 installation and client installation. So, what is the use of LDAP server? Basically, it is you want some information which should be used by all the computers which are present on LAN. So, that information is stored on your server and clients are going to use that information. So, long form of LDAP is lightweight directory access protocol. There are a set of objects, each are having attributes and these objects are arranged in hierarchy and logically they are arranged. We can take an example of telephone directory, it is arranged by the name of people and organization is alphabetical and every telephone directory has address in it and a telephone number in it. So, your whole name, address and telephone number is going to act as an object and inside that you have attributes like name, address and number. So, clients can be of different type that they want to use LDAP server for system authentication or some information related to squid or some information related to send mail. So, LDAP server basically uses a database and we are going to see how LDAP can be used for system authentication. So, we should start with the actual installation CD desktop. As the directory is not copied in slash extra, the path is going to change now. So, instead of slash extra LDAP installation, we are going to have tilde desktop. So, in your basically handout you can make these changes so that they will be helpful. So, first we will be installing the database which is required for LDAP server. CD your desktop and LDAP installation directory go inside it. LS should show you those star files db 4.3.29.r.gz and open LDAP 2.3.30.tgz. Can everybody check these? So, let us start with the database installation type tar. We are going to untar the database package xbbf. If you are sure that some other instruction will extract that folder, you should do it. Everybody done with extraction? We should now cd db 4.3.29. Now type cd db 4.3.29 and then cd buildunix. Everybody inside the folder buildunix? Now next command. Now this command is I will type first and then explain you dot dot dist configure minus minus prefix equal to slash user local. It should start this process. So, basically this is for configuration dot dot for going out of the directory, then there is disk directory and inside the disk directory there is configuration script for which a path is needed which is slash user slash local. Then we should do make. So, what we use LDAP for is that we have students categorized according to years mtec 1, 2 and then that is post graduate people, undergraduate people and so on, year wise. So, all this information is stored in this LDAP server. I will explain it further. So, usually in our computer there are users and groups and permissions for each, but when there are so many users and so many groups it is not possible and there is LAN. So, some central system has to be there which will store we have NFS. So, permissions are needed for those directories on network and those permissions and user information will be stored in LDAP server. If you are done with make, please type make install. So, you should finally have this installing documentation which is indication that your database is installed properly. Are you done with make install? Now, go out of this 2 directory. So, 2 dot dots we are done with database installation. Now, we are going to untar open LDAP. So, untar the open LDAP, go to open LDAP directory. Now, one thing one a very important thing to be noted that this path you will have to give it correctly. Do not give space that path is not correct in hand out. Just paste this into your terminal. The path you want to see. Yeah, yeah, yeah, wait. Okay, we will move. Now, by typing echo LD library path, dollar LD library path make sure that that path is set to this. Now, make sure that you are in the directory open LDAP 2.3.30. We will move further. In the same manner we did configuration for the database. We are going to do configuration for this. So, type dot configure make note of the change that minus minus prefix is needed slash user slash local minus minus prefix note that make change in your hand out. So, I am starting the configuration now. Yeah, now just type make depend. Yeah, so it is a version mismatch. You gave wrong path. Wrong path for this. That is because of this. If this is set wrong, then ensure that echo. I will show you again. echo dollar echo space dollar LD underscore library underscore path in the same terminal you are in. And you should see this path correctly. Path means this home highlighted and after making sure that this is the path do dot slash configure minus minus prefix equal to slash user USR slash local dot LIBS. The last line of so if your make depend is failing you have wrong you could not configure it. And the reason for wrong configuration is the only reason for this is this path is not correctly specified. Now, we should move after make depend do make followed by make install. So, for people whose make is running this will complete the basic installation of the server, but we need to configure the server according to our needs now. So, there will be some settings which we will be doing to one file. So, actually when you will do it elsewhere you will have to copy these commands down, but for the time being I have created this file and that is there in your folder on the desktop. So, basically we will talk about the theory till then. So, schemas define the attributes. I told you that there are objects in LDAP and objects have attributes and these attributes are defined using schemas and there are some ready made schemas given in LDAP server. So, we need to tell slab d LDAP that please use these schemas. So, in slab d dot config we are going to include these schemas. So, we do not need to actually paste it right now we have the ready file. We have talked about schemas now configuring the next slide. Then there is suffix my domain and com. So, as my domain we are going to use the name anneal right now. So, you can be having anything name of your college IITB whatever that is your my domain and again my domain has to be replaced with whatever name you want to have. So, if my domain is CAC dot IITB dot AC dot N then CAC will be one domain it belongs to IITB, it belongs to AC, it belongs to India it is this that way I will write it down here. If this is my this stands for my college link if I wanted to have then CAC is my department IITB is my institute I do not know what AC stands for and N for India whatever it is yeah whatever it is it can be AC and then India. So, you can have any number of DCs till you reach the end it should be in the sequence it is hierarchy right. Under IITB there are many departments like HSS doubly department. So, CAC will be replaced under AC there will be different organizations like ours is IITB yours is your college's name and so on and then under India there can be whatever academic and I do not know what commercial whatever it is. So, that is domain component go to we can see this picture that you have educational institute as I told that there are users and groups file permission in Linux consists of users and groups. So, you want people and you want group under people there might be different categorization like staff non-faculty staff faculty student and so on under groups there might be faculty post graduate student under graduate student and so on and then under student there are categorizations and then thereafter you will have actual names of your students. So, this is the total hierarchy of your LDAP and the next picture. So, DC example DC com lie at your node then your people and group and under people you can have students groups. So, if you are done with make install successfully the installation of open LDAP is complete now go to. So, you will have to CD to slash user local etcetera open LDAP just CD to it. So, I am just telling as safety measure every time you change any dot com files keep habit that take backup of those files. It is not written here because it is not necessary state, but if you do not take backups and that file gets corrupted copy your slapd dot coms to dot back. Now this. So, you have some backup and now copy the file given by me that we do not have time to actually paste those files. So, rather than pasting them which will make more errors I have ready made file slapd dot coms in your LDAP installation folder. So, first make the backup of the original dot com file and copy that file from LDAP installation folder to here got my point. So, they do not actually need to edit it right now copy the file. So, you should your slapd dot coms should look like something like this everybody got my point that I have given you the file slapd dot coms everybody copied this understood the purpose when you will go back you will have to paste those lines or you can use this file also. But you may need some changes that your domain name is specified by is as Anil you might have something different. So, cat slapd dot coms which will show you the file and there should be something like this. So, all these schemas and changes I have already made. So, we can now start the LDAP server and kill it once again. So, the instructions to start the LDAP server are slash user slash local lib exec slapd this will start your server now. So, for killing it you will have to get its process id for that you will have p s minus e s because slap index if we do it when server is running it may crash your database we want to run slap index next that is going to make some changes to database. So, when server is running you usually should not make any changes to database otherwise it may get corrupted. So, we will again kill it. So, this line you should see after typing p s minus e f grape slapd this number 32501 it will be different on your system you should do kill minus 9 32 whatever that number is that will close the server because while server is running it is not good to make any changes to database it may crash. We slap index is going to add those we changed configuration file with specified slap index you did not get the process. So, you should type p s minus e f grape wait go till this lib lib exe. So, type till this and then after typing l d and tap s l a you should and tap this should be completed by itself there should be this slapd present otherwise your installation is bad because of which server will not start. So, we are moving further just look at this slide. So, we want to create this tree right now that my root is example.com there are people and there are groups and under people there are two students and under group there are two groups. So, database is stored in l d files that is a data interchange format. So, just look at this file these dn we have set in dn and dc we have already set in our configuration file then object class is mentioned in schema then the other object class domain the first entry corresponds to this dc example dc.com then OU people example.com this is one organizational unit then group is other organizational unit we are done till this file hierarchy 1 dot l diff then we want to add one group to it. So, this is the entry for group this is group in my domain group number is specified what kind of object class it is then there is student 1 dot l diff. So, you can create any number of groups like this this is for group 1 by changing cn equal to group 1 you can have group 2 group 3 and so on moving towards student 1 dot l diff cn equal to student 1 specifies the student name you can change it then there are it is under people under my domain under com. So, you are the user id for that student is student 1 then this is entry of type account you are storing information about students account right now. So, users password is student 1 then you id number is 600 g id number is 600. So, home directory slash home slash student 1. So, because we are using it for NFS we have stored relevant components required for NFS if you wants to store information about say send mail whatever parameters are required by send mail you can store in this file ok. There are two ways using which these ld files can be added to database this is one way the easier way is there on next slide slap add we will make sure that it is minus l or I think it is minus l and add. So, these files I have already created for you in your ldap installation directory in a ldap installation directory you should be able to see three files hierarchy dot l diff then group 1 dot l diff and user 1 dot l diff these files contain these things. So, the command to give is slap add just copy these commands from the slides slap add minus i hierarchy dot l diff just make sure that file name is correct in the same manner add the other files. So, if you have successfully able to add these entries in database if you type it again repeat the same command again you should be getting something like this key data pair already exists. So, I had already done this. So, I did slap add minus l hierarchy dot l diff this is these three commands. Now, if you repeat the same command again you should be getting something like last line says key data pair already exists that means that you have there is ldap search command I am not going to take it right now that will ensure that. So, if you search and get whatever you have added that will ensure that you are successful also slap cat should give you the some entries. So, people who are done with slap add can do slap cat to check that some entries appear like this we added indexes in slapd dot conf suffix we and index we added and that has to get created in database for that slap index. So, if slap cat is giving you this we are done with server installation we are moving to client installation. So, what we have done is this tree we added one student and one group group one dot l diff corresponding to this and user one user dot l diff corresponded to this. Now, client installation. So, apt apt gate install lib nss held up type this. So, I am running this instruction everybody got this screen apt gate install lib nss held up now everybody knows IP address of the machine just type it down there say this you can keep as it is version 3 you should say no here. So, we have one server now held up server which is going to have this information about users their passwords groups and permissions and so on. And we have a client on which we want authentication to be done. So, for authentication we need that password from the server. So, to which module are we going to say that use these passwords and so on. So, there is this pluggable authentication module PAM this for any application it can integrate multiple low level authentication schemes. So, whatever may be your application you can configure PAM to do authentication for it. So, right now we have our PC we want to authenticate users for its use. So, we are going to tell PAM that use our held up server to take the username and password. So, just do not use these commands right now this Veeam slash etcetera PAM dot d common account. So, do not do Veeam right now I have created these files already those are there in held up installation. So, just go to slash etcetera PAM dot d you can see common auth, common password, common session and common account. So, just take backup of these files otherwise you would not be able to login to your system again. Once you log out you would not be able to login again. So, make sure that you do this every common every file starting from common and now copy slash home IITB desktop held up installation PAM dot d star. I will show you the command once again go to PAM dot directory and type this command it will star copies all files from the directory PAM dot d to this directory. So, if you have not done it till now it is safe not to do it right now because if you do not revert back those files you would not be able to login again. The next step to do is that there is name service which allows configuration of Unix databases it allows the configuration of Unix databases by different sources like held up etcetera. So, like there is authentication file in Linux and now we want to have the groups user names and so on from held up server. Usually on plain Linux the group and user name and so on are used from the system itself there are different files for that, but now we want to use these sources from held up server. So, we need to tell Linux. So, now we need to change nss which dot conf to tell it that take the passwords and so on from held up you can go to this right name service which. So, this held up keyword you are telling it that all these configuration databases like password group shadow host networks and so on should be taken from the specified locations that take the passwords from Linux files also and also from held up. Then groups also are the groups present on Linux system local system and on the held up server. So, do not make these changes right now even for these changes I have nss which dot com in held up installation direct yeah you can take backup. So, copy nss which dot com to backup file then copy the nss which dot com from this path to here. Now if you try your system would not connect with it we added a user Anil Kumar through user dot held up to this system. So, if you connect properly to your server your client if you type login as Anil Kumar then your system will ask for the password corresponding to for safety now revert back those files in pam dot d and nss which dot com only these two server configurations are fine because you have server and but client for client system is going to authenticate and if your client is not connected to the server how will you authenticate you. So, that may cause some problems if you have done it wrongly. So, that completes.