OK. You should have a working server at this point with absolutely no
data. We need to create data so that we can load it into the server
then use commands like ldapsearch to retrieve it.
Here is some basic data to get us going:
## store this in a file called initial.ldif
## Build the root node
dn: dc=aklug,dc=org
dc: aklug
objectClass: dcObject
objectClass: organizationalUnit
ou: aklug dot org
## Build the people ou
dn: ou=people,dc=aklug,dc=org
ou: people
objectClass: organizationalUnit
## Build the group ou
dn: ou=group,dc=aklug,dc=org
ou: group
objectClass: organizationalUnit
The purpose of this initial set of data is pretty straight forward, we
want to create "buckets" to hold our data. Those things stored in the
people OU (Organizational Unit) and those things stored in the group
OU. Both of those are stored under the root object that is named
dc=aklug,dc=org. Now using the data above we create the "buckets" by
using ldapadd to load the data into the directory. Also, because we
are going to use aklug.org as our "domain" there are a few changes that
need to be made to the slapd.conf
The only changes I had to make to the CentOS box are to these lines:
suffix "dc=aklug,dc=org"
rootdn "cn=Manager,dc=aklug,dc=org"
rootpw secret
I also had to restart the server. This is required so that we can load
the data into the database with the following command:
ldapadd -x -W -f ldif/aklug.ldif -D cn=Manager,dc=aklug,dc=org
and if you type the password 'secret' you should see:
Enter LDAP Password: adding new entry "dc=aklug,dc=org"
adding new entry "ou=people,dc=aklug,dc=org"
adding new entry "ou=group,dc=aklug,dc=org"
If you get the error below:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Then most likely your ldap server isn't started.
Although the ldapadd man page tells you what all the different switches
do, the basic idea is that, using simple authentication, prompt for the
password and bind to the LDAP server (authenticate) using the
Distinguished Name cn=Manager, dc=aklug,dc=org loading the data from a
file named aklug.ldif in the ldif subdirectory. You should be able to
execute this command:
ldapsearch -b dc=aklug,dc=org -x
and see this:
# extended LDIF
#
# LDAPv3
# base <dc=aklug,dc=org> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# aklug.org
dn: dc=aklug,dc=org
dc: aklug
objectClass: dcObject
objectClass: organizationalUnit
ou: aklug dot org
# people, aklug.org
dn: ou=people,dc=aklug,dc=org
ou: people
objectClass: organizationalUnit
# group, aklug.org
dn: ou=group,dc=aklug,dc=org
ou: group
objectClass: organizationalUnit
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
We now have a skeleton set of "buckets" that can hold the real data
(phone numbers, etc). Before we add this data though, we are going to
need to talk about the schema. Next time.
If anyone has questiosn or problems getting this working, please feel
free to contact me directly or send mail to the list.
Mike B.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Sep 9 22:23:52 2007
This archive was generated by hypermail 2.1.8 : Sun Sep 09 2007 - 22:23:52 AKDT