BaroqueW

One week-end, I endeavoured to install LDAP on my server with a hope it would help me keep my contacts synchronized between work and home, computers and phones. I decided to go for the MySQL storage since I already have such a DB running. It wasn’t so easy after all so I kept my life easier and decided to instead improve the way I dealt with my different sources instead of adding a new one. I hope that the notes below will nonetheless be helpful to someone out there!

Requirements

I will be installing phpldapadmin, so we need PHP with PCRE, SESSION, GETTEXT, XML, and LDAP support. SESSION and GETTEXT should be OK, but not the other two. So find your .ebuild and trail to the list of parameters (–with-xsl –with-ssl etc.):

--with-ldap \
--with-pcre-regex \
--with-xml

Update the ebuild’s digest: ebuild whatever.ebuild digest and reinstall: emerge php5 We will also need ODBC connectors, so emerge myodbc. Note that it wanted to install 90 packets on my machine to satisfy the dependencies (not quite sure what audiofile has to do with MySQL connections though…). Some of those packets needed X11, which, well, was not the case here. Solution: I ended up downloading the sources for unixODBC from http://www.unixodbc.org/, untared them, and used ./configure –enable-gui=no to bypass that (for some reason even changing the ebuild for that package did not help). And then run make, sudo make install as usual. Then, you’re left to install myodbc from the sources as well, from the MySQL website (needs registration, though). Note that to install myODBC you will also need the –enable-gui=no flag. Maybe you will hit the following bug:

/usr/include/mysql/my_global.h:318:24: error: asm/atomic.h: No such file or directory

My solution was to comment out the #include in /usr/include/mysql/my_global.h

Installing LDAP

 Easy on gentoo: emerge openldap

Configuring LDAP

A bit more difficult now. First, let’s say we want to configure it all for the domain example.com, that’s what all the tutorials I have found were about and I am sorry to say that making it work for another domain was too hard for me… Let’s also say that it will all reside on the same server: MySQL, LDAP, phpldapadmin.

Configuring MySQL and ODBC

First we need to create a user ldap for MySQL with password ldap and a database called ldap:

mysqladmin -u root -p create ldap

and then in a mysql command-line:

GRANT ALL ON ldap TO ldap@* IDENTIFIED BY 'ldap';

Let’s now create the proper structure in the database. This is done by executing the following scripts in order: testdb_create.sql, testdb_data.sql, backsql_create.sql, and finally testdb_metadata.sql:

mysql -u ldap -p ldap < file.sql

The files are located in openldap-2.4.11/servers/slapd/back-sql/rdbms_depend/mysql/ where openldap-2.4.11 is the folder where you uncompressed openldap’s archive.

Put this in /etc/openldap/ldap.conf:

HOST 127.0.0.1
BASE o=sql,c=RU

And in /etc/openldap/slapd.conf (you need to be root to edit this file):

#######################################################################
# sql database definitions
#######################################################################

 database        sql
 # This following is for the sample database as it installs
 suffix          "o=sql,c=RU"
 rootdn          "cn=root,o=sql,2c=RU"
 rootpw          YourPasswordHere
 dbname          ldap
 dbuser          ldap
 dbpasswd        ldap
 subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"
 insentry_query  "INSERT INTO ldap_entries (dn,oc_map_id,parent,keval) VALUES (?,?,?,?)"

Adding data manually

To add data, in command line, just use ldapadd over a ldif file as follow:

ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif

A ldif file will look like the file below:

dn: cn=max,dc=example,dc=com
cn: max
sn: max
objectclass: top
objectclass: person
userPassword: anotherpassword

Now time to start the beast!

/etc/init.d/slapd restart

Installing phpldapadmin

Since now we have a proper PHP engine with the good modules, it should be easy. Get the latest sources from http://phpldapadmin.sourceforge.net/wiki/index.php/Download and untar them in your webroot folder. Copy conf/config.php.example in conf/config.php and change it if necessary. In our case luckily, it isn’t necessary. Now you should be able to connect and play around in an easier way than from command line!

Using your new LDAP

I will use LDAP with “Address Book” from Apple on MacOSX. Here is how to configure it briefly:

• Open “Address Book”
• Go in “Preferences”, “LDAP”
• Click on the “+” sign
• Enter a “Name” (anything) for your server and its location in the “Server” field (domain name or IP address)
• “Port” is 389
• Let the rest to default to search in all LDAP-domains

Resources

Here are the resources I had to use to put this all together (thanks to everyone who contributed to them):

http://linuxreviews.org/gentoo/ebuilds/

http://phpldapadmin.sourceforge.net/wiki/index.php/PreRequisites

http://www.openldap.org/doc/admin24/quickstart.html

http://www.zytrax.com/books/ldap/ch6/#database

http://www.flatmtn.com/article/setting-ldap-back-sql

http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html

http://www.openldap.org/faq/data/cache/1322.html http://www.openldap.org/faq/data/cache/978.html