NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 1

changes.mady.by.user Klinger, Carolyn (NIH/NCI) [C]

Saved on

compared with

New Version 2

changes.mady.by.user Klinger, Carolyn (NIH/NCI) [C]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  1. Install OpenLdap on Ubuntu.
    This is based on ubuntu 18.04
  2. To take care of the update/upgrade, open a terminal window and issue the commands:
    sudo apt-get update
    sudo apt-get upgrade
  3. Once that finishes, you're ready to install OpenLDAP. For this, go back to the terminal window and issue the command:
    sudo apt install slapd ldap-utils
  4. After the installation completes, you may want to modify the default Directory Information Tree (DIT) suffix. Let's go ahead and do that. We'll change our DIT to dc=smab,dc=org. You can change yours to fit your company network needs. To do this, run the command:
    sudo dpkg-reconfigure slapd
  5. Enter the administrator password.

  6. Now we're going to add initial data to the LDAP database. We'll do this from a file and create a single entry. From your terminal window, issue the command:

    Code Block
    vi ldap_data.ldif

...

  1. 

dn: ou=People,dc=smab,dc=org

...

  1. 
objectClass: organizationalUnit

...

  1. 
ou: People

...

  1. 
dn: ou=Groups,dc=smab,dc=org

...

  1. 
objectClass: organizationalUnit

...

  1. 
ou: Groups

...

  1. 

dn: cn=DEPARTMENT,ou=Groups,dc=smab,dc=org

...

  1. 
objectClass: posixGroup

...

  1. 
cn: SUBGROUP

...

  1. 
gidNumber: 5000

...

  1. 

dn: uid=nciadevtest,ou=People,dc=smab,dc=org

...

  1. 
objectClass: inetOrgPerson

...

  1. 
objectClass: posixAccount

...

  1. 
objectClass: shadowAccount

...

  1. 
uid: nciadevtest

...

  1. 
sn:

...

  1.  Last name
givenName:

...

  1.  First name
cn: nciadevtest

...

  1. 
displayName:

...

  1.  Name
uidNumber: 10000

...

  1. 
gidNumber: 5000

...

  1. 
userPassword:

...

  1.  password
gecos:

...

  1.  Whole Name
loginShell: /bin/bash

...

  1. 
homeDirectory: USERDIRECTORY

    In this .ldif file, we created 2 organizationalUnit . One is People, the other is Groups.
    Also add the entities for these OU. One entity is nciadevtest for the NBIA. The uid and cn must be this name. Because NBIA use cn to do the authentication be default. Some software use uid to do the authentication.


  2. Add the entities to LDAP server:
    ldapadd -x -D cn=admin,dc=smab,dc=org -W -f ldap_data.ldif

  3. After adding these entities, we can use this command to search the exist record. You can use the network loop IP address to test or use the real IP address.

    Code Block
    ldapsearch -x -LLL -h 127.0.0.1 -p 389 -D cn=admin,dc=smab,dc=org -w smab123456 -b dc=smab,dc=org 'uid=nciadevtest' cn givenName gidNumber

...

  1.  
Result:

...

  1. 
dn: uid=nciadevtest,ou=People,dc=smab,dc=org

...

  1. 
givenName: XIAOHUI

...

  1. 
cn: nciadevtest

...

  1. 
gidNumber: 5000

...

  1. 

ldapsearch -x -LLL -h 69.71.4.10 -p 389 -D cn=admin,dc=smab,dc=org -w smab123456 -b dc=smab,dc=org 'cn=nciadevtest' uid givenName gidNumber

...

  1. 
Result:

...

  1. 
dn: uid=nciadevtest,ou=People,dc=smab,dc=org

...

  1. 
uid: nciadevtest

...

  1. 
givenName: XIAOHUI

...

  1. 
gidNumber: 5000

...

  1. Final configuration

...

  1. After we install the openldap and add the records. We got the LDAP server configuration below.

    Code Block
    Title Value

...

  1. 
Base DN smab,dc=org

...

  1. 
Bind Admin admin,dc=smab,dc=org

...

  1. 
Bind Password Smab123456

...

  1. 
User name for NBIA nciadevtest

LDAP administrator client.

  1. To add/modify/remove the records in LDAP server, we can use several tools to do that.

...

  1. On Linux server, we can use phpldapadmin to maintain LDAP server. Here is the instructions.
    Install phpldapadmin
    https://www.techrepublic.com/article/how-to-install-phpldapadmin-on-ubuntu-18-04/
    https://www.techrepublic.com/article/how-to-install-and-configure-ldap-and-phpldapadmin/
    BTW, phpldapadmin is not updated. There are some errors with php7.0 +.

...

  1. You also can use a Windows LDAP client to access the remote LDAP server.
    We are using Softerra ldap administrator, which is a very user friendly software to maintain remote LDAP server.

How to use Softerra LDAP Administrator1.

  1. Create a new profile

...

  1. Add the server host (IP or domain), Base DN and port

...

  1. Add the bind admin information.

You can use LDAP client to create/delete/modify the entities with this information. Otherwise, you only have the read permission.


Troubleshooting:1.

  1. The OpenLdap can be installed on Ubuntu Server. The phpldapadmin also can work. The ldapsearch also can search the user information.
    But when I tried to use LDAP client to access this LDAP server. The connection is timeout. There is no any response from LDAP server even if I enabled all ports.
    I think the reason is the Ubuntu Server is blocked the LDAP be default (Maybe firewall reason). Currently, I haven’t find the way to solve this issue yet.

...

  1. When I installed OpenLDAP on Ubuntu (Desktop version). All LDAP function works by default. There is no any issues. I can use any LDAP client tool to access the remote LDAP server, which is on Ubuntu Desktop.

NBIA LDAP settings.

1. In nbia.properties (Tomcat7.0/lib/nbia.properties)
authentication.type=ldap-auth

...