= openldap = OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. [[http://www.openldap.org/]] LDAP for Rocket Scientists: [[http://www.zytrax.com/books/ldap/]] == SlackBuild == * mkdir -p /tmp/openldap * cd /tmp/openldap * touch openldap.SlackBuild * touch slack-desc * wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.35.tgz * chmod 755 openldap.SlackBuild * ./openldap.SlackBuild * installpkg /tmp/openldap-2.4.35-i486-1_VBo.tgz Package 32 bit: [[attachment:openldap-2.4.35-i486-1_VBo.tgz]] Package 64 bit: [[attachment:openldap-2.4.35-x86_64-1_VBo.tgz]] Contents of openldap.SlackBuild {{{#!highlight bash #!/bin/sh -e # Adapted from http://www.slackwiki.com/Writing_A_SlackBuild_Script # V.B. revision date 2013/06/13 # Set initial variables: CWD=$(pwd) if [ "$TMP" = "" ]; then TMP=/tmp fi VERSION=2.4.35 # The version which appears in the application's filename PKG_VERSION=2.4.35 # the version which appears in the package name. ARCH=${ARCH:-i486} # the architecture on which you want to build your package #ARCH=${ARCH:-x86_64} # the architecture on which you want to build your package BUILD=${BUILD:-1_VBo} APP=openldap # The application's name PKG=$TMP/package-$APP # The installation directory of the package # set SLACKFLAGS if [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" fi ### Extract Sources # Delete the leftover directories if they exist (due to a previous build) # and (re)create the packaging directory rm -rf $PKG mkdir -p $TMP $PKG rm -rf $TMP/$APP-$VERSION cd $TMP || exit 1 # Change to the TMP directory tar -xvzf $CWD/$APP-$VERSION.tgz || exit 1 # Extract the application source in TMP cd $APP-$VERSION || exit 1 # Change to the application source directory # Change ownership and permissions if necessary # This may not be needed in some source tarballs, but it never hurts chown -R root:root . chmod -R u+w,go+r-w,a-s . ### Configure and Compile Sources # To check configure available options run ./configure --help # Set configure options # If your app is written in C++, you'll also need to add a line for CXXFLAGS CFLAGS="$SLKCFLAGS" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --build=$ARCH-slackware-linux --host=$ARCH-slackware-linux # compile the source, but exit if anything goes wrong make depend || exit #openldap requires make depend make || exit # Install everything into the package directory, but exit if anything goes wrong make install DESTDIR=$PKG || exit ### Install Documentation # Create a directory for documentation mkdir -p $PKG/usr/doc/$APP-$VERSION # Copy documentation to the docs directory and fix permissions # inside the source folder there are the files CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT cp -a CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT $PKG/usr/doc/$APP-$VERSION find $PKG/usr/doc/$APP-$VERSION -type f -exec chmod 644 {} \; ### Final Touches # Create the ./install directory and copy the slack-desc into it mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc # Add doinst.sh to package (if it exists) if [ -e $CWD/doinst.sh.gz ]; then zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh fi # Strip some libraries and binaries ( cd $PKG find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null ) # Compress man pages if they exist if [ -d $PKG/usr/man ]; then ( cd $PKG/usr/man find . -type f -exec gzip -9 {} \; for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done ) fi # Compress info pages if they exist (and remove the dir file) if [ -d $PKG/usr/info ]; then gzip -9 $PKG/usr/info/*.info rm -f $PKG/usr/info/dir fi ### Build the Package cd $PKG /sbin/makepkg -l y -c n $TMP/$APP-$PKG_VERSION-$ARCH-$BUILD.tgz }}} Contents of slack-desc {{{ # HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' # on the right side marks the last column you can put a character in. You must # make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| openldap: OpenLDAP openldap: openldap: Open source implementation of the Lightweight Directory Access openldap: Protocol. openldap: openldap: The suite includes: openldap: slapd - stand-alone LDAP daemon (server) openldap: libraries implementing the LDAP protocol, and utilities, tools, openldap: and sample clients. openldap: openldap: Homepage: http://www.openldap.org/ }}} === Configuration === * cd /etc/openldap * cp slapd.conf slapd.conf.orig * vi /etc/openldap/slapd.conf * /usr/libexec/slapd -Tt # Test config file * cp /var/openldap-data/DB_CONFIG.example /var/openldap-data/DB_CONFIG * /usr/libexec/slapd #run slapd * ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # test slapd * vi organization.ldif #create LDIF for organization * vi manager.ldif #create LDIF for Manager * vi groups.ldif * vi users.ldif Add LDIF to LDAP: * ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f organization.ldif * ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f manager.ldif * ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f groups.ldif * ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f users.ldif Queries: * ldapsearch -x -b 'cn=Jane Doe,ou=Operations,dc=example,dc=net' '(objectclass=*)' * ldapsearch -x -b 'dc=example,dc=net' '(objectclass=*)' Contents of '''/etc/openldap/slapd.conf''': {{{ include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw secret directory /var/openldap-data }}} Contents of '''organization.ldif''': {{{ dn: dc=example,dc=net objectclass: dcObject objectclass: organization o: AcmeCorp dc: example }}} Contents of '''manager.ldif''': {{{ dn: cn=Manager,dc=example,dc=net objectclass: organizationalRole cn: Manager }}} Contents of '''groups.ldif''': {{{ dn: ou=Developers,dc=example,dc=net objectclass: organizationalUnit ou: Developers dn: ou=Operations,dc=example,dc=net objectclass: organizationalUnit ou: Operations }}} Contents of '''users.ldif''': {{{ dn: cn=John Doe,ou=Developers,dc=example,dc=net objectclass: inetOrgPerson cn: John Doe cn: J. Doe sn: Doe uid: john.doe userpassword: pass123456 mail: john.doe@example.net description: The Doe ou: Developers dn: cn=Jane Doe,ou=Operations,dc=example,dc=net objectclass: inetOrgPerson cn: Jane Doe cn: J. Doe sn: Doe uid: jane.doe userpassword: pass1122 mail: john.doe@example.net description: Ops Jane ou: Operations }}} == Links == [[http://www.howtoforge.com/install-and-configure-openldap-on-centos-5]] [[http://www.server-world.info/en/note?os=CentOS_6&p=ldap]] == Securing LDAP connections == https://help.ubuntu.com/community/SecuringOpenLDAPConnections /etc/ldap.conf, set your client machine to use SSL to connect to LDAP and also allow the self-signed certificate. {{{ URI ldaps://server.mybusiness.com/ TLS_REQCERT allow }}} openssl s_client -connect server.mybusiness.com:636 -showcerts == How to save the LDAP SSL Certificate from OpenSSL == http://stackoverflow.com/questions/7084482/how-to-save-the-ldap-ssl-certificate-from-openssl openssl s_client -connect 192.168.1.225:636 Copy everything between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- (including these delimiters) and paste it in a new text file (usually with the extension .pem or .crt).