| 565 | | 2. Install the server and utilities: |
| 566 | | {{{ |
| 567 | | apt-get install slapd ldap-utils phpldapadmin |
| 568 | | }}} |
| 569 | | |
| 570 | | 3. Modify the /etc/default/slapd file and edit the SLAPD_CONF and SLAPD_PIDFILE values to |
| 571 | | {{{ |
| 572 | | SLAPD_CONF="/etc/ldap/slapd.conf" |
| 573 | | SLAPD_PIDFILE="/var/run/slapd/slapd.pid" |
| 574 | | }}} |
| 575 | | This is our slapd.conf file, please change it according to your organization |
| 576 | | |
| 577 | | {{{ |
| 578 | | allow bind_v2 |
| 579 | | include /etc/ldap/schema/core.schema |
| 580 | | include /etc/ldap/schema/cosine.schema |
| 581 | | include /etc/ldap/schema/nis.schema |
| 582 | | include /etc/ldap/schema/inetorgperson.schema |
| 583 | | include /etc/ldap/schema/ldapns.schema |
| 584 | | include /etc/ldap/schema/openssh-lpk_openldap.schema |
| 585 | | |
| 586 | | oglevel 256 |
| 587 | | modulepath /usr/lib/ldap |
| 588 | | moduleload back_bdb |
| 589 | | |
| 590 | | backend bdb |
| 591 | | database bdb |
| 592 | | index objectclass,entryCSN,entryUUID eq |
| 593 | | suffix "dc=geni,dc=net" |
| 594 | | rootdn "dc=geni,dc=net" |
| 595 | | directory "/var/lib/ldap" |
| 596 | | access to dn.base="" by * read |
| 597 | | access to * by dn.regex="cn=admin,dc=geni,dc=net" write by * read |
| 598 | | access to attrs=userPassword by dn.regex="cn=admin,dc=geni,dc=net" write by anonymous auth by self write by * none |
| 599 | | }}} |
| 600 | | |
| 601 | | 4. You can download openssh-lpk_openldap.schema from http://code.google.com/p/openssh-lpk/downloads/detail?name=openssh-lpk_openldap.schema |
| 602 | | |
| 603 | | 5. Set sizelimit to 10000 by editing slapd.conf file |
| 604 | | {{{ |
| 605 | | sizelimit 10000 |
| 606 | | }}} |
| 607 | | 6. Start the service: |
| 608 | | {{{ |
| 609 | | /etc/init.d/slapd start |
| 610 | | }}} |
| 611 | | |
| 612 | | 7. Without the pid file, the start/stop script fail to start/stop the daemon. This can be resolved by editing the /etc/init.d/slapd file and search for the function start_slapd(). Add this to the last line of that function before it exits: |
| 613 | | |
| 614 | | pidof /usr/sbin/slapd > "$SLAPD_PIDFILE" |
| 615 | | |
| 616 | | 8. Make sure it is running by checking that ldap server is listening on both ports: |
| 617 | | {{{ |
| 618 | | netstat -an | grep 389 |
| 619 | | netstat -an | grep 636 |
| 620 | | }}} |
| 621 | | |
| 622 | | 9. Stop the service: |
| 623 | | {{{ |
| 624 | | /etc/init.d/slapd stop |
| 625 | | }}} |
| 626 | | |
| 627 | | 10. Import initial content (first group and account that will be used as administrators for the login service): This is a brief reasoning behind the entries in the ldif file. Please change the file as per your organizational needs. |
| 628 | | Each organizational unit(ou) has a PI who is the admin for the OU and a group which has all the accounts for the OU. So that is why your first organization and first acount have to conform to such a structure. |
| 629 | | |
| 630 | | OU admin can only manage accounts for that organization. |
| 631 | | Any person that is a member of sysadmin group in LDAP and admin group in login.yaml will be able to use ControlPanel of the ogs_login service to manage ALL accounts. |
| 632 | | |
| 633 | | 11. Run the following commands. |
| 634 | | {{{ |
| 635 | | cp /usr/share/slapd/DB_CONFIG /var/lib/ldap/ |
| 636 | | slapadd -l init.ldif -f /etc/ldap/slapd.conf |
| 637 | | chown openldap:openldap /var/lib/ldap/* |
| 638 | | }}} |
| 639 | | |
| 640 | | 12. Start the service: |
| 641 | | {{{ |
| 642 | | /etc/init.d/slapd start |
| 643 | | }}} |
| | 565 | apt-get install slapd ldap-utils phpldapadmin (if any error is made during the initial installation, LDAP can be reconfigured with: dpkg-reconfigure slapd) |
| | 566 | |
| | 567 | 1.) Omit OpenLDAP server configuration? No |
| | 568 | 2.) DNS domain name: geni.net #The DNS domain name is used to construct the base DN of the LDAP directory. |
| | 569 | 3.) Organization name: GENI |
| | 570 | 4.) Password: Sg10l3P |
| | 571 | 5.) Database backend to use: HDB |
| | 572 | 6.) Do you want the database to be removed when slapd is purged? : Yes |
| | 573 | 7.) Move old database? Yes |
| | 574 | 8.) Allow LDAPv2 protocol? No |
| | 575 | |
| | 576 | edit /etc/ldap.conf |
| | 577 | 1.) check that you have a proper URI (round line 30): |
| | 578 | uri ldap://console.geni.net/ |
| | 579 | 2.) uncommend line for host attribute: |
| | 580 | pam_check_host_attr yes |
| | 581 | |
| | 582 | Add these two schemas to your ldap by copying to schema directory (/etc/ldap/slapd.d/cn=config/cn=schema) |
| | 583 | cd /etc/ldap/slapd.d/cn\=config/cn\=schema |
| | 584 | wget http://wimax.orbit-lab.org/mmm/cn={4}openssh-lpk-opnldap.ldif |
| | 585 | wget http://www.orbit-lab.org/mmm/cn={5}ldapns.ldif |
| | 586 | |
| | 587 | import initial group and user |
| | 588 | cd /etc/ldap |
| | 589 | wget http://www.orbit-lab.org/mmm/cn={5}ldapns.ldif |
| | 590 | ldapadd -vvv -x -D cn=admin,dc=geni,dc=net -H ldap:/// -W -f init.ldif |
| | 591 | |
| | 592 | Fix the configuration for LDAP for phpldapadmin: |
| | 593 | edit /etc/phpldapadmin/config.php and change dc=example,dc=com to dc=geni,dc=net |
| | 594 | |
| | 595 | $servers->setValue('server','base',array('dc=geni,dc=net')); |
| | 596 | $servers->setValue('login','bind_id','cn=admin,dc=geni,dc=net'); |
| | 597 | |
| | 598 | Set password for group admin user (add attribute -> Password -> set password -> update object) |
| | 599 | |
