Passei um bocado de tempo resolvendo um bug na instalação do Open Ldap.
A interface de instalação não funciona corretamente.
A solução:
Step 1
Run the following command to add all the LDAP schemas in the slapd package to your cn=config (by default only core is added):
Code:ls /etc/ldap/schema/*.ldif | xargs -I {} sudo ldapadd -Y EXTERNAL -H ldapi:/// -f {}Step 2
Create a file called db.ldif with the following contents. This will setup a database for a domain dc=home,dc=local (aka home.local). Also, only the cn=admin,dc=hoome,dc=local can manage this database (pass:admin).
Code:# Load modules for database typedn: cn=module,cn=configobjectclass: olcModuleListcn: moduleolcModuleLoad: back_bdb.la# Create directory databasedn: olcDatabase=bdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcBdbConfigolcDatabase: bdb# Domain name (e.g. home.local)olcSuffix: dc=home,dc=local# Location on system where database is storedolcDbDirectory: /var/lib/ldap# Manager of the databaseolcRootDN: cn=admin,dc=home,dc=localolcRootPW: admin# Indices in database to speed up searchesolcDbIndex: uid pres,eqolcDbIndex: cn,sn,mail pres,eq,approx,subolcDbIndex: objectClass eq# Allow users to change their own password# Allow anonymous to authenciate against the password# Allow admin to change anyone's passwordolcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=admin,dc=home,dc=local" write by * none# Allow users to change their own record# Allow anyone to read directoryolcAccess: to * by self write by dn.base="cn=admin,dc=home,dc=local" write by * readRun the following command on the file above to add the database to the LDAP server. Note that Karmic uses the EXTERNAL SASL binding to communicate with the LDAP server. There is no admin user or password here:
Code:sudo ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldifStep 3
Create another file for all the people you want to add, we’ll call it people.ldif
Code:# Create top-level object in domaindn: dc=home,dc=localobjectClass: topobjectClass: dcObjectobjectclass: organizationo: home.localdc: homedescription: Home network dn: ou=people,dc=home,dc=localobjectClass: organizationalUnitou: peopledn: ou=groups,dc=home,dc=localobjectClass: organizationalUnitou: groupsdn: uid=john,ou=people,dc=home,dc=localobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountuid: johnsn: DoegivenName: Johncn: John DoedisplayName: John DoeuidNumber: 1000gidNumber: 10000userPassword: passwordgecos: John DoeloginShell: /bin/bashhomeDirectory: /home/johnshadowExpire: -1shadowFlag: 0shadowWarning: 7shadowMin: 8shadowMax: 999999shadowLastChange: 10877mail: [email protected]de: 31000l: Toulouseo: Examplemobile: +33 (0)6 xx xx xx xxhomePhone: +33 (0)5 xx xx xx xxtitle: System AdministratorpostalAddress: initials: JDdn: cn=example,ou=groups,dc=home,dc=localobjectClass: posixGroupcn: examplegidNumber: 10000Since we have created our own access control lists for the dc=home,dc=local database, we must change the binding method (i.e. auth with the admin user and password). Add the data for the directory via the following command:
Code:sudo ldapadd -x -D cn=admin,dc=home,dc=local -w admin -f people.ldifStep 4
From a client, you can now check to see if you can read the database:
Code:ldapsearch -x -H ldap://dustball.home.local -b dc=home,dc=local