I’ve been running openldap and phpldapadmin for a while on a Gentoo host. Recently I began the process of migrating from that host to a Ubuntu host. As it turns out just installing the packages on Ubuntu 9.10 (karmic) doesn’t get you to a fully functional install. Here are the steps I took to openldap and phpldapadmin running.
Setting up LDAP on Ubuntu 9.10 requires some manual effort as described in HowTo: OpenLDAP and Karmic. Here are the setup instructions in cut and paste form:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
The create the db.ldif file:
echo '\\ ########################################################### # DATABASE SETUP ########################################################### # Load modules for database type dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb # Create directory database dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=home,dc=com olcRootDN: cn=admin,dc=home,dc=com olcRootPW: 1234 olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=home,d c=com" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=home,dc=com" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq ########################################################### # DEFAULTS MODIFICATION ########################################################### # Some of the defaults need to be modified in order to allow # remote access to the LDAP config. Otherwise only root # will have administrative access. dn: cn=config changetype: modify delete: olcAuthzRegexp dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {CRYPT}7hzU8RaZxaGi2 dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess' > db.ldif
And insert the file into ldap with: ldapadd -Y EXTERNAL -H ldapi:/// -f /root/db.ldif
Then create the base.ldif,
echo "# Tree root dn: dc=home,dc=com objectClass: dcObject objectclass: organization o: home.com dc: home description: Tree root # LDAP admin dn: cn=admin,dc=home,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin userPassword: 1234 description: LDAP administrator" > base.ldif
Note that you can set the password if you change it from 1234. Then apply the data to ldap with ldapadd -x -D cn=admin,dc=home,dc=com -W -f /tmp/base.ldif
. This will prompt for a password, which will be the one specified above.
Since I’m not a bigfan of crafting a lot LDIF files, I set up phpldapadmin, but just installing it was also not enough since there is a bug in it. So once it was installed I found the Bug 446669 and followed the instructions in Comment 12 and change
protected function draw_dn($dn,$level=0,$first_child=true,$last_child=true) {
to
protected function draw_dn($dn,$level,$first_child=true,$last_child=true) {
Note the difference is only the removal of =0.
Once I had all that done I had fully functional LDAP setup with phpldapadmin.