 Hello everyone, today I will be talking about how to install LDAP setup, so to simplify things I have in just do SU first everyone, everyone will be installing along with me, so it will be a interactive session. So just do SU and type the root password which is root 123 okay, then go to the directory slash extra ldap underscore installation, do ls and open the file called ldap underscore installation dot pdf, you can open it using evince, evince space ldap underscore installation dot pdf press ampersand enter. So this is for your convenience, so you can just follow these slides along with me, so this is the index, first I will give you an introduction for LDAP, then I will go on to how to install LDAP server and then how to install LDAP client okay, I will just start. So open a terminal and to get super user privilege do su, go to this directory called do cd slash extra slash ldap underscore installation, go to this directory. So let me give an introduction of LDAP, so LDAP is used for many applications, so you can use LDAP for configuring send mail, squid, system authentication etc. So for today's demo, I will be talking on how to configure a LDAP server and LDAP client for system authentication okay. So LDAP basically it uses a database in order to authenticate clients, so we all will see how to actually set up a LDAP server first, we will start with the LDAP server installation. So open a terminal, do su to get the root privileges and go to this directory called slash extra slash ldap installation to make things simple, I had kept all the files in this directory. So do ls, so as I said before LDAP makes use of a database, so first we have to set up a database first, so let us see how to do that. So in this directory you will find a file called db 4.3.29.tar.gc, it is a source for installing the database. So just un-tar this file using this command, press this command, use this command and press enter okay, then go to this directory cd db-4.3.29, go to this directory slash bin underscore unix, everyone go to this directory, press enter and execute this following command, dist configure hyphen hyphen prefix equal to user local and press enter okay, everyone has got this message, the command which I use is this, the nest command to be executed is given here, nest you have to execute make, first you have to execute a command called the third command given in this that is local, after that type the command make, make enter, there is a file called make file, so it will have the information of what all files has to be compiled. So what we are doing is we are installing from the source, so you have to compile few files, it will access a file called make file and make file has all the commands required so that it will understand which files has to be compiled and everything, so it will be done automatically okay, once this command has finished execution, nest type make install and press enter, so right now we have finished the installation of the database, we have finished installing database, now let us install the LDAP server, so for that so after that go to this directory cd slash extra, LDAP underscore installation enter and do ls, so you will find a file called open LDAP hyphen 2.3.30.tgz, so untar that using this command, tar minus x vvf open LDAP hyphen 2.3.30.tgz and press enter, you can press tab for command completion and press enter, so we had untar this open LDAP, now we have to install it, so in order to install it, first during the installation of open LDAP, you have to export a path so that the LDAP server will know where to find the library files for the database, as I said before LDAP server uses makes use of a database, so it needs to find the library files of the database, in order to do that type this command, export it is case sensitive, so the capital letters should be typed in capital letters, type this command and press enter, next we have to configure it, so type this command, first you have to go inside this directory, so do cd open LDAP hyphen 2.3.30, press enter, go inside this directory and in order to configure it type this command and press enter, once you have done that you can notice a message which says please run make depend, please run make depend to build the dependences, so enter the command make depend and press enter, just listen this is a double hyphen here, here you have to type hyphen hyphen prefix, so before doing, listen everyone, before doing dot slash configure, before executing this command please execute this command, as it is this one, the one which is present on the screen right now, yeah please do it again and type what is there visible on the screen, then press enter and execute this command again dot slash configure hyphen hyphen prefix equal to slash usr slash local and press enter, I will repeat again, so after you do this execute this command, execute this command, the one which is present on the screen okay, if everyone has done that then next press make, it takes 2 minutes okay, so listen everyone, if everyone have done then we have seen how to setup database and LDAP server, LDAP server and database, so next we need to see how to configure them, so that is what we are going to do now, so once everyone are done with the setup, let us see how to configure this, so the configuration file is present in, you can open the configuration file using this command, open this command, open it using g edit for convenience, if you are comfortable with vim use vim or you can use g edit, open this file you would not be able to see the 3 commands, these 3 lines, and the file which you have opened these 3 lines would not be present, so add these 3 lines, please add these 3 lines, once you add that then scroll down, scroll down up to suffix, scroll down the page until you find the command called suffix, this test suffix, here you will notice some lines dc equal to my hyphen domain, dc equal to com and the other line which says root dn where cn equal to manager, dc equal to my hyphen domain and dc equal to com, so scroll down to that line, so this root dn is like a root login for the LDAPs database and if you scroll down a little bit, here you will notice root pw and the password, this is the root password for the database which is secret, the password is called secret, you can make any changes, so if at all you want to make any changes, you can add any name instead of my domain hyphen domain, you can enter any name of your choice, but so as you can see instead of my hyphen domain you can enter any name of your choice, but for this demo purpose we would not be changing anything, let it remain, do not change anything, as I said before root dn is called, this is the root login for the LDAP database and this is the root password, next come down, do not make any changes, so scroll down to the very end, to the very end, so this line would not be present in the files which you have opened, so add that, add the line index uid eq, once you have done that, press shift colon wq, so that you will save the file and exit, so you have just updated the index, you have made an entry here, so you have updated an index in the slabd.com file, so run the command slabd, slab index in order to regenerate the indexes, now we have configured the LDAP server, so let us see how to build the database, so let us see how to build, insert data into the database with the LDAP server we will be using, so for example let us look at this example, for an educational institute there might be two subdivisions like people, there might be many people which is further classified into student, faculty, staff etc, and the students might be further classified into postgraduate students, undergrads etc, and the students who have joined in 2009 for example might be grouped under PG09 and so on, so just keeping this mind, keeping this in mind, let us enter this information in the database, so for this demo purpose we are going to enter this information which is currently visible in the slide into the database, so there will be a base dn which is called dc equal to my hand domain comma dc equal to com, because we have nothing in the slabd.com file, so we are going to use what is existing in that, we are going to have two subdivisions people and group, and we are going to insert student 1, student 2, and we are going to create two groups, group 1 and group 2, this is a tree representation of the information which we are going to install in the database, so let us see how to do that, so in order to insert any information in the database you have to create LD files first, LD files are nothing but LDAP entries in the text format which is readable by human, so let us see how to do that, so go to this directory cd slash extra, LDAP underscore installation, cd press enter, do ls, for your convenience I have inserted some LD files already in this directory, do ls, you will find few LD files like hierarchy.lf, group.lf and user.lf, for your convenience we have already set up these files in a directory called slash extra slash LDAP underscore installation, so go into that directory and do ls, you will find those files, just open the file called hierarchy.lf, so as I said before we are going to enter this sample data into the database, there will be a root dn people group and we are going to add student 1, student 2 and group 1 and group 2, so just open the file called hierarchy.lf, everyone can see that first we have entered the root dn which is in the PDF it is written as dc equal to example but in the file which is present in this directory if you do vim and open that you will find dc equal to my domain, dc equal to com and etc. The first four lines is used to create the root node, if you refer to them the first four lines is used to create this root, the second four lines is used to create people and the last four lines is used to create this node called group, so just take a look at this LD files come out of it, so now we are going to add this LD file into the database, this LD file consists nothing of a but a data dump, the LD files contains a data dump which we are going to dump it into the database, so let us see how to do that, there are two ways of doing it, so I will explain you the simpler process, so you can add this details into the database as follows, slap add minus l hierarchy dot l if, you can dump the data into the database using this command and press enter, now what we have done is we have entered the information which is given in the tree format, so we have entered the information corresponding to the root corresponding to people and group, now let us see how to enter information corresponding to student 1, student 2, group 1 and group 2, in order to do that there are two files called group dot l if and user dot l if, so open the file called group dot l if using WIM, if you open this file you can see that we are adding group 1, CN stands for common name, OU stands for organizational unit, we have just given a name called group, you can name it anything and you have to enter the DC whichever was present in the slabd dot com file, the object class specifies, I am just explaining this present in group dot l if file, we are not doing anything, I will just explain the relevant concepts, you can add any group by entering the name of your choice in this place, keep in mind that we have already entered people and group, we have already entered this hierarchy in the database, yeah it will work, yes but also change the group name, so you can give any name of your choice, here we I have given a name called group 1 and the password for the group 1 is also called group 1, you have to give a particular group ID, so for the demo purpose I have given 500, now you have to add this ld file into the database, so add it into the database using the same command slap add minus l group dot l if enter, add the entries using the command slap add minus l the ld file, right now we have added this information, we have added a group 1 into the database, group 1, now let us see how to add a student into the database, for this demo purpose I will be explaining how to add student 1 into the database, so go back to the terminal, open the ld file called user dot ld, now I will be explaining what is present in user dot ld, so if you take this post fix account, so this says that certain attributes like uid number, home directory and gcos, these are called attributes, it says that these attributes have to be present in the ld file, so right now we are seeing how to enter the details of a student 1 into the ldap database, so since we are entering a information regarding a user account, so certain information, certain information has to be present, so we are using object class called posis account to say that this information has to be present, so this is a different object class which says that other attributes have to be present, so like shadow warning, shadow max etc, yeah we have to define it in order to enter user information into the database, so in order to have enter the user information into the database, there are certain prerequisites like you need to have a uid number for that user, the user should belong to certain group and you should have a home directory, one point specified, yeah yes, this is specific to the demo, so yeah, I have defined it using this ld file currently, not anywhere else, yes, yes, right below, no no it is, this posis account is a standard name not defined by us, so I will be explaining the relevant concepts where which you can change, so for example you can change the uid, you can define anything of your choice and these are our choice but these are already installed using the hierarchy dot ld file already, so right now in the user dot ld file you cannot make any changes, previously we have installed hierarchy dot ld file into the database which has the following information people and stuff, so in this ld file I will be telling you what things you can change, for example you can change the uid, you can give anything of your choice, you can change the common name, it can be anything of your choice and the password, for the demo purpose I have written the password as student123, you can define it as anything, the uid number has already been defined in the hierarchy dot ld file, so you have to stick to that, right, yeah you can, you have two choices, either you can put a password using md file or sha file or you can use it clear test, so I just want to simplify things, so I did not explain those things, now you are specifying, yeah you can specify anything here, we have only specified gid number in the group one, group dot ld file, so you have to use the same group here, you cannot change this, okay, so we have not done anything, so in order to add this information you can add it using the same command, slap add minus l user dot ld, enter, do not bother about the outputs, so we have added the information, the following information into the database, so let us see whether they got added or not, so you can use the command slapcat, slapcat enter, so if the information is has been added in the database you will get the details as the output of slapcat, so just press slapcat, then you can check whether the data is present in the database using the command slapcat, slapcat enter, done, so right, now let us see how to start the standalone LDAP demo, so go to this directory, cd, user, local, Liby Xe, go to this directory, press enter and you can start the LDAP server demo by doing dot slash slapd and then press enter, so we have finished configuring the LDAP server, now I will be going to tell you how to configure and install LDAP client, open the terminal, go to this directory, in order to configure a machine as a LDAP client, the following packages are required, libnss LDAP, authclient config, LDAP authclient, LDAP auth config, libpamldap and nscd, these are the packages required for configuring a machine as a LDAP client, so let us see how to do that, open the terminal, install the following packages which are required, all you need to do is say apgat install libnss LDAP, the other packages will be installed automatically, this command is used to install the packages which are required to configure the LDAP client, so just type apgat install libnss LDAP, just type this, open the terminal and type this command and press enter, press enter, so you will be getting this screen, in the screen, so enter these things, LDAP, LDAP colon slash slash and the IP address of your machine, suppose you do not remember the IP address of your machine, open the terminal and do if config, enter type if config enter, so you will be able to see your IP address over here, your individual IP addresses can be visible, so enter your machine's IP address in this screen, please enter your IP, not the one which I am entering, so enter the IP address which you get on doing IF config, now press enter, in the next screen you will be getting a default configuration which says dc equal to example comma dc equal to net, so please enter these things, dc equal to my hyphen domain comma dc equal to com, please enter these details and press enter, after entering this press enter, it is dc, dc equal to my hyphen domain comma dc equal to com, you entered that, even if you have entered it wrong it is ok, we can change it in the configuration file, I will be telling you how to do it, after that press enter, now it will ask for the LDAP version number to use, select the already selected measure 3, you need not do anything press enter, now press no for other details, no again, that is it, we have just finished installing LDAP client, let us see how to configure it, in order to configure the machine as LDAP client, let us open the configuration file, so let us open this file, you are seeing Vim or G edit, ctc slash LDAP.conf, this is the client configuration file, press enter, I will just explain what is present in this file, we would not be making any changes, so there are only three relevant details in this file, the first is base, the base is the one which you have entered in the blue screen, dc equal to my hyphen domain comma dc equal to com, this is the first entry which you have made in the blue screen, next, the next entry is uri LDAP colon slash your IP address, if anyone has made any mistakes and just corrected, open the file called slash, file present in slash etc slash LDAP.conf, that is the client configuration file, these are the only two lines which are relevant, etc slash LDAP.conf, yes, I will explain again, open the client configuration file which is present in slash etc slash LDAP.conf, this is the client configuration file, you did not do anything, there are only two relevant details in this, if you open this file, the important lines are first base and the uri, now after doing this, go to cd slash etc slash pam dot d, go to this directory, press enter and do ls to list the files present in the directory, go to the directory slash etc slash pam dot d, now we have to make some changes to four files, so in order to simplify things, I have already dumped the corresponding files in the directory, so please go to cd LDAP underscore installation pam, go to this directory, in order to simplify things, we have already placed the files in this directory, press enter and do ls, so you will be a four files in this directory, so before doing any changes for the sake of safety, just copy the original files to some other name, so do, execute this command cp minus r slash etc pam dot d slash etc pam dot d dot original, so we are just copying the existing files to some other name, this is for safety purpose, press enter, now as I said before there are four files present in this directory, so rewrite, copy this file, use these commands, command dot account, copy this file to the one present in pam dot d, execute this command, press enter, similarly copy the second file into the one which is present in etc pam dot d, copy all four files, you have copied four files present in the directory called pam, execute these four commands, execute only these four commands, just want to show that, execute these four commands, after you have done that, everyone has done that, I will explain again, in the directory called slash, extra slash LDAP underscore installation pam, there are four files, so copy this files to the one which is present in etc pam dot d, copy all these four files into the files which are present in etc pam dot d, it will overwrite the file which is existing in etc pam dot d, everyone have done that, copy all four files or for the case of simplicity, can do star etc pam dot d, please enter this command, it will copy all the files in the directory, it will overwrite the files which are already presenting, present in the file etc pam dot d directory, once you have done that, go back to the previous directory, do cd dot dot, enter ls, so there is a file called nss switch dot conf in this directory, so for the sake of safety, there is a file already existing in etc nss switch dot conf, so copy the existing file, take a backup of the existing file as follows, etc nss switch, take the backup of the already existing file, press enter, you are just taking the backup of the already existing file, after taking the backup, if you do ls, there is a file called nss switch in this directory, so copy this file into copy nss switch into the slash etc, you will be overwriting the existing file, press enter, the main idea is that for ldap there are two important files, one is pam and the other is nss, so first we have seen how to modify the files for pam, now we have seen how to modify the files for nss, once you have done that, now go to this directory cd slash etc ldap, enter and open the file ldap.conf which is present in the directory, enter, open this file present in the directory slash etc slash ldap and change the following two lines, remove the command and instead of example, write it as my iPhone domain and instead of this line, first uncomment it and enter your IP address, in case you don't remember the IP address, you can change, take a look at if config, enter this IP address here, change these two lines, I will repeat it, so open the file called ldap.conf present in etc slash ldap directory, first go to this directory cd slash etc slash ldap, go to this directory and open this file and change these two lines, uncomment the line, there will be a hash present in this, so uncomment these two lines and enter these two information, but the thing is instead of the IP present here, insert the IP of your machine, please enter this information, but instead of the IP given here, enter the IP of your machine, in case you don't remember the IP, you can view that using if config command, don't enter this IP which is present on the screen, enter the IP of your machine. Now, we have finished configuring the machine as a ldap client, now in order to test that do id, please type the command id student1, remember that we have just added a uid called student1 to the database, so if the system has been configured as a ldap client, then you should get the following output, no, are everyone getting this output, so if in case you are not getting this output, then do this again, type this command, later we are reinstalling the system as a ldap client, type this command, if you in case you don't get the output after typing id student1, in case you are not getting, then type this command, abget purge libnss hyphen ldap space nscd, and press enter, plus why you have done that, what we have done is abget purge, we have just type this command, type this command and press enter, then again install the packages, required for a ldap client, type this command, press y, you will get a blue screen, type the information again, enter the IP of your machine, not the IP present on the screen, it is the same procedure which we have already seen, press enter, I will repeat, first we have done this, abget purge libnss hyphen ldap space nscd, we have removed this files required for the ldap client, then you have type this command, abget install libnss hyphen ldap, then you have press this command, you will get the blue screen again, enter your IP address, I am just repeating, press the IP address of your machine, not the one which is present on the screen, then change this details, write my hyphen domain, press enter, select version 3, enter and for the rest of the screens press no. Now go to this file, open this file, vimetc ldap, ldap.com, just check if these two lines are proper, there should not be any comments for this URI, they are not proper, now try id student 1, you have got this output, so that means that the ldap client configuration is also done, so just let us test this, so in order to test it, do give this following command, the IP of your machine, not the one which is present on the screen, please remember that we have just added student 1 into the ldap's database and the password we have set was student 1 to 3, so SSH into your own machine, yes the password is student 1 to 3 which we have entered in the ldap file, you should be able to login, we did not create a home directory in slash home, that is why you are getting this message, no such file or directory, do not bother about this, all we need to see is that we should be able to login into this machine, if you are able to login that means that ldap server and ldap client configuration has been correct, student 1 to 3, I will repeat again, in order to test it, you can login like this, SSH student 1 at the rate the IP address of your machine, the IP address should be of your machine, not the one present in the screen, enter the password is student 1 to 3, so if you are able to login then the ldap server and client configuration is correct.