OpenLDAP

From Secure Computing Wiki
Revision as of 11:54, 17 January 2008 by Ecrist (Talk | contribs) (configuration)

Jump to: navigation, search

So, at work, we've finally got enough systems and users that we're seriously considering an OpenLDAP server for authentication, as well as for our customer/client contact lists, etc. I've never before successfully rolled out an LDAP system, and I've for certain never rolled one out that does authentication for any systems.

Hopefully, this, when finished, will lay out the entire process of installed OpenLDAP Server 2.4.6 on a FreeBSD 6.2 system. Being that FreeBSD 6.3 and 7.0 are due out in short order, I should be able to update this page and make note of any differences you may come across.

Please note, while I'm working through this, this page is a work-in-progress. That means there may be some funny looking edits, and I use these pages as scratch paper of sorts during my installation, to make certain all of the necessary notes get made.

System Overview

Our installation of OpenLDAP is being done within a jail on a FreeBSD 6.2 system:

FreeBSD local.host 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007     
root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP  i386

This is a dual PIII 1.333GHz with 1GB of RAM.

Installation

  • Install OpenLDAP port (net/openldap23-server)
  • Install Apache22 port (www/apache22)
  • Install PHP5 (lang/php5)
    • Install PHP5-Extensions (lang/php5-extensions)
      • enable LDAP, PCRE, SESSION
  • Install phpLDAPAdmin (www/phpldapadmin)

Configuration

Now that we have all the ports installed, we need to configure slapd. Edit /etc/rc.conf and add the following line:

slapd_enable="YES"
apache22_enable="YES"

Also, edit /usr/local/etc/apache22/httpd.conf and add the following lines:

Around line 107 add:

AddType application/x-httpd-php .php .inc
AddType application/x-httpd-php-source .phps

Around line 183 add:

Alias /phpldapadmin "/usr/local/www/phpldapadmin/htdocs"

<Directory "/usr/local/www/phpldapadmin/htdocs">
        Options Indexes
        AllowOverride none
        
        Order allow,deny
        Allow from all
</Directory>

Around line 228, edit to read:

    DirectoryIncex index.html index.php