [ "$ARCH" = "x86_64" ]; then
  22   SLKCFLAGS="-O2 -fPIC"
  23 fi
  24 
  25 ### Extract Sources 
  26 # Delete the leftover directories if they exist (due to a previous build)
  27 # and (re)create the packaging directory
  28 rm -rf $PKG 
  29 mkdir -p $TMP $PKG
  30 rm -rf $TMP/$APP-$VERSION
  31 cd $TMP || exit 1 # Change to the TMP directory
  32 tar -xvzf $CWD/$APP-$VERSION.tgz || exit 1 # Extract the application source in TMP
  33 cd $APP-$VERSION || exit 1 # Change to the application source directory
  34 # Change ownership and permissions if necessary
  35 # This may not be needed in some source tarballs, but it never hurts
  36 chown -R root:root .
  37 chmod -R u+w,go+r-w,a-s .
  38 
  39 ### Configure and Compile Sources
  40 # To check configure available options run ./configure --help                                                                               
  41 # Set configure options                                                                                                                     
  42 # If your app is written in C++, you'll also need to add a line for CXXFLAGS                                                                
  43 CFLAGS="$SLKCFLAGS" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --build=$ARCH-slackware-linux --host=$ARCH-slackware-linux
  44 
  45 # compile the source, but exit if anything goes wrong
  46 make depend || exit #openldap requires make depend
  47 make || exit
  48  
  49 # Install everything into the package directory, but exit if anything goes wrong
  50 make install DESTDIR=$PKG || exit
  51 
  52 ### Install Documentation
  53 # Create a directory for documentation
  54 mkdir -p $PKG/usr/doc/$APP-$VERSION
  55 # Copy documentation to the docs directory and fix permissions
  56 # inside the source folder there are the files CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT
  57 cp -a CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT $PKG/usr/doc/$APP-$VERSION
  58 find $PKG/usr/doc/$APP-$VERSION -type f -exec chmod 644 {} \;
  59 
  60 ### Final Touches
  61 # Create the ./install directory and copy the slack-desc into it
  62 mkdir -p $PKG/install
  63 cat $CWD/slack-desc > $PKG/install/slack-desc
  64 # Add doinst.sh to package (if it exists)
  65 if [ -e $CWD/doinst.sh.gz ]; then
  66   zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
  67 fi
  68 # Strip some libraries and binaries
  69 ( cd $PKG
  70    find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
  71    find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
  72 )
  73 # Compress man pages if they exist
  74 if [ -d $PKG/usr/man ]; then
  75   ( cd $PKG/usr/man
  76   find . -type f -exec gzip -9 {} \;
  77   for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
  78   ) 
  79 fi
  80 # Compress info pages if they exist (and remove the dir file)
  81 if [ -d $PKG/usr/info ]; then
  82   gzip -9 $PKG/usr/info/*.info
  83   rm -f $PKG/usr/info/dir
  84 fi
  85 
  86 ### Build the Package
  87 cd $PKG
  88 /sbin/makepkg -l y -c n $TMP/$APP-$PKG_VERSION-$ARCH-$BUILD.tgz

Contents of slack-desc 

# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description.  Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in.  You must
# make exactly 11 lines for the formatting to be correct.  It's also
# customary to leave one space after the ':'.

       |-----handy-ruler------------------------------------------------------|
openldap: OpenLDAP 
openldap:
openldap: Open source implementation of the Lightweight Directory Access 
openldap: Protocol.
openldap:
openldap: The suite includes: 
openldap:  slapd - stand-alone LDAP daemon (server) 
openldap:  libraries implementing the LDAP protocol, and utilities, tools, 
openldap:  and sample clients. 
openldap:
openldap: Homepage: http://www.openldap.org/

Configuration

Add LDIF to LDAP:

Queries:

Contents of /etc/openldap/slapd.conf: 

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema

database bdb
suffix  "dc=example,dc=net"
rootdn  "cn=Manager,dc=example,dc=net"
rootpw secret
directory /var/openldap-data

Contents of organization.ldif: 

dn: dc=example,dc=net
objectclass: dcObject
objectclass: organization
o: AcmeCorp 
dc: example

Contents of manager.ldif: 

dn: cn=Manager,dc=example,dc=net
objectclass: organizationalRole
cn: Manager

Contents of groups.ldif: 

dn: ou=Developers,dc=example,dc=net
objectclass: organizationalUnit
ou: Developers

dn: ou=Operations,dc=example,dc=net
objectclass: organizationalUnit
ou: Operations

Contents of users.ldif: 

dn: cn=John Doe,ou=Developers,dc=example,dc=net
objectclass: inetOrgPerson
cn: John Doe
cn: J. Doe
sn: Doe
uid: john.doe
userpassword: pass123456
mail: john.doe@example.net
description: The Doe
ou: Developers

dn: cn=Jane Doe,ou=Operations,dc=example,dc=net
objectclass: inetOrgPerson
cn: Jane Doe    
cn: J. Doe        
sn: Doe  
uid: jane.doe   
userpassword: pass1122
mail: john.doe@example.net
description: Ops Jane  
ou: Operations

http://www.howtoforge.com/install-and-configure-openldap-on-centos-5

http://www.server-world.info/en/note?os=CentOS_6&p=ldap

Securing LDAP connections

https://help.ubuntu.com/community/SecuringOpenLDAPConnections

/etc/ldap.conf, set your client machine to use SSL to connect to LDAP and also allow the self-signed certificate. 

URI ldaps://server.mybusiness.com/
TLS_REQCERT allow

openssl s_client -connect server.mybusiness.com:636 -showcerts

How to save the LDAP SSL Certificate from OpenSSL

http://stackoverflow.com/questions/7084482/how-to-save-the-ldap-ssl-certificate-from-openssl

openssl s_client -connect 192.168.1.225:636

Copy everything between

BEGIN CERTIFICATE

and

END CERTIFICATE

(including these delimiters) and paste it in a new text file (usually with the extension .pem or .crt).

openldap (last edited 2014-12-16 23:18:19 by 112)