LinID OpenLDAP Manager Documentation

Installation

Initialize your OpenLDAP server

OpenLDAP Manager needs an initialized OpenLDAP server to work. To do this, go to your OpenLDAP installation directory, and use the following commands:

### Go to your installation directory, and then create the configuration directory
$ mkdir etc/openldap/slapd.d

### Add the mimial configuration
$ sbin/slapadd -n0 -F etc/openldap/slapd.d
dn: cn=config
objectClass: olcGlobal
cn: config

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret
<EOF>

You can now start OpenLDAP, and access it by OpenLDAP Manager! For example you can begin by adding the monitor database.

Download LinID OM

You can download LinID OM from the Download page, or directly from here:

WAR Standalone
0.7 0.7
0.6 0.6
0.5 0.5

Deploy LinID OM

Web archive

Install the web archive (war) in your favorite servlet container. Restart the container if needed to start the application

Standalone

Unzip the archive, it will create a folder named linid-om-VERSION.

Go into the repository and launch it:

./linid-om.sh start

Configuration

We suppose LinID OM is launched, and you have access it trough http://localhost:8080

Create your first connection

LinID OM can handler multiple OpenLDAP servers, so you have to configure the servers you want to manage. At first connection, you are redirected to the connection creation screen:

Enter your parameters, then click on Register Configuration. You can then check your parameters:

Note: if you click on Save password on server, the password will be kept in configuration, that will be stored on the server.

If all is ok, click on Use this connection to access home page:

Connections management

At any time, you can manage your connections by clicking on the Connections button in the Administration menu. You access to this screen:

From here you can:
  • Edit or remove an existing connection
  • Create a new connection
  • Store configuration on server: unless you have done that, nothing is saved!
  • Restore configuration from server: this will erase your current settings and restore the saved ones

Tips

Modify the configuration without OpenLDAP Manager

In some cases, it is not possible to modify your configuration. Generally it is simply because OpenLDAP (still) does not allow it, eg. removing a database or an overlay. In some other cases it is because OpenLDAP Manager (still) does not support it, eg. some schema manipulation.

Removing a database/an overlay/something else not removable

Stop your OpenLDAP server.

Then export the configuration:

$ sbin/slapcat -n0 > config.ldif

Edit the config.ldif file and remove what you need to remove.

Clean the configuration directory:

$ rm -rf etc/openldap/slapd.d/cn\=config*

Re-import your new configuration:

$ sbin/slapadd -n0 -F etc/openldap/slapd.d -l config.ldif

Restart your OpenLDAP server, and enjoy!

Adding schema files

While it is not possible to add a schema file directly into OpenLDAP Manager, you can add it online with the following command lines (here adding dyngroup schema):

$ ldapadd -x -H ldap://0:3389 -D cn=config -w secret -f etc/openldap/schema/dyngroup.ldif

Security

Information privacy relies over the top level server security. Therefore you can achieve it through :

Requirements: security enforcement

To force any user to be authenticated against a J2EE application server, the web application must include in the web.xml file some special
So you need to download the source version and to edit the ./src/main/webapp/WEB-INF/web.xml to uncomment the security-contraints and login-config section of the XML file. Then repackage the web archive through mvn package command and copy the resulting file to your jetty home :

cp target/war/linid-dm.war ${jetty.home}/webapps

Integrating Jetty Realm

Generate a new password with the following command line :

java -cp lib/jetty-6.1.18.jar:lib/jetty-util-6.1.18.jar org.mortbay.jetty.security.Password admin linagora

You will get the following output which are the different password strings that can be used in ${jetty.home}/etc/realm.properties :

linagora
OBF:1toq1wfq1wu61sop1sp11wu81wg81to4
MD5:f69b2809694bea5fff666279e7d83f00
CRYPT:adXhc1ZrvRwk.

Please consider using OBF or MD5 which are more secured than clear or crypt passwords.
You only need to replace the password in the following line in ${jetty.home}/etc/realm.properties :

admin: CRYPT:adXhc1ZrvRwk.,admin

But take care not to remove prefix ("admin: ") and suffix(",admin"), otherwise you will corrupt the file format and will not be able to authenticate in the webapplication.

Note: only the 'admin' role is authorized to log in to LinID Directory Manager.

At the end, define a Jetty REALM in the following way : edit a linid-dm.xml file in a temporary directory to put the following content :

<Configure class="org.mortbay.jetty.webapp.WebAppContext">
  <Set name="contextPath">/linid-dm</Set>
  <Set name="war"><SystemProperty name="jetty.home" default="."/>/webapps/linid-dm.war</Set>
   ...
  <Get name="securityHandler">
    <Set name="userRealm">
      <New class="org.mortbay.jetty.security.HashUserRealm">
            <Set name="name">Authentication</Set>
            <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
      </New>
    </Set>
  </Get>
</Configure>

When saved, move it to ${jetty.home}/contexts/linid-dm.xml.

Restart Jetty through ${jetty.home}/bin/jetty.sh restart.

linid-om-check-connection.png (50.8 KB) Clément OUDOT, 30/01/2012 10:15

linid-om-create-connection.png (49.5 KB) Clément OUDOT, 30/01/2012 10:15

linid-om-home.png (84.1 KB) Clément OUDOT, 30/01/2012 10:15

linid-om-manage-connection.png (69.5 KB) Clément OUDOT, 30/01/2012 10:15

Also available in: HTML TXT