Configure LDAP Server

Create Ldap Server in Tiguin14.04:

1.Change Host name
  • nano /etc/hostname
server.ldap.com
2. Reboot system
  • Init 6
3. apt-get install slapd ldap-utils
  • Enter administrator password:

4. nano /etc/ldap/ldap.conf
  • Remove hash brefore BASE ans URI line ,and add foillowing
BASE dc=ldap,dc=com
URI ldap://localhost:389

5. dpkg-reconfigure slapd
You will be asked a series of questions about how you'd like to configure the software.
  • Omit OpenLDAP server configuration? No
  • DNS domain name?
    • ldap.com
  • Organization name?
    • ldap.com
  • Administrator password?
    • 123
    • 123
  • Database backend to use? HDB
  • Remove the database when slapd is purged? No
  • Move old database? Yes
  • Allow LDAPv2 protocol? No
6. ldapsearch -x

7. apt-get install phpldapadmin

8. nano /etc/phpldapadmin/config.php

  • line  no. 286 “My Ldap server”     you can add anything here
  • Line no 293      Enter ip address of your machine e.g. 192.168.1.226
  • Line no. 300             dc=ldap,dc=com
  • Line no. 326            dc=ldap
  • Line no. 161 true

9. /etc/init.d/apache2 restart

10. Open browser
-login with password which is given during ldap installation
Click on login -> type password -> login

Click on
dc=ldap,dc-com(1) -> create new entry here -> create organizational unit -> e.g sales -> commit

Click on
ou=sales -> create child entry -> Generic : Posix Group -> e.g. sales-group -> commit

Click on
ou=sales-group -> create child entry -> Generic: User Account ->
Fill the following Text boxes
Common name , GID number, Home Directory, login shell, last name, password
-> ok -> commit

[ NOTE : We can change the path of users home Directory on Client system by just defining it into the Home Directory text Box.]






================= LDAP Commands ======================
- list all the users under some group 

ldapsearch -x -b $dn -s sub "objectclass=posixGroup" | sed -n '/cn: $grp_name/,/dn:/p' | grep "^memberUid:" | awk '{print$2}' 

- List all created Users in LDAP
ldapsearch -x -b dc=ldap,dc=com -s sub "objectclass=posixAccount" | grep -i "^uid: " | awk '{print$2}' 


Modify LDAP group name usig LDIF file : /tmp/.modify.ldif
dn: cn=php,ou=Groups,dc=ldap,dc=com
changetype: modrdn
newrdn: cn=purval
deleteoldrdn: 1


ldapmodify -x -D "cn=admin,dc=ldap,dc=com" -w 123 -f /tmp/.modify

- Search All Users Password history

ldapsearch -LLL -x -h localhost -Z -D cn=admin,dc=ldap,dc=com "(&(objectclass=Person))" pwdHistory -w {password}

dn: cn=purval,ou=Users,dc=ldap,dc=com
pwdHistory: 20170131064459Z#1.3.6.1.4.1.1466.115.121.1.40#6#123456
pwdHistory: 20170131093602Z#1.3.6.1.4.1.1466.115.121.1.40#6#123456
pwdHistory: 20170201053907Z#1.3.6.1.4.1.1466.115.121.1.40#6#123456
pwdHistory: 20170204074307Z#1.3.6.1.4.1.1466.115.121.1.40#6#123456

dn: cn=bhavesh,ou=Users,dc=ldap,dc=com

dn: cn=mehul,ou=Users,dc=ldap,dc=com

dn: cn=lokesh,ou=Users,dc=ldap,dc=com

dn: cn=khushbu,ou=Users,dc=ldap,dc=com

 

- if Print All the password History of purval user then,


ldapsearch -LLL -x -h localhost -Z -D cn=admin,dc=ldap,dc=com "(&(objectclass=Person))" pwdHistory -w 123 | sed -n '/cn=purval/,/dn:/p' 

- Print all Users Password change time
ldapsearch -LLL -x -h localhost -Z -D cn=admin,dc=ldap,dc=com "(&(objectclass=Person))" modifyTimestamp -w {password}  

========Convert LDAP timezone to UTC to IST ==============

- default LDAP server timezone is Asia/Zulu
time is displayed in UTC standard format e.g. 20170206055543Z

- To covert this time format in normal time

echo "20170402125623" | sed -re 's/^([0-9]{8})([0-9]{2})([0-9]{2})([0-9]{2})$/\1\\ \2:\3:\4/' | xargs date -u -d   >/tmp/.date
output is: Mon Feb 6 11:25:43 UTC 2017 

 dateis=`cat /tmp/.date`
(This date format is UTC format, convert it to IST) 

eval "date --date='TZ=\"Asia/Zulu\" $dateis'"
output :Mon Feb 6 11:25:43 IST 2017


 

Comments

Popular posts from this blog

Error while connecting RDP "an authentication error has occurred the token supplied to the function is invalid".

Windows shared network printer issue in ubuntu 18.04

Rename printer from command line in ubuntu.