Some notes on LDAP

I try to stay away from LDAP and directory services in general but today I found my self in need of a LDAP server.

I was experimenting with the idea of authenticating users in LDAP from an application written in Go. I eventually succeded using both the golang-openldap wrapper and the native ldap library.

Since I find my self doing the same research every time I need to test something against an LDAP server I thought I would write down the steps until next time.

Warning! This is not a tutorial or instruction.

Install and configure ldap on Ubuntu:

$ sudo apt-get install slapd ldap-utils
...
$ sudo dpkg-reconfigure slapd

I will use example.net as the domain name in this setup. Organization name doesn't matter but remember the password.

Basic information before creating groups and users. Put the following in a text file called base.ldif:

dn: ou=People,dc=example,dc=net
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=net
ou: Group
objectClass: top
objectClass: organizationalUnit

Then add the objects to the LDAP directory by running:

$ ldapadd -x -D "cn=admin,dc=example,dc=net" -W -f base.ldif

-x for simple authentication, -D is used to supply the DN for binding (we're binding as admin), -W to ask us for password and finally -f to tell what file to read from.

Next step is to add a group for our users. Create a ``group:

Create a group for users, let's call it 'ldapusers'. group.ldif:
dn: cn=ldapusers,ou=Group,dc=example,dc=net
objectClass: posixGroup
objectClass: top
cn: ldapusers
userPassword: {crypt}x
gidNumber: 9000

Same as before to add to ldap but another file name. The gidNumber is important. We'll use it in the next step when adding users to our directory.

Now we define some users in a users.ldif file:

dn: cn=Kung Harald,ou=People,dc=example,dc=net
cn: Kung Harald
givenName: Harald
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: harald
uid: harald
uidNumber: 1000
gidNumber: 9000
homeDirectory: /tmp
loginShell: /bin/bash
mail: harald@example.net

dn: cn=Lille Skutt,ou=People,dc=example,dc=net
cn: Lille Skutt
givenName: Skutt
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: skutt 
uid: skutt
uidNumber: 1001
gidNumber: 9000
homeDirectory: /tmp
loginShell: /bin/bash
mail: skutt@example.net

Use ldapadd once again to add the users to the directory. With this we're done and can begin testing.

To delete a user from the directory we can for example issue a command like:

$ ldapdelete "cn=Kung Harald,dc=example,dc=net" -D "cn=admin,dc=example,dc=net" -W

To check the content in our directory we use ldapsearch, for example:

$ ldapsearch -x -b "dc=example,dc=net"

That's the quick and dirty way to just get something up to be able to test with.

Some useful references:

• How To Install and Configure a Basic LDAP Server on an Ubuntu 12.04 VPS
• LDAP
• Linux LDAP Authentication
• Managing LDAP from the Command Line on Linux
• Modify passwords in an LDIF file using ldapmodify command
• LDAP: How to add a new user to a group inside an OU