The latest network routers, software, management tools and information for enterprise IT administrators.

Building an LDAP Server on Linux, Part 3 - Page 2

By Carla Schroder

Page 2 of 4 | Back to Page 1

Is It Working Yet?

First, check slapd.conf for syntax errors:

# slapd -t

Then run the following command exactly as written:

$ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

It will return several lines of mysterious stuff; look for this line:

dn:
namingContexts: dc=carlasworld,dc=net

Changing slapd.conf

Anytime you change slapd.conf, it must be restarted:

# /etc/init.d/slapd restart

Adding Entries

Now we get to the fun part. Manually creating entries is a two-step process. First, create an .ldif file, and then use the command ldapadd to put the new entries in the database. In the .ldif file — let's call it test.ldif — define some attributes of your company:

##my company##
dn: dc=carlasworld,dc=net
objectclass: dcObject
objectclass: organization
o: Tuxcomputing, inc.
dc: carlasworld

dn: cn=Manager,dc=carlasworld,dc=net
objectclass: organizationalRole
cn: Manager

.ldif Pitfalls

Be sure to trim all leading and trailing spaces, as well as any leading blank lines. Any leading spaces, or a leading blank line, will make ldapadd think there is nothing there, while a trailing space at the end of a line tells ldapadd that the next line is a continuation of the previous line. Use blank lines to separate entries.

The next step is to add the test.ldif file to ldap:

# ldapadd -x -D "cn=Manager,dc=carlasworld,dc=net" -W -f test.ldif

See man ldapadd for explanations of the various flags. ldap will ask for your LDAP password and then confirm the entry was added. If you get the infamous "ldap_bind: Invalid credentials (49)" error, it means you gave either the wrong "cn=" entry or the wrong password.

Both the common name (cn) and the password are right there in slapd.conf, so there shouldn't be any mysteries on these items. Note that we will eliminate these later. (While they are needed when creating a new database, we will replace them later on when we add stronger authorization.)

Let's see what our database looks like now:

# ldapsearch -x -b 'dc=carlasworld,dc=net' '(objectclass=*)'

This will display every entry in the database.

Page 3: Adding Users

This article was originally published on Nov 11, 2003

cschroder@internet.com

Get the Latest Scoop with Networking Update Newsletter

Thanks for your registration, follow us on our social networks to keep up-to-date