getting openldap and phpldapadmin running on ubuntu karmic

I've been running openldap and phpldapadmin for a while on a Gentoo host. Recently I began the process of migrating from that host to a Ubuntu host. As it turns out just installing the packages on Ubuntu 9.10 (karmic) doesn't get you to a fully functional install. Here are the steps I took to openldap and phpldapadmin running.

Setting up LDAP on Ubuntu 9.10 requires some manual effort as described in HowTo: OpenLDAP and Karmic. Here are the setup instructions in cut and paste form:


ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

The create the db.ldif file:

echo '\
###########################################################
# DATABASE SETUP
###########################################################
# Load modules for database type
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=home,dc=com
olcRootDN: cn=admin,dc=home,dc=com
olcRootPW: 1234
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=home,d
 c=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=home,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
###########################################################
# DEFAULTS MODIFICATION
###########################################################
# Some of the defaults need to be modified in order to allow
# remote access to the LDAP config. Otherwise only root
# will have administrative access.
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {CRYPT}7hzU8RaZxaGi2
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess' > db.ldif

And insert the file into ldap with: ldapadd -Y EXTERNAL -H ldapi:/// -f /root/db.ldif

Then create the base.ldif,

echo "# Tree root
dn: dc=home,dc=com
objectClass: dcObject
objectclass: organization
o: home.com
dc: home
description: Tree root
# LDAP admin
dn: cn=admin,dc=home,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: 1234
description: LDAP administrator" > base.ldif

Note that you can set the password if you change it from 1234. Then apply the data to ldap with ldapadd -x -D cn=admin,dc=home,dc=com -W -f /tmp/base.ldif. This will prompt for a password, which will be the one specified above.

Since I'm not a big fan of crafting a lot LDIF files, I set up phpldapadmin, but just installing it was also not enough since there is a bug in it. So once it was installed I found the Bug 446669 and followed the instructions in Comment 12 and change

protected function draw_dn($dn,$level=0,$first_child=true,$last_child=true) {

to

protected function draw_dn($dn,$level,$first_child=true,$last_child=true) {

Note the difference is only the removal of =0.

Once I had all that done I had fully functional LDAP setup with phpldapadmin.