LDAP

Use ApacheDS server for the LDAP server. Designing an LDAP application. Install the LDAP Server. Install the LDAP client Browser. The default Bind DN uid=admin,ou=system and password secret Edit the password if needed. Create the Root Suffix or the new Partion. Objects A directory service is an extension of a naming service. In a directory service, an object is also associated with a name. However, each object is allowed to have attributes. You can look up an object by its name; but you can also obtain the object's attributes or search for the object based on its attributes. The object classes for all objects in the directory form a class hierarchy. The classes "top" and "alias" are at the root of the hierarchy. For example, the "organizationalPerson" object class is a subclass of the "Person" object class, which in turn is a subclass of "top". When creating a new LDAP entry, you must always specify all of the object classes to which the new entry belongs. Because many directories do not support object class subclassing, you also should always include all of the superclasses of the entry. For example, for an "organizationalPerson" object, you should list in its object classes the "organizationalPerson", "person", and "top" classes. Add the Attributes. An attribute of a directory object is a property of the object. For example, a person can have the following attributes: last name, first name, user name, email address, telephone number, and so on. A printer can have attributes like resolution, color, and speed. An attribute has an identifier which is a unique name in that object. Each attribute can have one or more values. For instance, a person object can have an attribute called LastName. LastName is the identifier of an attribute. An attribute value is the content of the attribute. For example, the LastName attribute can have a value like "Martin". Define the Tree. Write the Search and browse application. Reference http://java.sun.com/products/jndi/tutorial/ldap/schema/object.html First Steps in LDAP I want to have a simple addressbook with telephonenumbers and email-addresses to be reached from every mail-client I use. The addressbook shall be built and modified automatically from a database which is the main datasource. * Structure * Preparing LDAP-server * Creating Organization Units * Create people in ou=people,dc=zirndorf,dc=de * Commands to delete and modify records * Query the LDAP-database from your mailprogram, how to configure Structure Data must be structured for LDAP. Our internet-domain is zirndorf.de, so I use that. Under that there is a unit in which all the people are. simple_structure.gif Preparing LDAP-server I use Debian-Linux for the LDAP-server and install this packages:slapd, ldap-utils. Take care that these files get installed in /etc/ldap/schema/: * core.schema * cosine.schema * inetorgperson.schema * nis.schema Now I have to modify the file /etc/ldap/sladp.conf: # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema ... # The base of your directory suffix "dc=zirndorf,dc=de" rootdn "cn=admin,dc=zirndorf,dc=de" # this really means, that the password is "secret" rootpw secret # you can create a crypted password like this: slappasswd -u # and get the crypted version on your terminal: # rootpw {SSHA}8e8vfyo0KSWoLbyPVIPaG+MqH6h51Vst The server should listen only to a special IP-address (slapd is running under vserver-Linux) so I have to start the server like this in the start scripts: /usr/sbin/slapd -h ldap://10.1.1.138:389/ Starting LDAP (and checking bind with "netstat -ln" if you like). Creating Organization Units Create a file ou_people.ldif like this: # file ou_people.ldif dn: ou=people,dc=zirndorf,dc=de ou: people objectClass: top objectClass: organizationalUnit and import it into the database # ldapadd -a -x \ -D "cn=admin,dc=zirndorf,dc=de" -w secret \ -h ldap.zdf \ -f /tmp/ou_people.ldif Did the import work? You can dump your whole LDAP-server with this command to check it: # ldapsearch -x -b 'dc=zirndorf,dc=de' 'objectclass=*' -h ldap.zdf ... dn: ou=people,dc=zirndorf,dc=de ou: people objectClass: top objectClass: organizationalUnit ... If you have more units like this create more line in ou_people.ldif, some copy the lines I gave you. Create people in ou=people,dc=zirndorf,dc=de First create a very simple file to import into LDAP. I did this with Perl from a centralized database where I have all the informations collected: # the unique name in the directory dn: cn=Roland Wende, ou=people, dc=zirndorf, dc=de ou: people # which schemas to use objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson # the data itself, name-data cn: Roland Wende gn: Roland sn: Wende # other data (could be more, but doesn't have to be more) mail: roland.wende@zirndorf.de telephoneNumber: 9600-190 Now let's create a person with more attributes: # the unique name in the directory dn: cn=Richard Lippmann,ou=people,dc=zirndorf,dc=de # which schema to use objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Richard Lippmann givenName: Richard sn: Lippmann # internet section mail: lippmann@zirndorf.de mail: horshack@lisa.franken.de # address section, private postalAddress: My Way 5 postalCode: 90522 l: Oberasbach # phone section homePhone: 0911 /123 456 789 mobile: 0179 / 123 123 123 Commands to delete and modify records To delete a record this you have to know the dn (unique record-identifier): # ldapdelete -x \ -D "cn=admin,dc=zirndorf,dc=de" -w secret \ -h ldap.zdf \ 'cn=Roland Wende,ou=People,dc=zirndorf,dc=de' Recursively delete: ldapdelete -r ... If you want to modify a record you have to modify it completely. ALL the attributes must be in your ldif-file! # ldapmodify -x \ -D "cn=admin,dc=zirndorf,dc=de" -w secret \ -h ldap.zdf \ -f /tmp/ou_people.ldif Query the LDAP-database from your mailprogram, how to configure You have to know: * your LDAP-server's hostname (ldap.zdf) * your base-DSN (dc=zirndorf,dc=de) * Port (389 for cleartext)