top of page
Search
  • parimalanitesh
    • May 11, 2022
    • 2 min read

389DS LDAP Server configuration and User creation

Updated: May 15, 2022

389DS LDAP:

The enterprise-class Open Source LDAP server for Linux. LDAP is a protocol for representing objects in a network database. Commonly LDAP servers are used to store identities, groups and organization data.


Installation

You can install 389ds on Ubuntu with the below command

sudo apt-get install 389-ds

Server Configuration

Create a 389ds_ldap.inf file which we will be using to create LDAP server

# ldap.inf

[general]
config_version = 2

[slapd]
self_sign_cert = False
instance_name = 389ds_ldap
port = 389
# root_dn (str)
# Description: Sets the Distinquished Name (DN) of the administrator account for this instance.
# Default value: cn=Directory Manager
root_dn = cn=Manager

# root_password (str)
# Description: Sets the password of the account specified in the "root_dn" parameter. You can either set this parameter
# to a plain text password dscreate hashes during the installation or to a "{algorithm}hash" string generated by the pwdhash utility.
# Note that setting a plain text password can be a security risk if unprivileged users can read this INF file!
# Default value: Directory_Manager_Password
root_password = #389ds_ldap

[backend-userroot]
sample_entries = yes
suffix = dc=openstack,dc=org

Use dscreate command to create the ldap server

sudo dscreate -v from-file 389ds_ldap.inf

User Creation

Initially we have to create a organization unit. You can create ou by adding this 389ds_ou.ldif 

dn: ou=people,dc=openstack,dc=org
dc: people
objectClass: dcObject
objectClass: organizationalUnit
ou: people

Use below command for adding ou to this ldap database

ldapadd -x -h localhost -p 389 -w "#389ds_ldap" -D "cn=Manager" -f 389ds_ou.ldif

Create users for 389DS LDAP server. Initially we have to create 389ds_user1.ldif

dn: uid=389ds_user1,ou=people,dc=openstack,dc=org
uid: 389ds_user1
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
#objectClass: openstackEntry
uidNumber: 2000
gidNumber: 1500
displayName: 389ds_user1
homeDirectory: /home/389ds_user1
cn: 389ds_user1
userPassword: 389ds_user_pwd

Add user with following command

ldapadd -x -h localhost -p 389 -w "#389ds_ldap" -D "cn=Manager" -f 389ds_user.ldif

You can check with ldapsearch command of the user is added to the database or not

ldapsearch -x -h localhost -p 389 -w "#389ds_ldap" -b "dc=openstack,dc=org"

265 views0 comments

Recent Posts

See All

SSSD Integration with 389ds LDAP

SSSD: The System Security Services Daemon (SSSD) provides access to remote identity and authentication providers. Providers are configured as back ends with SSSD acting as an intermediary between loca

Multiple LDAP Integration with Openstack Keystone

I've got a task to integrate Multiple LDAP with Openstack Keystone. Below are the same steps which you have to follow for External LDAP integration with Openstack Keystone also. I followed below steps

Post: Blog2_Post
bottom of page