rilpoint_mw113

LDAP - Domain Server

 
Line 1: Line 1:
-
""==LDAP Installation and Configuration On BOSS==""
+
==Introduction==
-
"Table of Contents"
 
-
"I    Introduction 3"
 
-
"II  Directory structure 4"
 
-
"III  LDAP Server Configuration 5"
 
-
"1. Installing the LDAP server Packages 6"
 
-
"2. Add New Directory to the Domain dc=cdacchennai,dc=in 10"
 
-
"3. Adding existing local users to LDAP Directory 10"
 
-
"4. Adding existing local groups to LDAP Directory 12"
 
-
"5. Deleting user or group in LDAP Directory 13"
 
-
"IV  LDAP Client in BOSS Client machine 14"
 
-
"1.  Configuring LDAP Client 14"
 
-
"2.  Login into the Client Machine 18"
 
 +
BOSS Server contains the LDAP Server for Configuring the Linux Based Domain systems.
 +
The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services(database) over an Internet Protocol (IP) network.  LDAP is a lightweight protocol for accessing X.500 directory services through the TCP/IP protocol stack. LDAP port number is 389.
 +
The main advantages of the LDAP server are
 +
→ It simplifies user administration tasks by managing users in a central directory.
 +
→ It is a client – server technology. (LDAP Linux client for only authentication)
 +
→ A directory service is a network  accessible database.
 +
      → NFS integrated with the LDAP server for centralized storage on Linux based systems
 +
→ Samba integrated with the LDAP server for centralized storage on Linux and windows based system
 +
→ Postfix Mail server integrated with the LDAP server for centralized user authentication and a shared address directory for mail agents.
 +
→ Apache web server integrated with the LDAP server for centralized user authentication
 +
[[File:LDAP1.jpg]]
-
 
+
==Directory structure==
-
 
+
-
 
+
-
 
+
-
LDAP Installation and Configuration On BOSS
+
-
 
+
-
I    Introduction
+
-
BOSS Server contains the LDAP Server for Configuring the Linux Based Domain systems.
+
-
The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services(database) over an Internet Protocol (IP) network.  LDAP is a lightweight protocol for accessing X.500 directory services through the TCP/IP protocol stack. LDAP port number is 389.
+
-
 
+
-
The main advantages of the LDAP server are
+
-
→ It simplifies user administration tasks by managing users in a central directory.
+
-
→ It is a client – server technology. (LDAP Linux client for only authentication)
+
-
→ A "directory" service is a network  accessible database.
+
-
      → NFS integrated with the LDAP server for centralized storage on Linux based systems
+
-
→ Samba integrated with the LDAP server for centralized storage on Linux and windows based system
+
-
→ Postfix Mail server integrated with the LDAP server for centralized user authentication and a shared address directory for mail agents.
+
-
→ Apache web server integrated with the LDAP server for centralized user authentication
+
-
 
+
-
II  Directory structure
+
An LDAP database stores information on objects in a hierarchical manner. Objects have attributes that contain the information that is stored about the object. Objects also have classes that define which attributes must and may be stored on the object. Objects in an LDAP database are distinguished by their Distinguished Name (DN) which indicates their place in the hierarchical tree.  
An LDAP database stores information on objects in a hierarchical manner. Objects have attributes that contain the information that is stored about the object. Objects also have classes that define which attributes must and may be stored on the object. Objects in an LDAP database are distinguished by their Distinguished Name (DN) which indicates their place in the hierarchical tree.  
The protocol accesses LDAP directories are based on X.500 model
The protocol accesses LDAP directories are based on X.500 model
Line 72: Line 52:
"dn" is the distinguished name of the entry; it's neither an attribute nor a part of the entry. "cn=Ravi Shankar" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address and "sn" for surname. A server holds a subtree starting from a specific entry, e.g. "dc=example,dc=com" and its children.  
"dn" is the distinguished name of the entry; it's neither an attribute nor a part of the entry. "cn=Ravi Shankar" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address and "sn" for surname. A server holds a subtree starting from a specific entry, e.g. "dc=example,dc=com" and its children.  
-
III  LDAP Server Configuration
+
==LDAP Server Configuration==
The below detail shows the configuration details of the LDAP server
The below detail shows the configuration details of the LDAP server
Line 85: Line 65:
# ping ldapserver.cdacchennai.in
# ping ldapserver.cdacchennai.in
-
 
+
[[File:LDAP2.jpg]]
The following configuration setting shows the LDAP server authentication with the BOSS client  system.  
The following configuration setting shows the LDAP server authentication with the BOSS client  system.  
-
 
+
==1. Installing the LDAP server Packages==
-
 
+
-
 
+
-
 
+
-
 
+
-
 
+
-
 
+
-
 
+
-
 
+
-
 
+
-
 
+
-
1. Installing the LDAP server Packages
+
Below are the steps to setup a LDAP Server on BOSS Server.
Below are the steps to setup a LDAP Server on BOSS Server.
Line 210: Line 179:
-
2. Add New Directory to the Domain dc=cdacchennai,dc=in
+
==Add New Directory to the Domain dc=cdacchennai,dc=in==
Create the file base.ldif
Create the file base.ldif
Line 370: Line 339:
-
5. Deleting user or group in LDAP Directory
+
==Deleting user or group in LDAP Directory==
ldapdelete -x -W -D 'cn=admin,dc=cdacchennai,dc=in'  "uid=user1, ou=people, dc=cdacchennai,dc=in"
ldapdelete -x -W -D 'cn=admin,dc=cdacchennai,dc=in'  "uid=user1, ou=people, dc=cdacchennai,dc=in"
Line 388: Line 357:
-
IV  LDAP Client in BOSS Client machine
+
==IV  LDAP Client in BOSS Client machine==
Test the LDAP server
Test the LDAP server
Line 408: Line 377:
-
1.  Configuring LDAP Client
+
==Configuring LDAP Client==
Install the following packages
Install the following packages
Line 485: Line 454:
shutdown -r now
shutdown -r now
-
2.  Login into the Client Machine
+
==Login into the Client Machine==
Now login as a LDAP user which is available in the LDAP server in the login screen of the client machine.  
Now login as a LDAP user which is available in the LDAP server in the login screen of the client machine.  

Current revision as of 07:17, 2 February 2012