Under Debian, you need to install these following packages :
sudo apt-get install slapd ldap-utils
/etc/ldap/slapd.conf to have these similar configuration :
suffix "dc=example,dc=com" rootdn "dc=example,dc=com" rootpw password index objectClass eq
You can change
dc=example,dc=com as you wish, according to your hostname for example.
The debian installer should have done it for you.
In this example, the directory layout is defined into a ldif file. This file is used in argument of the
Create a file named
directory.ldif like this one:
dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization dc: example o: Society, Inc. dn: ou=people,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: people
Then add the directory layout with:
ldapadd -D 'dc=example,dc=com' -f directory.ldif -W -x
Password asked is the password corresponding to
rootpw in your
Now, you can check if it's has been done:
ldapsearch -b 'dc=example,dc=com' 'objectclass=*' -x
If everything went well, you should see something like that:
search: 2 result: 0 Success
Create a file named
contact.ldif like this one :
dn: cn=John Doe,ou=people,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: John Doe gn: John sn: Doe mail: firstname.lastname@example.org physicalDeliveryOfficeName: Society, Inc. postalAddress: 5, rue de Vaugirard l: Paris ou: people st: Ile de France postalCode: 75000 telephoneNumber: 555-555-5551 facsimileTelephoneNumber: 555-555-5552 mobile: 555-555-5553 homePhone: 555-555-5554
Then add your contacts with:
ldapadd -D 'dc=example,dc=com' -f contact.ldif -W -x
Check if all went well :
ldapsearch -b 'ou=people,dc=example,dc=com' '(objectclass=*)' -x
If you are using a debian woody, you will need to recompile openldap with the TLS support. To make SSL/TLS works, you will need to create certificats and other SSL stuff:
Common Name for your certificate is corresponding to your ldap server domain name or hostname.
This command have create a certificate, you find it in the /demoCA/ directory.
Now, we generate a cert request and private key for the server ::
openssl req -new -nodes -keyout newreq.pem -out newreq.pem /usr/lib/ssl/misc/CA.sh -sign
Then copy this security stuff like that:
cp demoCA/cacert.pem /etc/ssl/certs/ldap.cert mv newcert.pem /etc/ssl/certs/ldap.csr mv newreq.pem /etc/ssl/certs/ldap.key chmod 600 /etc/ssl/certs/ldap.key
Then add to your
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA TLSCertificateFile /etc/ssl/certs/ldap.csr TLSCertificateKeyFile /etc/ssl/certs/ldap.key TLSCACertificateFile /etc/ssl/certs/ldap.cert TLSVerifyClient allow
And this to the
TLS_CACERT /etc/ssl/certs/ldap.cert TLS_REQCERT allow
Then modify the
/etc/init.d/sladp script like this (replace the command by this in the script):
start-stop-daemon --start --quiet [..] --exec /usr/sbin/slapd -- -h "ldap://0.0.0.0 ldaps://0.0.0.0" [..]
In a newer version of the script in Debian Sarge you will have trouble to replace the command as you won't be able to find it. As the newer version is more generic it's enough to put the line:
somewhere at the begining of the script.
And then restart your openldap server:
sudo /etc/init.d/slapd restart
We are going to configure thunderbird 0.6 to access our ldap directory.
You can verify that the connection work, only by writing a new mail and typing, in the
To: Fields, the beginning of the name of one your contact.
Then you should get a list of person corresponding taken from the ldap directory.