sudo apt-get install slapd ldap-utils db4.8-util
Fully Qualified Domain Name (FQDN) is ldap.example.com, the default suffix will be dc=example,dc=com.
Use the script below (i.e. modifying the passwd, dc1, dc2)
!/bin/sh
passwd=samplepassword
dc1=domain
dc2=com
hash_pw=slappasswd -s $passwd
tmpdir=/tmp
--------------------------------------------------------------
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
-----------------------
database.ldif
-----------------------
cat <
Load dynamic backend modules
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb
Create directory database
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=$dc1,dc=$dc2 olcRootDN: cn=admin,dc=$dc1,dc=$dc2 olcRootPW: $hash_pw olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=$dc1,dc=$dc2" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=$dc1,dc=$dc2" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq
Modifications
dn: cn=config changetype: modify
dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcAccess
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: $hash_pw
dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess EOF sudo ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/database.ldif
Mini DIT
cat <
Tree root
dn: dc=$dc1,dc=$dc2 objectClass: dcObject objectclass: organization o: $dc1.$dc2 dc: $dc1 description: Tree root
Populating
dn: cn=admin,dc=$dc1,dc=$dc2 objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin userPassword: $hash_pw description: LDAP administrator
dn: cn=aw,dc=$dc1,dc=$dc2 objectClass: simpleSecurityObject objectClass: organizationalRole cn: aw userPassword: $hash_pw description: LDAP aw
dn: ou=people,dc=$dc1,dc=$dc2 ou: people objectClass: organizationalUnit objectClass: top
dn: ou=groups,dc=$dc1,dc=$dc2 ou: groups objectClass: organizationalUnit objectClass: top
dn: ou=addressbook,dc=$dc1,dc=$dc2 ou: addressbook objectClass: top objectClass: organizationalUnit
Adding user
dn: uid=ldap1,ou=people,dc=$dc1,dc=$dc2 objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: ldap1 sn: Asdasd givenName: ldap1 cn: ldap1 Asdasd displayName: ldap1 asdasd uidNumber: 1002 gidNumber: 1000 userPassword: $hash_pw gecos: ldap1 asdasd loginShell: /bin/bash homeDirectory: /home/ldap1 shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: aw@$dc1.$dc2 postalCode: 31000 l: Mysity o: $dc1 mobile: +33 (0)6 22 22 22 22 22 homePhone: +33 (0)5 33 22 33 22 title: System Administrator postalAddress: initials: LP EOF
sudo ldapadd -x -D cn=admin,dc=$dc1,dc=$dc2 -W -f $tmpdir/dit.ldif
now you can see that the script above worked great
ldapwhoami -h localhost -v -x -D "cn=admin,DC=domain,DC=com" -w PASS
ldapsearch -x -h localhost -b "dc=domain,dc=com" "(objectClass=)" ldapsearch -h 127.0.0.1 -x -D "CN=admin,DC=domain,DC=com" -w PASS -b "dc=domain,dc=com" "objectclass="
slappasswd -s PASSWORD
https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html
vi addentry.ldif
version: 1
ADD a single entry to people level
dn: cn=production_admin,ou=people,dc=domain,dc=net objectclass: inetOrgPerson cn: production_admin sn: production uid: production_admin userpassword: plaintextpassword ou: people
ldapadd -H ldap://127.0.0.1 -x -D "CN=admin,DC=domain,DC=net" -w PASS -f addentry.ldif
vi modifyentry.ldif
version: 1
MODIFY the production_admin entry
dn: cn=production_admin,ou=people,dc=domain,dc=net changetype: modify replace: userpassword userpassword: PASS
ldapadd -H ldap://127.0.0.1 -x -D "CN=admin,DC=domain,DC=net" -w PASS -f modifyentry.ldif
http://islandlinux.org/howto/installing-secure-ldap-openldap-ssl-ubuntu-using-self-signed-certificate