openldap

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.

http://www.openldap.org/

LDAP for Rocket Scientists: http://www.zytrax.com/books/ldap/

SlackBuild

mkdir -p /tmp/openldap
cd /tmp/openldap
touch openldap.SlackBuild
touch slack-desc
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.35.tgz
chmod 755 openldap.SlackBuild
./openldap.SlackBuild
installpkg /tmp/openldap-2.4.35-i486-1_VBo.tgz

Package 32 bit: openldap-2.4.35-i486-1_VBo.tgz

Package 64 bit: openldap-2.4.35-x86_64-1_VBo.tgz

Contents of openldap.SlackBuild

   1 #!/bin/sh -e
   2 # Adapted from http://www.slackwiki.com/Writing_A_SlackBuild_Script
   3 # V.B. revision date 2013/06/13
   4 # Set initial variables:
   5 CWD=$(pwd)
   6 if [ "$TMP" = "" ]; then
   7   TMP=/tmp
   8 fi
   9 
  10 VERSION=2.4.35 # The version which appears in the application's filename
  11 PKG_VERSION=2.4.35 # the version which appears in the package name. 
  12 ARCH=${ARCH:-i486} # the architecture on which you want to build your package
  13 #ARCH=${ARCH:-x86_64} # the architecture on which you want to build your package
  14 BUILD=${BUILD:-1_VBo}
  15 APP=openldap # The application's name
  16 PKG=$TMP/package-$APP # The installation directory of the package
  17 
  18 # set SLACKFLAGS
  19 if [ "$ARCH" = "i486" ]; then
  20   SLKCFLAGS="-O2 -march=i486 -mtune=i686"
  21  elif [ "$ARCH" = "x86_64" ]; then
  22   SLKCFLAGS="-O2 -fPIC"
  23 fi
  24 
  25 ### Extract Sources 
  26 # Delete the leftover directories if they exist (due to a previous build)
  27 # and (re)create the packaging directory
  28 rm -rf $PKG 
  29 mkdir -p $TMP $PKG
  30 rm -rf $TMP/$APP-$VERSION
  31 cd $TMP || exit 1 # Change to the TMP directory
  32 tar -xvzf $CWD/$APP-$VERSION.tgz || exit 1 # Extract the application source in TMP
  33 cd $APP-$VERSION || exit 1 # Change to the application source directory
  34 # Change ownership and permissions if necessary
  35 # This may not be needed in some source tarballs, but it never hurts
  36 chown -R root:root .
  37 chmod -R u+w,go+r-w,a-s .
  38 
  39 ### Configure and Compile Sources
  40 # To check configure available options run ./configure --help                                                                               
  41 # Set configure options                                                                                                                     
  42 # If your app is written in C++, you'll also need to add a line for CXXFLAGS                                                                
  43 CFLAGS="$SLKCFLAGS" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --build=$ARCH-slackware-linux --host=$ARCH-slackware-linux
  44 
  45 # compile the source, but exit if anything goes wrong
  46 make depend || exit #openldap requires make depend
  47 make || exit
  48  
  49 # Install everything into the package directory, but exit if anything goes wrong
  50 make install DESTDIR=$PKG || exit
  51 
  52 ### Install Documentation
  53 # Create a directory for documentation
  54 mkdir -p $PKG/usr/doc/$APP-$VERSION
  55 # Copy documentation to the docs directory and fix permissions
  56 # inside the source folder there are the files CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT
  57 cp -a CHANGES LICENSE INSTALL README ANNOUNCEMENT COPYRIGHT $PKG/usr/doc/$APP-$VERSION
  58 find $PKG/usr/doc/$APP-$VERSION -type f -exec chmod 644 {} \;
  59 
  60 ### Final Touches
  61 # Create the ./install directory and copy the slack-desc into it
  62 mkdir -p $PKG/install
  63 cat $CWD/slack-desc > $PKG/install/slack-desc
  64 # Add doinst.sh to package (if it exists)
  65 if [ -e $CWD/doinst.sh.gz ]; then
  66   zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
  67 fi
  68 # Strip some libraries and binaries
  69 ( cd $PKG
  70    find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
  71    find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
  72 )
  73 # Compress man pages if they exist
  74 if [ -d $PKG/usr/man ]; then
  75   ( cd $PKG/usr/man
  76   find . -type f -exec gzip -9 {} \;
  77   for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
  78   ) 
  79 fi
  80 # Compress info pages if they exist (and remove the dir file)
  81 if [ -d $PKG/usr/info ]; then
  82   gzip -9 $PKG/usr/info/*.info
  83   rm -f $PKG/usr/info/dir
  84 fi
  85 
  86 ### Build the Package
  87 cd $PKG
  88 /sbin/makepkg -l y -c n $TMP/$APP-$PKG_VERSION-$ARCH-$BUILD.tgz

Contents of slack-desc

# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description.  Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in.  You must
# make exactly 11 lines for the formatting to be correct.  It's also
# customary to leave one space after the ':'.

       |-----handy-ruler------------------------------------------------------|
openldap: OpenLDAP 
openldap:
openldap: Open source implementation of the Lightweight Directory Access 
openldap: Protocol.
openldap:
openldap: The suite includes: 
openldap:  slapd - stand-alone LDAP daemon (server) 
openldap:  libraries implementing the LDAP protocol, and utilities, tools, 
openldap:  and sample clients. 
openldap:
openldap: Homepage: http://www.openldap.org/

Configuration

cd /etc/openldap
cp slapd.conf slapd.conf.orig
vi /etc/openldap/slapd.conf
/usr/libexec/slapd -Tt # Test config file
cp /var/openldap-data/DB_CONFIG.example /var/openldap-data/DB_CONFIG
/usr/libexec/slapd #run slapd
ldapsearch -x -b -s base '(objectclass=*)' namingContexts # test slapd
vi organization.ldif #create LDIF for organization
vi manager.ldif #create LDIF for Manager
vi groups.ldif
vi users.ldif

Add LDIF to LDAP:

ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f organization.ldif
ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f manager.ldif
ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f groups.ldif
ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f users.ldif

Queries:

ldapsearch -x -b 'cn=Jane Doe,ou=Operations,dc=example,dc=net' '(objectclass=*)'
ldapsearch -x -b 'dc=example,dc=net' '(objectclass=*)'

Contents of /etc/openldap/slapd.conf:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema

database bdb
suffix  "dc=example,dc=net"
rootdn  "cn=Manager,dc=example,dc=net"
rootpw secret
directory /var/openldap-data

Contents of organization.ldif:
dn: dc=example,dc=net objectclass: dcObject objectclass: organization o: AcmeCorp dc: example
Contents of manager.ldif:
dn: cn=Manager,dc=example,dc=net objectclass: organizationalRole cn: Manager
Contents of groups.ldif:
dn: ou=Developers,dc=example,dc=net objectclass: organizationalUnit ou: Developers dn: ou=Operations,dc=example,dc=net objectclass: organizationalUnit ou: Operations
Contents of users.ldif:
dn: cn=John Doe,ou=Developers,dc=example,dc=net objectclass: inetOrgPerson cn: John Doe cn: J. Doe sn: Doe uid: john.doe userpassword: pass123456 mail: john.doe@example.net description: The Doe ou: Developers dn: cn=Jane Doe,ou=Operations,dc=example,dc=net objectclass: inetOrgPerson cn: Jane Doe cn: J. Doe sn: Doe uid: jane.doe userpassword: pass1122 mail: john.doe@example.net description: Ops Jane ou: Operations

Links

http://www.howtoforge.com/install-and-configure-openldap-on-centos-5
http://www.server-world.info/en/note?os=CentOS_6&p=ldap

Securing LDAP connections

https://help.ubuntu.com/community/SecuringOpenLDAPConnections
/etc/ldap.conf, set your client machine to use SSL to connect to LDAP and also allow the self-signed certificate.
URI ldaps://server.mybusiness.com/ TLS_REQCERT allow
openssl s_client -connect server.mybusiness.com:636 -showcerts