LDAP or OpenLDAP Configuration in Debian

What is LDAP?

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

A directory is similar to a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be OK, as long as they get in sync eventually.

There are many different ways to provide a directory service. Different methods allow different kinds of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, how it is protected from unauthorized access, etc. Some directory services are local, providing service to a restricted context (e.g., the finger service on a single machine). Other services are global, providing service to a much broader context.

LDAP Installation in Debian

# apt-get install apt-get install ldap-server ldap-client

Which will install in fact

# apt-get install slapd ldap-utils

If you want to configure LDAP you need to edit /etc/ldap/slapd.conf file

Definition of base LDAP

suffix "dc=ruchi,dc=com"

rootdn "cn=admin,dc=ruchi,dc=com"

rootpw admin

#rootpw {SSHA}yaZf/SRMvP+glo/KI+fG1idsm7FimhuD

Access right management

access to attribute=userPassword
by dn="cn=admin,dc=ruchi,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=ruchi,dc=com" write
by * read

Now you need to restart the LDAP server using the following command

# /etc/init.d/slapd restart

Creating root for base LDAP

dn: dc=ruchi,dc=com
objectClass: dcObject
objectClass: organization
o: ruchi SAS
dc: ruchi

You need to add the below order to the root

ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f AjoutRacine.ldif

Creating a new card

You want to write AjoutRacine.ldif file you need to write the following card

dn: cn=tej baj,dc=ruchi,dc=com
objectClass: inetOrgPerson
cn: tej baj
givenName: tej
sn: baj

You need to add the below order to card

ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f AjoutFiche.ldif

Query LDAP databse

Order to post all the recordings of the base

ldapsearch -x -b "dc=ruchi,dc=com"

Order to seek a part of the recordings

ldapsearch -x -b "dc=ruchi,dc=com" "mail=tej*"

If you want to turn on all recording you need to enter the following order

ldapsearch -x -b "dc=ruchi,dc=com" "objectclass=*"

Modifying existing card

If you want to add telephone number to existing card ModifFiche.ldif

dn: cn=tej baj,dc=ruchi,dc=com
changetype: modify
add: telephonenumber
telephonenumber: 03 80 97 98 99

You need to enter the following order to modify the card

ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f ModifFiche.ldif

Remove an existing card

you need to write the file "SuppFiche.ldif" to remove a card

dn: cn=tej baj,dc=ruchi,dc=com
changetype: delete

You need to enter the following order to modify the card

ldapadd -x -D "cn=admin,dc=ruchi,dc=com" -w admin -f SuppFiche.ldif