I’ve been running openldap and phpldapadmin for a while on a Gentoo host. Recently I began the process of migrating from that host to a Ubuntu host. As it turns out just installing the packages on Ubuntu 9.10 (karmic) doesn’t get you to a fully functional install. Here are the steps I took to openldap and phpldapadmin running.
Setting up LDAP on Ubuntu 9.10 requires some manual effort as described in HowTo: OpenLDAP and Karmic. Here are the setup instructions in cut and paste form:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
The create the db.ldif file:
echo '\\
###########################################################
# DATABASE SETUP
###########################################################
# Load modules for database type
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=home,dc=com
olcRootDN: cn=admin,dc=home,dc=com
olcRootPW: 1234
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=home,d
c=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=home,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
###########################################################
# DEFAULTS MODIFICATION
###########################################################
# Some of the defaults need to be modified in order to allow
# remote access to the LDAP config. Otherwise only root
# will have administrative access.
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {CRYPT}7hzU8RaZxaGi2
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess' > db.ldif
And insert the file into ldap with: ldapadd -Y EXTERNAL -H ldapi:/// -f /root/db.ldif
Then create the base.ldif,
echo "# Tree root dn: dc=home,dc=com objectClass: dcObject objectclass: organization o: home.com dc: home description: Tree root # LDAP admin dn: cn=admin,dc=home,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin userPassword: 1234 description: LDAP administrator" > base.ldif
Note that you can set the password if you change it from 1234. Then apply the data to ldap with ldapadd -x -D cn=admin,dc=home,dc=com -W -f /tmp/base.ldif. This will prompt for a password, which will be the one specified above.
Since I’m not a bigfan of crafting a lot LDIF files, I set up phpldapadmin, but just installing it was also not enough since there is a bug in it. So once it was installed I found the Bug 446669 and followed the instructions in Comment 12 and change
protected function draw_dn($dn,$level=0,$first_child=true,$last_child=true) {
to
protected function draw_dn($dn,$level,$first_child=true,$last_child=true) {
Note the difference is only the removal of =0.
Once I had all that done I had fully functional LDAP setup with phpldapadmin.