Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
Turnkey Virtual Machine Example
http://turnkey.c3sl.ufpr.br/turnkeylinux/images/vmdk/turnkey-openldap-15.1-stretch-amd64-vmdk.zip
Virtual Machine Info
Base DN: dn: dc=example,dc=com
organization name : o : example.com
Base DN for admin: cn=admin,dc=example,dc=com
dumping the contents of SLAPD configuration database.
$ slapcat
listing all base dn:
$ ldapsearch -x -LLL -b dc=example,dc=com dn
Allowing LDAP port on UFW to external connection
ufw allow ldap
ufw reload
Testing LDAP connection
$ ldapwhoami -H ldap:// -x
Creating a Base DN for Users and Groups
$ nano example_groups.ldif
dn: ou=person_group_1,dc=example,dc=com
objectClass: organizationalUnit
ou: person_group_1
dn: ou=person_group_2,dc=example,dc=com
objectClass: organizationalUnit
ou: person_group_2
To add this entry, run the command below.
When prompted for LDAP password, enter the LDAP admin password set during installation.
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f example_groups.ldif
Adding LDAP User Accounts
generate the password using the slappasswd command.
$ slappasswd
Outputs:
{SSHA}LFt+tC8hnj/dPdr8/yQe3jyU0pJdx5Ar
Create new user ldif file
$ nano example_user.ldif
dn: uid=amibey,ou=person_group_1,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: amibey
cn: amibey
givenName: Amos
sn: Mibey
userPassword: {SSHA}LFt+tC8hnj/dPdr8/yQe3jyU0pJdx5Ar
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/amibey
shadowMax: 60
shadowMin: 1
shadowWarning: 7
shadowInactive: 7
shadowLastChange: 0
dn: cn=amibey,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: amibey
gidNumber: 0
memberUid: amibey
This will create a user whose username is amibey.
Run the command below to add the user above.
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f example_user.ldif
Listing all the users under the base (dc=example,dc=com)
$ ldapsearch -x -LLL -b "dc=example,dc=com"
printing all the LDAP user information
$ ldapsearch -x -LLL -b dc=example,dc=com '(objectclass=*)'
deleting LDAP user/group
$ ldapdelete -x -W -D "cn=admin,dc=example,dc=com" "uid=amibey,ou=person_group_1,dc=example,dc=com"
$ ldapdelete -x -W -D "cn=admin,dc=example,dc=com" "cn=amibey,ou=groups,dc=example,dc=com"
reseting the user password
ldappasswd -H ldap://192.168.0.6 -x -D "cn=admin,dc=example,dc=com" -W -S "uid=amibey,ou=person_group_1,dc=example,dc=com"
verifying the user password
$ ldapwhoami -vvv -h 192.168.0.6 -D "uid=amibey,ou=person_group_1,dc=example,dc=com" -x -W
If password ok:
Result: Success (0)
If password is not ok:
ldap_bind: Invalid credentials (49)
searching
$ ldapsearch -x -h "ldap://192.168.0.6" -p 636 -D "CN=admin,DC=example,DC=com" -w 'password' -b "DC=example,DC=com" -s sub "cn=amibey"
Displaying Subsets of Attributes on search
$ ldapsearch -x -h "ldap://192.168.0.6" -p 636 -D "CN=admin,DC=example,DC=com" -w 'password' -b "DC=example,DC=com" -s sub "cn=amibey" sn cn givenName
Add Comment
Please, Sign In to add comment