Installation of LDAP server
This page describes the installation of the LDAP server on the development server, bhl-mandible (bhl-mandible.nhm.ac.uk,
157.140.72.32).
sudo apt-get install slapd ldap-utils
LDAP is now available with three directories for production, test and integration)
dc=bhl,dc=nhm,dc=ac,dc=uk (production)
dc=bhl-int,dc=nhm,dc=ac,dc=uk (integration)
dc=bhl-test,dc=nhm,dc=ac,dc=uk (test)
the three root accounts needed to connect and amend these directories are
cn=bhletech,dc=bhl,dc=nhm,dc=ac,dc=uk
cn=bhletech,dc=bhl-int,dc=nhm,dc=ac,dc=uk
cn=bhletech,dc=bhl-test,dc=nhm,dc=ac,dc=uk
all with the standard bhletech password
each directory has the following OU structure
dn: ou=content providers,dc=bhl,dc=nhm,dc=ac,dc=uk
description: holding ou for content provider groups
dn: ou=users,dc=bhl,dc=nhm,dc=ac,dc=uk
description: holding ou for users
a set of default accounts is added, one for each content provider , with a group for each content provider holding that user as a member, plus one group called all content providers holding them all:
(see ~bhladmin/dev/openldap/bhl/CP.ldif for the ugly but full version!)
There's a test provider in each of the three directories, 'test' with the password 'testme'
cn=test,ou=users,dc=bhl,dc=nhm,dc=ac,dc=uk
cn=test,ou=users,dc=bhl-int,dc=nhm,dc=ac,dc=uk
cn=test,ou=users,dc=bhl-test,dc=nhm,dc=ac,dc=uk
which you should be able to validate with..
- out of date from here on, needs to be cleaned up! Chris S
Setting up the basic initial directory structure
- create the file:
- Content of the file:
dn: dc=nhm,dc=ac,dc=uk
objectclass: dcObject
objectclass: organization
o: BHL-Europe
dc: nhm
dn: cn=bhletech,dc=nhm,dc=ac,dc=uk
objectclass: organizationalRole
cn: bhletech
dn: ou=content providers,dc=nhm,dc=ac,dc=uk
objectclass: organizationalunit
ou: content providers
description: holding ou for content provider groups
dn: ou=users,dc=nhm,dc=ac,dc=uk
objectclass: organizationalunit
ou: users
Stopping the LDAP-Server:
/etc/init.d/slapd stop
LDAPadd command:
ldapadd -x -D "cn=bhletech,dc=nhm,dc=ac,dc=uk" -W -f bhl-initial.ldif
Start the LDAP-Server:
/etc/init.d/slapd start
Initial Content Provider setup:
- Create file with: vi bhl-CP.ldif
Structure of the file:
- sample user (one CP)
dn: cn=at-landoe,ou=users,dc=nhm,dc=ac,dc=uk
objectclass: inetorgperson
cn: at-landoe
sn: LANDOE
userPassword: {CRYPT}***
- group for this provider
dn: cn=at-landoe,ou=content providers,dc=nhm,dc=ac,dc=uk
objectclass: groupofnames
cn: at-landoe
description: LANDOE PROVIDER
member: cn=at-landoe,ou=users,dc=nhm,dc=ac,dc=uk
- group for all providers
dn: cn=all providers,ou=content providers,dc=nhm,dc=ac,dc=uk
objectclass: groupofnames
cn: all providers
description: All Content Providers
member: cn=at-landoe,ou=users,dc=nhm,dc=ac,dc=uk
member: cn=at-nhmw,ou=users,dc=nhm,dc=ac,dc=uk
member: cn=be-nbgb,ou=users,dc=nhm,dc=ac,dc=uk
...etc
Adding:
ldapadd -c -x -D "cn=bhletech,dc=nhm,dc=ac,dc=uk" -W -f bhl-CP.ldif
If needed to reset a User-password:
ldappasswd -x -D
"cn=bhletech,dc=nhm,dc=ac,dc=uk" -W -S "cn=test,ou=users,dc=nhm,dc=ac,dc=uk"
pw: bhluser
LDAPdelete-Command:
- ldapdelete -v -x -D "cn=admin,dc=nhm,dc=ac,dc=uk" -w bhl.ldap "cn=test,ou=users,dc=nhm,dc=ac,dc=uk"
.htaccess-mechanism:
anlegen der location in der apache-config-Datei(eg /etc/apache2/sites-enabled/000-default):
<Location "/mint">
ProxyPass
http://localhost:3000/mint
ProxyPassReverse
http://localhost:3000/mint
AuthName "BHL-Login"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://bhl-mandible.nhm.ac.uk:389/ou=users,dc=nhm,dc=ac,dc=uk?cn
require valid-user
</Location>
