The information on this page represents the experience of an NBIA user and is provided as a case study that you may find useful. It not meant to apply to all users.

Install OpenLDAP

1. Install OpenLDAP

   Install OpenLdap

   on Ubuntu.

   
   This is

   Note
   These instructions are based on

   ubuntu

   Ubuntu 18.04.

2. In

   
   To take care of the update/upgrade, open

   a terminal window

   and

   , issue the following commands:

   Code Block
   sudo apt-get update

   
   

   sudo apt-get upgrade

3. In a terminal window, then issue the following command.

   Code Block
   sudo apt install slapd

   Once that finishes, you're ready to install OpenLDAP. For this, go back to the terminal window and issue the command:
   sudo apt install slapd

   ldap-utils

4. After the installation completes, you may want to modify the

   Modify the default Directory Information Tree (DIT) suffix

   . Let's go ahead and do that. We'll change our DIT to dc=smab,dc=org. You can change yours to fit your company network needs. To do this, run the command:
   sudo dpkg-reconfigure

   by changing the DIT to fit your company's network needs. For example,  dc=<org name>, dc=org. To do so, issue the following command.

   Code Block
   sudo dpkg-reconfigure slapd

5. Enter the administrator's password.
6. Now we're going to add

   Add initial data to the LDAP database

   . We'll do this

   from a file and create a single entry.

   From your

   In a terminal window, issue the following command

   :

   .

   Code Block
   vi ldap_data.ldif

   The following information is returned.

   Code Block
   dn: ou=People,dc=

...

1. <org name>,dc=org

...

1. objectClass: organizationalUnit

...

1. ou: People

...

1. dn: ou=Groups,dc=

...

1. <org name>,dc=org

...

1. objectClass: organizationalUnit

...

1. ou: Groups

...

1. dn: cn=DEPARTMENT,ou=Groups,dc=

...

1. <org name>,dc=org

...

1. objectClass: posixGroup

...

1. cn: SUBGROUP

...

1. gidNumber: 5000

...

1. dn: uid=nciadevtest,ou=People,dc=

...

1. <org name>,dc=org

...

1. objectClass: inetOrgPerson

...

1. objectClass: posixAccount

...

1. objectClass: shadowAccount

...

1. uid: nciadevtest

...

1. sn:

...

1. Last name givenName:

...

1. First name cn: nciadevtest

...

1. displayName:

...

1. Name uidNumber: 10000

...

1. gidNumber: 5000

...

1. userPassword:

...

1. password gecos:

...

1. Whole Name loginShell: /bin/bash

...

1. homeDirectory: USERDIRECTORY

   Note
   In this .ldif file, we created

...

1. two organizationalUnit values, People and Groups.

...

1. Add the entities for these OU values. One entity

...

1. must be nciadevtest for

...

1. NBIA. The uid and cn must be this name.

...

1. NBIA

...

1. uses cn to

...

1. as the default authentication

...

1. . Some software applications use uid to

...

1. authenticate.

2. Add the following entities to the LDAP server

...

1. .
   

   Code Block
   ldapadd -x -D cn=admin,dc=smab,dc=org -W -f ldap_data.ldif

...

1. Use this command to search the

...

1. existing records. You can use the network loop IP address to test or use the real IP address.
   

   Code Block
   ldapsearch -x -LLL -h 127.0.0.1 -p 389 -D cn=admin,dc=

...

1. <org name>,dc=org -w

...

1. <password>-b dc=

...

1. <org name>,dc=org 'uid=nciadevtest' cn givenName gidNumber

...

1. Result:

...

1. dn: uid=nciadevtest,ou=People,dc=

...

1. <org name>,dc=org

...

1. givenName:

...

1. First Name cn: nciadevtest

...

1. gidNumber: 5000

...

1. ldapsearch -x -LLL -h 69.71.4.10 -p 389 -D cn=admin,dc=

...

1. <org name>,dc=org -w

...

1. <password> -b dc=

...

1. <org name>,dc=org 'cn=nciadevtest' uid givenName gidNumber

...

1. Result:

...

1. dn: uid=nciadevtest,ou=People,dc=

...

1. <org name>,dc=org

...

1. uid: nciadevtest

...

1. givenName:

...

1. First Name gidNumber: 5000

...

1. Add the records.

...

1. The LDAP server configuration

...

1. looks similar to the following.

   Code Block
   Title Value

...

1. Base DN

...

1. <org name>,dc=org

...

1. Bind Admin admin,dc=

...

1. <org name>,dc=org

...

1. Bind Password

...

1. <password> User name for NBIA nciadevtest

...

Configuring the LDAP Administrator Client

You can add, modify, or remove records to or from the LDAP server in several ways.

• On a Linux server, use phpldapadmin to maintain the LDAP server. Refer to the following links to install phpldapadmin. (Note that phpldapadmin is not updated. There are some errors with php7.0 +).
  • https://www.techrepublic.com/article/how-to-install-phpldapadmin-on-ubuntu-18-04/
  • https://www.techrepublic.com/article/how-to-install-and-configure-ldap-and-phpldapadmin/

...

• Use a Windows LDAP client such as Softerra LDAP Administrator to access the remote LDAP server. 

To
We are using Softerra ldap administrator, which is a very user friendly software to maintain remote LDAP server.How to use Softerra LDAP Administrator1.

1. Create a new profile.

...

1. Add the server host (IP or domain), Base DN, and port.

...

1. Add the bind admin information.

You can use the LDAP client to create/, delete/, and modify the entities with this information. Otherwise, you only have the read permission.

Troubleshooting

...

Note

1. The OpenLdap can be installed on an Ubuntu Server. The phpldapadmin can also can work. The Use ldapsearch also can to search the user information.
But when I tried to use You may find that when you try to use the LDAP client to access this LDAP server. The connection is timeout. There is no any response from , the connection times out with no response from the LDAP server even if I enabled all ports .
I think the reason is the Ubuntu Server is blocked the LDAP be default (Maybe firewall reason). Currently, I haven’t find the way to solve this issue yet.
2. When I installed are enabled. The user did not find any solution for this issue.

When installing OpenLDAP on Ubuntu (Desktop version). All LDAP function works by default. There is no , all LDAP functions worked without any issues. I can use any Any LDAP client tool to can access the remote LDAP server, which is on Ubuntu Desktop.

NBIA LDAP

...

Settings

...

1. In nbia.properties (Tomcat7.0/lib/nbia.properties), ldap.user and ldap.pass must be the administrator information of LDAP server. Modify nbia.properties as follows.

   Code Block
   authentication.type=ldap-auth

...

1. ldap.url=ldap://

...

1. <ip address><port number> ldap.basedn=dc=

...

1. <org name>,dc=org

...

1. ldap.user=CN=admin,dc=

...

1. <org name>,dc=org

...

1. ldap.pass=

...

1. <password> ldap.memberOf.attribute.name=isMemberOf

...

1. ldap.mail.attribute.name=mail

...

1. ldap.group.ignore.list=PwmAdmins,devTeam,nlst,testGroup

...

1. public.collection.access.group.name=General User

...

1. product.variation=NBIA

...

2. Modify jaas.conf (Tomcat7.0/conf/jaas.conf) as follows:
   

   Code Block
   NCIA

...

1. {

...

1. gov.nih.nci.security.authentication.loginmodules.LDAPLoginModule Required

...

1. ldapHost="ldap://

...

1. <ip address><port number>" ldapSearchableBase="dc=

...

1. <org name>,dc=org"

...

1. ldapUserIdLabel="cn"

...

1. ldapAdminUserName="CN=admin,dc=

...

1. <org name>,dc=org"

...

1. ldapAdminPassword=

...

1. <password>;

...

1. };

...

1. 
   The jaas.conf is generated during

...

1. NBIA installation. The default ldapUserIdLabel is

...

1. cn, which means the LDAP server will search

...

1. the cn value, then compare it to the login username. If the user name

...

1. exists in the LDAP server, the LDAP server will

...

1. authenticate this user.
   
   Some LDAP

...

1. servers may use

...

1. another field to store the login username

...

1. , such as uid. In this case, change the username value to uid. For example, ldapUserIdLabel="cn"

...

1. Restart Tomcat for the change to take effect.