Page History
...
Install OpenLdap on Ubuntu.
Note These instructions are based on Ubuntu 18.04.
In a terminal window, issue the following commands:
Code Block sudo apt-get update sudo apt-get upgrade
In a terminal window, then issue the following command.
Code Block sudo apt install slapd ldap-utils
Modify the default Directory Information Tree (DIT) suffix by changing the DIT to fit your company's network needs. For example,Â
dc=smab<org name>, dc=org
. To do so, issue the following command.Code Block sudo dpkg-reconfigure slapd
- Enter the administrator's password.
Add initial data to the LDAP database from a file and create a single entry. In a terminal window, issue the following command.
Code Block vi ldap_data.ldif dn: ou=People,dc=smab<org name>,dc=org objectClass: organizationalUnit ou: People dn: ou=Groups,dc=smab<org name>,dc=org objectClass: organizationalUnit ou: Groups dn: cn=DEPARTMENT,ou=Groups,dc=smab<org name>,dc=org objectClass: posixGroup cn: SUBGROUP gidNumber: 5000 dn: uid=nciadevtest,ou=People,dc=smab<org name>,dc=org objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: nciadevtest sn: Last name givenName: First name cn: nciadevtest displayName: Name uidNumber: 10000 gidNumber: 5000 userPassword: password gecos: Whole Name loginShell: /bin/bash homeDirectory: USERDIRECTORY
Note In this .ldif file, we created two organizationalUnit values, People and Groups.
Add the entities for these OU values. One entity must be nciadevtest for NBIA. The uid and cn must be this name. NBIA uses cn to as the default authentication. Some software applications use uid to authenticate.
Add the following entities to the LDAP server.
Code Block ldapadd -x -D cn=admin,dc=smab,dc=org -W -f ldap_data.ldif
Use this command to search the existing records. You can use the network loop IP address to test or use the real IP address.
Code Block ldapsearch -x -LLL -h 127.0.0.1 -p 389 -D cn=admin,dc=smab<org name>,dc=org -w smab123456 <password>-b dc=smab<org name>,dc=org 'uid=nciadevtest' cn givenName gidNumber Result: dn: uid=nciadevtest,ou=People,dc=smab<org name>,dc=org givenName: First Name cn: nciadevtest gidNumber: 5000 ldapsearch -x -LLL -h 69.71.4.10 -p 389 -D cn=admin,dc=smab<org name>,dc=org -w smab123456<password> -b dc=smab<org name>,dc=org 'cn=nciadevtest' uid givenName gidNumber Result: dn: uid=nciadevtest,ou=People,dc=smab<org name>,dc=org uid: nciadevtest givenName: First Name gidNumber: 5000
Add the records. The LDAP server configuration looks similar to the following.
Code Block Title Value Base DN <org smabname>,dc=org Bind Admin admin,dc=smab<org name>,dc=org Bind Password Smab123456<password> User name for NBIA nciadevtest
...
Code Block |
---|
authentication.type=ldap-auth ldap.url=ldap://192.168.56.101:389<ip address><port number> ldap.basedn=dc=smab<org name>,dc=org ldap.user=CN=admin,dc=smab<org name>,dc=org ldap.pass=smab123456<password> ldap.memberOf.attribute.name=isMemberOf ldap.mail.attribute.name=mail ldap.group.ignore.list=PwmAdmins,devTeam,nlst,testGroup public.collection.access.group.name=General User product.variation=NBIA ldap.user and ldap.pass must be the administrator information of LDAP server. 3. In jaas.conf (Tomcat7.0/conf/jaas.conf) NCIA { gov.nih.nci.security.authentication.loginmodules.LDAPLoginModule Required ldapHost="ldap://192.168.56.101:389<ip address><port number>" ldapSearchableBase="dc=smab<org name>,dc=org" ldapUserIdLabel="cn" ldapAdminUserName="CN=admin,dc=smab<org name>,dc=org" ldapAdminPassword="smab123456<password>"; }; |
The jaas.conf is generated during NBIA installation. The default ldapUserIdLabel is cn, which means the LDAP server will search the cn value, then compare it to the login username. If the user name exists in the LDAP server, the LDAP server will authenticate this user.
...