Search This Blog

Friday, 4 November 2016

Configure LDAP Server

Create Ldap Server in Tiguin14.04:

1.Change Host name
  • nano /etc/hostname
2. Reboot system
  • Init 6
3. apt-get install slapd ldap-utils
  • Enter administrator password:

4. nano /etc/ldap/ldap.conf
  • Remove hash brefore BASE ans URI line ,and add foillowing
BASE dc=ldap,dc=com
URI ldap://localhost:389

5. dpkg-reconfigure slapd
You will be asked a series of questions about how you'd like to configure the software.
  • Omit OpenLDAP server configuration? No
  • DNS domain name?
  • Organization name?
  • Administrator password?
    • 123
    • 123
  • Database backend to use? HDB
  • Remove the database when slapd is purged? No
  • Move old database? Yes
  • Allow LDAPv2 protocol? No
6. ldapsearch -x

7. apt-get install phpldapadmin

8. nano /etc/phpldapadmin/config.php

  • line  no. 286 “My Ldap server”     you can add anything here
  • Line no 293      Enter ip address of your machine e.g.
  • Line no. 300             dc=ldap,dc=com
  • Line no. 326            dc=ldap
  • Line no. 161 true

9. /etc/init.d/apache2 restart

10. Open browser
-login with password which is given during ldap installation
Click on login -> type password -> login

Click on
dc=ldap,dc-com(1) -> create new entry here -> create organizational unit -> e.g sales -> commit

Click on
ou=sales -> create child entry -> Generic : Posix Group -> e.g. sales-group -> commit

Click on
ou=sales-group -> create child entry -> Generic: User Account ->
Fill the following Text boxes
Common name , GID number, Home Directory, login shell, last name, password
-> ok -> commit

[ NOTE : We can change the path of users home Directory on Client system by just defining it into the Home Directory text Box.]

================= LDAP Commands ======================
- list all the users under some group 

ldapsearch -x -b $dn -s sub "objectclass=posixGroup" | sed -n '/cn: $grp_name/,/dn:/p' | grep "^memberUid:" | awk '{print$2}' 

- List all created Users in LDAP
ldapsearch -x -b dc=ldap,dc=com -s sub "objectclass=posixAccount" | grep -i "^uid: " | awk '{print$2}' 

Modify LDAP group name usig LDIF file : /tmp/.modify.ldif
dn: cn=php,ou=Groups,dc=ldap,dc=com
changetype: modrdn
newrdn: cn=purval
deleteoldrdn: 1

ldapmodify -x -D "cn=admin,dc=ldap,dc=com" -w 123 -f /tmp/.modify

- Search All Users Password history

ldapsearch -LLL -x -h localhost -Z -D cn=admin,dc=ldap,dc=com "(&(objectclass=Person))" pwdHistory -w {password}

dn: cn=purval,ou=Users,dc=ldap,dc=com
pwdHistory: 20170131064459Z#
pwdHistory: 20170131093602Z#
pwdHistory: 20170201053907Z#
pwdHistory: 20170204074307Z#

dn: cn=bhavesh,ou=Users,dc=ldap,dc=com

dn: cn=mehul,ou=Users,dc=ldap,dc=com

dn: cn=lokesh,ou=Users,dc=ldap,dc=com

dn: cn=khushbu,ou=Users,dc=ldap,dc=com


- if Print All the password History of purval user then,

ldapsearch -LLL -x -h localhost -Z -D cn=admin,dc=ldap,dc=com "(&(objectclass=Person))" pwdHistory -w 123 | sed -n '/cn=purval/,/dn:/p' 

- Print all Users Password change time
ldapsearch -LLL -x -h localhost -Z -D cn=admin,dc=ldap,dc=com "(&(objectclass=Person))" modifyTimestamp -w {password}  

========Convert LDAP timezone to UTC to IST ==============

- default LDAP server timezone is Asia/Zulu
time is displayed in UTC standard format e.g. 20170206055543Z

- To covert this time format in normal time

echo "20170402125623" | sed -re 's/^([0-9]{8})([0-9]{2})([0-9]{2})([0-9]{2})$/\1\\ \2:\3:\4/' | xargs date -u -d   >/tmp/.date
output is: Mon Feb 6 11:25:43 UTC 2017 

 dateis=`cat /tmp/.date`
(This date format is UTC format, convert it to IST) 

eval "date --date='TZ=\"Asia/Zulu\" $dateis'"
output :Mon Feb 6 11:25:43 IST 2017


No comments:

Post a Comment

Switch between multiple PHP version in Ubuntu

If you have two php versions (e.g. PHP7.2 and PHP 5.6 ) installed in your ubuntu system. Switch from PHP 5.6 to PHP 7.2 =====> Apac...