Setting up OpenLDAP 2.1.x for Workbench

Scope
Obtain and Install the Software
Configure OpenLDAP
Start the LDAP server
Add Users and Groups
Obtaining and Using an LDAP Administrative GUI

Scope

This document describes how to setup LDAP for Workbench using the popular open source OpenLDAP server.

Note

These instructions have been tested with OpenLDAP 2.1.30.

Obtain and Install the Software

Refer to http://www.openldap.org site for details in regards to the use of and instructions for downloading and installing the OpenLDAP software.

Configure OpenLDAP

Determine or change the root password of the OpenLDAP server in the slapd.conf file. By default, the password is set to "secret"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.

rootpw          secret

Determine or change the ldap organization suffix and rootdn in the slapd.conf file this example assumes controltier.com domain.

suffix          dc=controltier,dc=com
rootdn          cn=Manager,dc=controltier,dc=com

Start the LDAP server

Start the server

	 slapd -h ldap://*:3890/

Note

The standard LDAP port is 389, however, this example suggests to start the ldap server daemon on 3890 which requires no administrative privlidges. (refer to your app server configuration which refers to this port number if you need to change this to another value).

Add Users and Groups

The most efficient way to add users and groups to the LDAP server is by uploading an ldif (LDAP interchange format) file. Here is an example ldif containing the following users: user1, user2, and user3 and their respective roles: user, admin, and architect.

Note

This will define the users and their accounts within the dc=controltier,dc=com organization which is determined from the slapd.conf file. Replace dc=controltier,dc=com accordingly for your organization. administrative gui.

Note

The passwords that are set for each individual account will be set later in the LDAP Administrative GUI section.

dn: dc=controltier,dc=com
dc: controltier.com
objectClass: dcObject
objectClass: organization
o: ControlTier, Inc.

dn: cn=Manager, dc=controltier,dc=com
objectClass: organizationalRole
cn: Manager


dn: cn=roles, dc=controltier,dc=com
objectClass: person
sn: Roles Entry
cn: roles

dn: cn=user1, dc=controltier,dc=com
userPassword:: XXXX
objectClass: person
sn: user1 with user privs
cn: user1

dn: cn=user2, dc=controltier,dc=com
userPassword:: XXXX
objectClass: person
sn: user2 with admin and user privs 
cn: user2

dn: cn=user3, dc=controltier,dc=com
userPassword:: XXXX
objectClass: person
sn: user3 with architect, admin, and user privs
cn: user3

dn: cn=architect,cn=roles, dc=controltier,dc=com
objectClass: groupOfUniqueNames
uniqueMember: cn=user3,dc=controltier,dc=com
cn: architect

dn: cn=admin,cn=roles, dc=controltier,dc=com
objectClass: groupOfUniqueNames
uniqueMember: cn=user3,dc=controltier,dc=com
uniqueMember: cn=user2,dc=controltier,dc=com
cn: admin

dn: cn=user,cn=roles, dc=controltier,dc=com
objectClass: groupOfUniqueNames
uniqueMember: cn=user3,dc=controltier,dc=com
uniqueMember: cn=user2,dc=controltier,dc=com
uniqueMember: cn=user1,dc=controltier,dc=com
cn: user

upload the ldif to the ldap server by copying this example above and storing into a file called users.ldif and then run the ldapadd command

        ldapadd -x -c -F -H ldap://LDAPHostName:3890/ -D dc=controltier,dc=com  -w secret -f users.ldif

Obtaining and Using an LDAP Administrative GUI

JXplorer and LDAPBrowser are java based administrative clients to various LDAP based servers and can be used to add users (like you have just done via text file above), set passwords, manage groups, etc.