Difference between revisions of "OpenLDAP"

From Secure Computing Wiki
Jump to: navigation, search
(configuration)
Line 4: Line 4:
  
 
'''Please note, while I'm working through this, this page is a work-in-progress.  That means there may be some funny looking edits, and I use these pages as scratch paper of sorts during my installation, to make certain ''all'' of the necessary notes get made.'''
 
'''Please note, while I'm working through this, this page is a work-in-progress.  That means there may be some funny looking edits, and I use these pages as scratch paper of sorts during my installation, to make certain ''all'' of the necessary notes get made.'''
 +
 +
[[User:Ecrist|Ecrist]] 12:56, 4 February 2008 (CST): With a few weeks since my initial post here, I'm going to finally finish this document.  There have been quite a few things to work through and I've finally got a broader picture of what's going on.
  
 
== System Overview ==
 
== System Overview ==
Our installation of OpenLDAP is being done within a jail on a FreeBSD 6.2 system:
+
As we're big fans of [[ezjail]], we're going to install an LDAP system with one master server, and one slave. All of our email clients will be pointed to the slave for read operations, with that server redirecting any writes to the master server. While OpenLDAP 2.4.x* is available, all of my testing has been done with OpenLDAP 2.3.40, so that's what this document will use.
<pre>FreeBSD local.host 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007   
+
root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP  i386</pre>
+
  
This is a dual PIII 1.333GHz with 1GB of RAM.
+
''*: 2.4.x supports a new master-master setup that we're not going to cover here. The multi-master configuration is still considered fairly experimental.''
  
 
== Installation ==
 
== Installation ==
 +
In our setup, we're going to have two OpenLDAP servers (one master, one slave).  In addition, we're going to install phpldapadmin on our Master server to help us get a better view of our directory structure.
 +
 
* Install OpenLDAP port (net/openldap23-server)
 
* Install OpenLDAP port (net/openldap23-server)
 
* Install Apache22 port (www/apache22)
 
* Install Apache22 port (www/apache22)

Revision as of 13:56, 4 February 2008

So, at work, we've finally got enough systems and users that we're seriously considering an OpenLDAP server for authentication, as well as for our customer/client contact lists, etc. I've never before successfully rolled out an LDAP system, and I've for certain never rolled one out that does authentication for any systems.

Hopefully, this, when finished, will lay out the entire process of installed OpenLDAP Server 2.4.6 on a FreeBSD 6.2 system. Being that FreeBSD 6.3 and 7.0 are due out in short order, I should be able to update this page and make note of any differences you may come across.

Please note, while I'm working through this, this page is a work-in-progress. That means there may be some funny looking edits, and I use these pages as scratch paper of sorts during my installation, to make certain all of the necessary notes get made.

Ecrist 12:56, 4 February 2008 (CST): With a few weeks since my initial post here, I'm going to finally finish this document. There have been quite a few things to work through and I've finally got a broader picture of what's going on.

System Overview

As we're big fans of ezjail, we're going to install an LDAP system with one master server, and one slave. All of our email clients will be pointed to the slave for read operations, with that server redirecting any writes to the master server. While OpenLDAP 2.4.x* is available, all of my testing has been done with OpenLDAP 2.3.40, so that's what this document will use.

*: 2.4.x supports a new master-master setup that we're not going to cover here. The multi-master configuration is still considered fairly experimental.

Installation

In our setup, we're going to have two OpenLDAP servers (one master, one slave). In addition, we're going to install phpldapadmin on our Master server to help us get a better view of our directory structure.

  • Install OpenLDAP port (net/openldap23-server)
  • Install Apache22 port (www/apache22)
  • Install PHP5 (lang/php5)
    • Install PHP5-Extensions (lang/php5-extensions)
      • enable LDAP, PCRE, SESSION
  • Install phpLDAPAdmin (www/phpldapadmin)

Configuration

Now that we have all the ports installed, we need to configure slapd. Edit /etc/rc.conf and add the following line:

slapd_enable="YES"
apache22_enable="YES"

Also, edit /usr/local/etc/apache22/httpd.conf and add the following lines:

Around line 107 add:

AddType application/x-httpd-php .php .inc
AddType application/x-httpd-php-source .phps

Around line 183 add:

Alias /phpldapadmin "/usr/local/www/phpldapadmin/htdocs"

<Directory "/usr/local/www/phpldapadmin/htdocs">
        Options Indexes
        AllowOverride none
        
        Order allow,deny
        Allow from all
</Directory>

Around line 228, edit to read:

    DirectoryIncex index.html index.php