API tools faq
paste
rodrigosantosbr

OpenLDAP tutorial

rodrigosantosbr
Jul 13th, 2019
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Markdown 3.88 KB | None | 0 0
raw download clone embed print report

Turnkey Virtual Machine Example

http://turnkey.c3sl.ufpr.br/turnkeylinux/images/vmdk/turnkey-openldap-15.1-stretch-amd64-vmdk.zip

Virtual Machine Info

Base DN: dn: dc=example,dc=com
organization name : o : example.com
Base DN for admin: cn=admin,dc=example,dc=com

dumping the contents of SLAPD configuration database.

$ slapcat

listing all base dn:

$ ldapsearch -x -LLL -b dc=example,dc=com dn

Allowing LDAP port on UFW to external connection

ufw allow ldap
ufw reload

Testing LDAP connection

$ ldapwhoami -H ldap:// -x

Creating a Base DN for Users and Groups

$ nano example_groups.ldif
dn: ou=person_group_1,dc=example,dc=com
objectClass: organizationalUnit
ou: person_group_1

dn: ou=person_group_2,dc=example,dc=com
objectClass: organizationalUnit
ou: person_group_2

To add this entry, run the command below.
When prompted for LDAP password, enter the LDAP admin password set during installation.

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f example_groups.ldif

Adding LDAP User Accounts

generate the password using the slappasswd command.

$ slappasswd

Outputs:

{SSHA}LFt+tC8hnj/dPdr8/yQe3jyU0pJdx5Ar

Create new user ldif file 

$ nano example_user.ldif
dn: uid=amibey,ou=person_group_1,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: amibey
cn: amibey
givenName: Amos
sn: Mibey
userPassword: {SSHA}LFt+tC8hnj/dPdr8/yQe3jyU0pJdx5Ar
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/amibey
shadowMax: 60
shadowMin: 1
shadowWarning: 7
shadowInactive: 7
shadowLastChange: 0

dn: cn=amibey,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: amibey
gidNumber: 0
memberUid: amibey

This will create a user whose username is amibey.

Run the command below to add the user above.

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f example_user.ldif

Listing all the users under the base (dc=example,dc=com)

$ ldapsearch -x -LLL -b "dc=example,dc=com"

printing all the LDAP user information

$ ldapsearch -x -LLL -b dc=example,dc=com '(objectclass=*)'

deleting LDAP user/group

$ ldapdelete -x -W -D "cn=admin,dc=example,dc=com" "uid=amibey,ou=person_group_1,dc=example,dc=com"
$ ldapdelete -x -W -D "cn=admin,dc=example,dc=com" "cn=amibey,ou=groups,dc=example,dc=com"

reseting the user password

ldappasswd -H ldap://192.168.0.6 -x -D "cn=admin,dc=example,dc=com" -W -S "uid=amibey,ou=person_group_1,dc=example,dc=com"

verifying the user password

$ ldapwhoami -vvv -h 192.168.0.6 -D "uid=amibey,ou=person_group_1,dc=example,dc=com" -x -W

If password ok:

Result: Success (0)

If password is not ok:

ldap_bind: Invalid credentials (49)

searching

$ ldapsearch -x -h "ldap://192.168.0.6" -p 636 -D "CN=admin,DC=example,DC=com" -w 'password' -b "DC=example,DC=com" -s sub "cn=amibey"

Displaying Subsets of Attributes on search

$ ldapsearch -x -h "ldap://192.168.0.6" -p 636 -D "CN=admin,DC=example,DC=com" -w 'password' -b "DC=example,DC=com" -s sub "cn=amibey" sn cn givenName
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!