{"id":607,"date":"2011-07-14T09:02:17","date_gmt":"2011-07-14T09:02:17","guid":{"rendered":"http:\/\/blog.designed79.co.uk\/?p=607"},"modified":"2011-07-14T09:19:42","modified_gmt":"2011-07-14T09:19:42","slug":"ubuntu-11-04-sbs-small-business-server-setup-part-3-%e2%80%93-openldap","status":"publish","type":"post","link":"https:\/\/blog.designed79.co.uk\/?p=607","title":{"rendered":"Ubuntu 11.04 SBS (Small Business Server) Setup: Part 3 \u2013 OpenLDAP"},"content":{"rendered":"

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small\/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network.<\/p>\n

Part 1 –\u00a0DHCP and DNS<\/a><\/p>\n

Part 2 – NTP<\/a><\/p>\n

Part 3 – OpenLDAP<\/a><\/p>\n

Part 4 – Kerberos<\/a><\/p>\n

Part 5 – NFS<\/a><\/p>\n

Part 6 – Account Management<\/a><\/p>\n

Part 7 – Setting Up Clients<\/a><\/p>\n

OpenLDAP is a\u00a0directory service<\/a>. Think of it as a database for storing all your users, their groups and other information. In time you can use it to store much more, but initially we\u2019re going to use it as a centralised authorisation system. Clients will check usernames and permissions against those stored in the directory on the server. Though it is also possible to store passwords in LDAP and use it for authentication, we\u2019ll be using Kerberos for this purpose.<\/p>\n

The first step is to install OpenLDAP along with some utilities for administering it.<\/p>\n

\n
\n
sudo apt-get install slapd ldap-utils<\/pre>\n<\/div>\n<\/div>\n
You will be prompted for an LDAP admin password, once you have set this, much of the manual configuration that had to be done in previous release is handled automatically in 11.04. Ubuntu will configure LDAP using the domain information we supplied in previous steps in this guide. If you do wish to make changes to this though, you can run \u201csudo dpkg-reconfigure slapd\u201d. All that remains to be done is creating a place in the OpenLDAP directory to store our users and our groups.<\/p>\n
This is done by creating a frontend.danbishop.org.ldif file like so:<\/p>\n
\n
\n
dn: ou=Users,dc=danbishop,dc=org\r\nobjectClass: organizationalUnit\r\nou: Users\r\n\r\ndn: ou=Groups,dc=danbishop,dc=org\r\nobjectClass: organizationalUnit\r\nou: Groups<\/pre>\n<\/div>\n<\/div>\n
Please note:<\/strong>\u00a0it is important that you have a new line between \u201cou:Users\u201d and \u201cdn: ou=Groups,dc=danbishop,dc=org\u201d if you\u2019re copying and pasting the above, it will have a space at the beginning of the blank line, you must remove this!<\/p>\n
Now we add the LDIF in the following way, entering your root LDAP password when prompted (the one you set during slapd installation):<\/p>\n
\n
\n
sudo ldapadd -x -D cn=admin,dc=danbishop,dc=org -W -f frontend.danbishop.org.ldif<\/pre>\n<\/div>\n<\/div>\n
LDAP Authentication on the Server<\/h2>\n
LDAP doesn\u2019t actually contain any users or groups yet, but now would be a good time to configure the server to check ldap for login information, so that after we\u2019ve setup Kerberos and created our first users we\u2019re ready to go! This is actually very easy to configure, it simply requires the installation of two packages:<\/p>\n
\n
\n
sudo apt-get install libnss-ldapd libpam-ldapd<\/pre>\n<\/div>\n<\/div>\n
During the configuration section of the installation, you will be asked to confirm your LDAP settings and which services you\u2019d like to enable LDAP for, you should select \u201cgroup\u201d, \u201cpasswd\u201d and \u201cshadow\u201d. The packages will then configure \/etc\/nsswitch.conf, \/etc\/pam.d\/common-auth and \/etc\/nslcd.conf to work automatically.<\/p>\n
References<\/h2>\n
http:\/\/www.opinsys.fi\/en\/setting-up-openldap-on-ubuntu-10-04-lucid-part2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small\/medium business. The server will provide DHCP, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-607","post","type-post","status-publish","format-standard","hentry","category-info-on-tech"],"_links":{"self":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=607"}],"version-history":[{"count":0,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/607\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}