This blog entry shows you how to install and configure LDAP server/client through webmin.
OS: Ubuntu 12.04
Install webmin:
# Download webmin package for debian # wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb # Install dependent libs and packages: # apt-get install libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl apt-show-versions # Install webmin # dpkg -i webmin_1.690_all.deb Selecting previously unselected package webmin. (Reading database ... 65600 files and directories currently installed.) Unpacking webmin (from webmin_1.690_all.deb) ... Setting up webmin (1.690) ... Webmin install complete. You can now login to https://youserver.com:10000/ as root with your root password, or as any user who can use sudo to run commands as root. Processing triggers for ureadahead ...
Check webmin is installed successfully by going to https://youserver.com:10000/
Install LDAP server:
Log into webmin with https://yourserver:10000/, go to "Un-used Modules -> LDAP Server"
Go to "OpenLDAP Server Configuration", and update the password with "New administration password"
- Set passwd to "password"
- Set Root DN to "dc=yourserver,dc=com"
- Set Admin login DN to "dc=yourserver,dc=com"
Go back and click on "Create Tree", create new DN as below:
- For Unix user:
- Distinguished name: dc=Users,dc=yourserver
- Create example object under new DN? Unix user
- For Unix group:
- Distinguished name: dc=Groups,dc=yourserver
- Create example object under new DN? Unix group
Install nss-pam-ldapd:
Execute following commands on both machines as LDAP SSO client:
# aptitude -y install libnet-ldap-perl libpam-ldapd libnss-ldapd ldap-utils nscd nslcd
Also disable nscd or else may generate unexpected result during LDAP lookup debug:
# update-rc.d-insserv -f nscd remove # /etc/init.d/nscd stop
Reconfigure all above packages as below:
- dpkg-reconfigure libpam-ldapd
- PAM profiles to enable: Unix authentication, LDAP Authentication
- dpkg-reconfigure libnss-ldapd
- Name services to configure: group, passwd, shadow
- dpkg-reconfigure nslcd
- LDAP server URI: ldap://dev6c1/
- LDAP server search base: dc=localdomain
- LDAP authentication to use: none
- Use StartTLS? No
Install LDAP client:
Go to “Un-used Modules” -> “LDAP Client”, click “Install LDAP client package through webmin”:
Installing package(s) with command apt-get -y --force-yes -f install libnss-ldap libpam-ldap .. Reading package lists... Building dependency tree... Reading state information... The following extra packages will be installed: auth-client-config ldap-auth-client ldap-auth-config Suggested packages: libpam-cracklib The following packages will be REMOVED: libnss-ldapd libpam-ldapd The following NEW packages will be installed: auth-client-config ldap-auth-client ldap-auth-config libnss-ldap libpam-ldap 0 upgraded, 5 newly installed, 2 to remove and 48 not upgraded. Need to get 138 kB of archives. After this operation, 311 kB of additional disk space will be used. Get:1 http://108.59.10.97/ubuntu/ precise/main auth-client-config all 0.9ubuntu1 [15.4 kB] Get:2 http://108.59.10.97/ubuntu/ precise/main libpam-ldap amd64 184-8.5ubuntu2 [46.0 kB] Get:3 http://108.59.10.97/ubuntu/ precise/main libnss-ldap amd64 264-2.2ubuntu2 [64.3 kB] Get:4 http://108.59.10.97/ubuntu/ precise/main ldap-auth-client all 0.5.3 [2760 B] Get:5 http://108.59.10.97/ubuntu/ precise/main ldap-auth-config all 0.5.3 [9434 B] Preconfiguring packages ... Fetched 138 kB in 0s (1108 kB/s) (Reading database ... 90800 files and directories currently installed.) Removing libnss-ldapd ... WARNING: LDAP is still configured in /etc/nsswitch.conf Removing libpam-ldapd ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Processing triggers for man-db ... Selecting previously unselected package auth-client-config. (Reading database ... 90786 files and directories currently installed.) Unpacking auth-client-config (from .../auth-client-config_0.9ubuntu1_all.deb) ... Selecting previously unselected package libpam-ldap. Unpacking libpam-ldap (from .../libpam-ldap_184-8.5ubuntu2_amd64.deb) ... Selecting previously unselected package libnss-ldap. Unpacking libnss-ldap (from .../libnss-ldap_264-2.2ubuntu2_amd64.deb) ... Selecting previously unselected package ldap-auth-client. Unpacking ldap-auth-client (from .../ldap-auth-client_0.5.3_all.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Setting up auth-client-config (0.9ubuntu1) ... Selecting previously unselected package ldap-auth-config. (Reading database ... 90867 files and directories currently installed.) Unpacking ldap-auth-config (from .../ldap-auth-config_0.5.3_all.deb) ... Setting up ldap-auth-client (0.5.3) ... Setting up ldap-auth-config (0.5.3) ... Setting up libnss-ldap (264-2.2ubuntu2) ... update-rc.d: warning: libnss-ldap start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none) Setting up libpam-ldap (184-8.5ubuntu2) ... .. install complete.
Go to “LDAP Server Configuration”, configure server as follows:
Create OU for users and Groups:
Create a base.ldif file as follows:
dn: ou=People,dc=yourserver,dc=com ou: People objectClass: top objectClass: organizationalUnit description: Parent object of all UNIX accounts dn: ou=Groups,dc=yourserver,dc=com ou: Groups objectClass: top objectClass: organizationalUnit description: Parent object of all UNIX groups
then run the following command to add:
# ldapadd -x -h localhost -W -D "cn=Manager,dc=yourserver,dc=com" -f ./base.ldif -cNow you should be able to add users and Groups into LDAP through webmin:
Go to “LDAP users and groups”
Create User as the following pic:
You can also verify LDAP connection through "LDAP Client":
3 comments:
Where to create base.ldif?
Where should i put my base.ldif?
Doesn't matter where you put it, as long as you specify the path in ldapadd commend. For exmaple:
# ldapadd -x -h localhost -W -D "cn=Manager,dc=yourserver,dc=com" -f /home/myhome/base.ldif -c
Post a Comment