Getting LDAP ed

I l @ ve RuBoard

Getting LDAP'ed

LDAP is available both as an open-source implementation and as a commercial product, such as the iPlanet Directory Server. The standard open -source implementation is OpenLDAP, which is available in source form and in RPMs for Linux. If you have a Linux distribution, you probably have a copy of LDAP on your RPMs CD; adding it is as easy as doing rpm --install . If you don't have OpenLDAP, you can get it from www.openldap.org.

For Windows, you need to get a ported version. We'll be using one available from http://www.fivesight.com/downloads/openldap.asp.

After downloading it and extracting LDAP into C:\TMP, you should copy the openldap directory (which might be named something like openldap-2.0.11) to C:\ and rename it as OPENLDAP. You need to make some configuration changes to the slapd.conf file (see Listing 15.1).

Listing 15.1 slapd.conf
 # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include               /openldap/schema/core.schema include               /openldap/schema/cosine.schema include               /openldap/schema/inetorgperson.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral     ldap://root.openldap.org pidfile               /temp/slapd.pid argsfile      /temp/slapd.args # Load dynamic backend modules: # modulepath  %MODULEDIR% # moduleload  back_ldap.la # moduleload  back_ldbm.la # moduleload  back_passwd.la # moduleload  back_shell.la ####################################################################### # ldbm database definitions ####################################################################### database      ldbm suffix              "dc=bfg,dc=com" rootdn              "cn=chiefgeek,dc=bfg,dc=com" rootpw              GeekGuru directory     /openldap/data/bfg 

Here the sample file has been removed, the bfg database has been added, and some absolute directory paths have been set so that you don't have to mess around with environment variables .

The bfg entry basically says that you're creating an LDAP database uniquely identified as dc=bfg,dc=com (which also can be read as bfg.com , the same as saying o=bfg.com ). The DN of the entity with privileges to modify the database is set using the rootdn tag and can be read as "common name chiefgeek from bfg.com ." You also have to specify the password. The root DN is the "master DN" for an LDAP database, the one allowed to make changes to anything inside the database.

Finally, you tell OpenLDAP where to find the files to store the data for bfg. OpenLDAP will create the files, but you need to create the directory.

Now you're ready to import your initial dataset for the bfg database. You can do that by creating an LDIF file, which is a text representation of an LDAP database, and then using a tool called slapadd to dump the data into LDAP. The bfg.ldif file is shown in Listing 15.2. Most of the fields are self-explanatory, but a few need deciphering.

Listing 15.2 bfg.ldif
 dn: dc=bfg, dc=com objectclass: top dn: cn=chiefgeek,dc=bfg, dc=com cn:chiefgeek sn:Geek userPassword: GeekGuru objectclass: top objectclass: person dn: o=bfg,dc=bfg,dc=com o: bfg objectclass: top objectclass: organization description: Books For Geeks, Inc. telephoneNumber: 1-603-555-1212 street: 1 Geek Way l: Nashua st: NH postalCode: 03031 dn: ou=admin,dc=bfg, dc=com ou: admin description: Administrative objectclass: top objectclass:  organizationalUnit dn: ou=sales,dc=bfg, dc=com ou: sales description: Sales objectclass: top objectclass: organizationalUnit dn: ou=editorial,dc=bfg, dc=com ou: editorial description: Editorial objectclass: top objectclass: organizationalUnit dn: uid=bjones,dc=bfg, dc=com objectclass: top objectclass: inetOrgPerson uid: bjones cn:Bob Jones o: bfg ou: admin employeeNumber: 1 givenName: Bob sn: Jones userPassword: thegeek telephoneNumber: x1234 title: Chief Geek 

In this code, you start by defining the root of the LDAP hierarchy. In most cases, that's the domain name of the company. An entry for the rootdn is defined as well, even through it's not required.

Next you define an entry for the company and then one for each of the organizational units inside the company. Notice that an object can have more than one objectclass entry; it inherits the attributes of each class. You also can have multiple attributes with the same name. For example, the cn (common name) field might have both Bob Jones and another entry of Robert Jones .

Finally, you have an entry for the president of the company.

The entries are required to go in this order because you can't reference an entity as an attribute (for example, bfg as an o organization attribute) until it has been defined.

To use slapadd, you need to place a copy of your slapd.conf file in the sysconf subdirectory of C:\OPENLDAP. You need to run slapadd before you start OpenLDAP. After you've imported the data (see Figure 15.1), you can start OpenLDAP. You can do that by running slapd.exe from the OPENLDAP directory, or you can use the command slapd install if you're running a services-friendly version of Windows such as 2000, NT, or XP Pro. Then install OpenLDAP as a service.

Figure 15.1. Running slapadd.

graphics/15fig01.jpg

Some search tools come with OpenLDAP, but they are a pain to use. Instead, grab an LDAP browser such as the LDAP Browser/Editor available from http://www.iit.edu/~gawojar/ldap. After starting it up, add your new bfg database to its connection list (see Figure 15.2) and connect (see Figure 15.3); you are presented with your LDAP data as you entered it (see Figure 15.4).

Figure 15.2. Configuring LBE.

graphics/15fig02.jpg

Figure 15.3. Connecting with LBE.

graphics/15fig03.jpg

Figure 15.4. Viewing the BFG LDAP data.

graphics/15fig04.jpg

ALTERNATIVES TO OPENLDAP

Most of the time, open-source tools are not only cheaper but they also have at least as many features as their commercial counterparts. Occasionally, as with OpenLDAP, you've got an implementation for which you're getting what you (don't) pay for.

OpenLDAP is reliable but primitive to work with. If you have the money, you might want to invest in one of the commercial products instead.

Sun offers an LDAP server as part of the iPlanet suite. Because iPlanet has a trial version, you can try it out first and decide whether you want to spend the money for a full license. Novel, among others, also makes an LDAP server.

I l @ ve RuBoard


MySQL and JSP Web Applications. Data-Driven Programming Using Tomcat and MySQL
MySQL and JSP Web Applications: Data-Driven Programming Using Tomcat and MySQL
ISBN: 0672323095
EAN: 2147483647
Year: 2002
Pages: 203
Authors: James Turner

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net