From MattWiki
(Redirected from Ldap)
Jump to navigation Jump to search

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol, and is used to quick data access across a network.

Installing a New LDAP Server

Installing Required Packages for LDAP

yum -y install openldap openldap-servers openldap-clients cyrus-sasl-ldap 

Configuring LDAP Server

Start out by creating a file named 01-buildldap.dir, and add:

dn: dc=mattrude,dc=com
objectClass: top
objectClass: dcObject
objectClass: organizationalUnit
dc: mattrude
ou: Top Level Domain

objectClass: organizationalUnit
description: example domain

Now to create a OU to put lets say an address book under, create a new file named 02-buildldap.dir, and add:

dn: ou=addressbook,,dc=mattrude,dc=com
objectClass: organizationalUnit
ou: addressbook
description: Example Domains Addressbook

Now to add the entrys to the databases

ldapadd -D 'dc=mattrude, dc=com' -f 01-buildldap.ldif -W
ldapadd -D 'dc=mattrude, dc=com' -f 02-buildldap.ldif -W

And test to make sure you added what you thout

ldapsearch -x -b 'dc=mattrude, dc=com' 'objectclass=*'

Starting / Running LDAP Server

Accessing the LDAP Server

Using Your LDAP Server

LDAP with command line

Log in as root, and print all records in the database

ldapsearch -x -h localhost "objectClass=*"

LDAP with Horde

LDAP with RoundCube

In the config/ file, you need to modify the following lines.

 $rcmail_config['ldap_public']['NetworkAddressBook'] = array(
  'name'          => 'Network Address Book',
  'hosts'         => array('localhost'),
  'port'          => 389,
  'use_tls'        => false,
  'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
  // %fu - The full username provided, assumes the username is an email
  //       address, uses the username_domain value if not an email address.
  // %u  - The username prior to the '@'.
  // %d  - The domain name after the '@'.
  'base_dn'       => 'ou=addressbook,dc=mattrude,dc=com',
  'bind_dn'       => 'cn=Manager,dc=mattrude,dc=com',
  'bind_pass'     => 'secret',
  'writable'      => true,   // Indicates if we can write to the LDAP directory or not.
  // If writable is true then these fields need to be populated:
  // LDAP_Object_Classes, required_fields, LDAP_rdn
  'LDAP_Object_Classes' => array("top", "inetOrgPerson"), // To create a new contact these are the object classes to specify (or any other classes you wish to use).
  'required_fields'     => array("cn", "sn", "mail"),     // The required fields needed to build a new contact as required by the object classes (can include additional fields not required by the object classes).
  'LDAP_rdn'      => 'mail', // The RDN field that is used for new entries, this field needs to be one of the search_fields, the base of base_dn is appended to the RDN to insert into the LDAP directory.
  'ldap_version'  => 3,       // using LDAPv3
  'search_fields' => array('mail', 'cn'),  // fields to search in
  'name_field'    => 'cn',    // this field represents the contact's name
  'email_field'   => 'mail',  // this field represents the contact's e-mail
  'surname_field' => 'sn',    // this field represents the contact's last name
  'firstname_field' => 'gn',  // this field represents the contact's first name
  'sort'          => 'cn',    // The field to sort the listing by.
  'scope'         => 'sub',   // search mode: sub|base|list
  'filter'        => ,      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
  'global_search' => true,    // perform a global search for address auto-completion on compose
  'fuzzy_search'  => true);   // server allows wildcard search

Or you can try the revised version.

$rcmail_config['ldap_public']['LOGH'] = array(
  'name'          => 'Company Name Here',
  'hosts'         => array('IP.OF.AD_LDAP.SERVER'),
  'port'          => 3268, // This port seems to work better
  'base_dn'       => 'DC=internal,DC=domain,DC=com',
  'bind_dn'       => 'CN=ldap-user,CN=Users,DC=internal,DC=domain,DC=com', // Create a account for querying the ldap
  'bind_pass'     => 'ldap-user-pass', // use the non-priv accounts password
  'search_fields' => array('mail', 'cn'),
  'name_field'    => 'cn',    // this field represents the contact's name
  'firstname_field' => 'givenName', // this field represents the contact's first name
  'surname_field' => 'sn',    // this field represents the contact's last name
  'email_field'   => 'mail',  // this field represents the contact's e-mail
  'scope'         => 'sub',   // search mode: sub|base|list
  'filter'        => ,  // all mail, except the exchange hidden 
  'fuzzy_search'  => TRUE);   // server allows wildcard search

LDAP with Outlook

LDAP with Thunderbird