LinID OpenLDAP Manager Documentation¶
- LinID OpenLDAP Manager Documentation
- Installation
- Initialize your OpenLDAP server
- Download LinID OM
- Deploy LinID OM
- Configuration
- Create your first connection
- Connections management
- Tips
- Modify the configuration without OpenLDAP Manager
- Security
Installation¶
Initialize your OpenLDAP server¶
OpenLDAP Manager needs an initialized OpenLDAP server to work. To do this, go to your OpenLDAP installation directory, and use the following commands:
### Go to your installation directory, and then create the configuration directory
$ mkdir etc/openldap/slapd.d
### Add the mimial configuration
$ sbin/slapadd -n0 -F etc/openldap/slapd.d
dn: cn=config
objectClass: olcGlobal
cn: config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret
<EOF>
You can now start OpenLDAP, and access it by OpenLDAP Manager! For example you can begin by adding the monitor database.
Download LinID OM¶
You can download LinID OM from the Download page, or directly from here:
| WAR | Standalone |
|---|---|
| 0.7 | 0.7 |
| 0.6 | 0.6 |
| 0.5 | 0.5 |
Deploy LinID OM¶
Web archive
Install the web archive (war) in your favorite servlet container. Restart the container if needed to start the application
Standalone
Unzip the archive, it will create a folder named linid-om-VERSION.
Go into the repository and launch it:
./linid-om.sh start
Configuration¶
We suppose LinID OM is launched, and you have access it trough http://localhost:8080
Create your first connection¶
LinID OM can handler multiple OpenLDAP servers, so you have to configure the servers you want to manage. At first connection, you are redirected to the connection creation screen:
Enter your parameters, then click on Register Configuration. You can then check your parameters:
Note: if you click on
Save password on server, the password will be kept in configuration, that will be stored on the server.
If all is ok, click on Use this connection to access home page:
Connections management¶
At any time, you can manage your connections by clicking on the Connections button in the Administration menu. You access to this screen:
- Edit or remove an existing connection
- Create a new connection
- Store configuration on server: unless you have done that, nothing is saved!
- Restore configuration from server: this will erase your current settings and restore the saved ones
Tips¶
Modify the configuration without OpenLDAP Manager¶
In some cases, it is not possible to modify your configuration. Generally it is simply because OpenLDAP (still) does not allow it, eg. removing a database or an overlay. In some other cases it is because OpenLDAP Manager (still) does not support it, eg. some schema manipulation.
Removing a database/an overlay/something else not removable
Stop your OpenLDAP server.
Then export the configuration:
$ sbin/slapcat -n0 > config.ldif
Edit the config.ldif file and remove what you need to remove.
Clean the configuration directory:
$ rm -rf etc/openldap/slapd.d/cn\=config*
Re-import your new configuration:
$ sbin/slapadd -n0 -F etc/openldap/slapd.d -l config.ldif
Restart your OpenLDAP server, and enjoy!
Adding schema files
While it is not possible to add a schema file directly into OpenLDAP Manager, you can add it online with the following command lines (here adding dyngroup schema):
$ ldapadd -x -H ldap://0:3389 -D cn=config -w secret -f etc/openldap/schema/dyngroup.ldif
Security¶
Information privacy relies over the top level server security. Therefore you can achieve it through :Requirements: security enforcement
To force any user to be authenticated against a J2EE application server, the web application must include in the web.xml file some special
So you need to download the source version and to edit the ./src/main/webapp/WEB-INF/web.xml to uncomment the security-contraints and login-config section of the XML file. Then repackage the web archive through mvn package command and copy the resulting file to your jetty home :
cp target/war/linid-dm.war ${jetty.home}/webapps
Integrating Jetty Realm
Generate a new password with the following command line :
java -cp lib/jetty-6.1.18.jar:lib/jetty-util-6.1.18.jar org.mortbay.jetty.security.Password admin linagora
You will get the following output which are the different password strings that can be used in ${jetty.home}/etc/realm.properties :
linagora OBF:1toq1wfq1wu61sop1sp11wu81wg81to4 MD5:f69b2809694bea5fff666279e7d83f00 CRYPT:adXhc1ZrvRwk.
Please consider using OBF or MD5 which are more secured than clear or crypt passwords.
You only need to replace the password in the following line in ${jetty.home}/etc/realm.properties :
admin: CRYPT:adXhc1ZrvRwk.,admin
But take care not to remove prefix ("admin: ") and suffix(",admin"), otherwise you will corrupt the file format and will not be able to authenticate in the webapplication.
Note: only the 'admin' role is authorized to log in to LinID Directory Manager.
At the end, define a Jetty REALM in the following way : edit a linid-dm.xml file in a temporary directory to put the following content :
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Set name="contextPath">/linid-dm</Set>
<Set name="war"><SystemProperty name="jetty.home" default="."/>/webapps/linid-dm.war</Set>
...
<Get name="securityHandler">
<Set name="userRealm">
<New class="org.mortbay.jetty.security.HashUserRealm">
<Set name="name">Authentication</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
</New>
</Set>
</Get>
</Configure>
When saved, move it to ${jetty.home}/contexts/linid-dm.xml.
Restart Jetty through ${jetty.home}/bin/jetty.sh restart.
