Labels

new blog 2.0

2007/11/10

0x03. [LPIC-301] LDAP - Entering data into OpenLDAP

It's time to enrich the directory in data. We enter the data to the LDAP server with help of LDIF files. LDIF stands for LDAP Data Interchange Format. LDIF is described in detail in the following RFC documents: RFC2849, RFC4510, RFC4525.

The very first entry in the LDAP directory will be the top element of the Directory Information Tree, in my case dc=oozie,dc=tux.

##
# top.ldif
##
dn: dc=porta,dc=tux
dc: porta
objectClass: domain
objectClass: top

First line specifies the distinguished name for the LDAP suffix. Second line specifies the necessary attribute specified in 'domain' objectClass, line 3. Line 4. is mandatory according to RFC2256:
5.1. objectClass

The values of the objectClass attribute describe the kind of object
which an entry represents. The objectClass attribute is present in
every entry, with at least two values. One of the values is either
"top" or "alias"
We can feed our OpenLDAP server with the LDIF above. For this purpose I use slapadd command. You should remember, that slapd should not be running at this time, otherwise you can get an error message complaining about the database being in use. Prior to using slapadd perform /etc/init.d/slapd stop, and then...

root@porta.tux # slapadd -l top.ldif

root@porta.tux #

... should do the trick if there are no error messages.
root@porta.tux # /etc/init.d/slapd start
root@porta.tux # ldapsearch
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# porta.tux
dn: dc=porta,dc=tux
dc: porta
objectClass: domain
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

root@porta.tux #

Works fine.
We are now about to create a sample directory. As our OpenLDAP server is completely unsecure at this stage (clear text password and no encryption), data contained in the directory should be absolutely insensitive and non-confidential. Using cosine.schema, which contains the 'room' objectClass it's possible to create a directory of typical rooms one can come across in everyday life along with their descriptions. The full LDIF file with the directory can be found here [rooms.ldif]. A short snippet below:

####
# rooms.ldif by OOZIE
#
# As per section 3.8 in RFC4524, I use room objectClass to create a
# directory of typical room types.
#
# 3.8 [...]
#
# The 'room' object class is used to define entries representing rooms.
# The 'cn' (commonName) attribute SHOULD be used for naming
# entries of this object class.
#
# ( 0.9.2342.19200300.100.4.7 NAME 'room'
# SUP top STRUCTURAL
# MUST cn
# MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
#
# The 'top' object class is described in [RFC4512]. The 'cn',
# 'description', 'seeAlso', and 'telephoneNumber' attribute types are
# described in [RFC4519]. The 'roomNumber' attribute type is described
# in Section 2 of this document.
#
# [...]
#
####

dn: ou=rooms,dc=
porta,dc=tux
ou: rooms
objectClass: organizationalUnit
objectClass: top

dn: cn=kitchen,ou=rooms,dc=
porta,dc=tux
cn: kitchen
objectClass: top
objectClass: room
description: A kitchen, is a room or part of a room (sometimes called "kitchen area" or a "kitchenette") used for food preparation including cooking, and sometimes also for eating and entertaining guests, if the kitchen is large enough and designed to be used that way. (SOURCE: WIKIPEDIA)

dn: cn=living room,ou=rooms,dc=
porta,dc=tux
cn: living room
objectClass: top
objectClass: room
description: A living room, also known as sitting room (especially in the UK), lounge room or lounge (in the United Kingdom and Australia), is a room for entertaining guests, reading, watching TV or other activities. The word Lounge is from the Latin, it was brought over later on by the French.

[...]

Previously we used slapadd on the local server with slapd turned off. Now we are going to add the entries from the LDIF file above on the client side while slapd is running on the server.
1. Copy /etc/openldap/ldap.conf or /etc/ldap.conf to the same location on the client.
2. Perform an anonymous search on the client with ldapsearch -x
3. If it works fine, use the following command with the parameters according to your slapd.conf in order to add room entries:

root@porta.tux # ldapadd -x -f rooms.ldif -D "cn=Manager,dc=porta,dc=tux" -w secret
adding new entry "cn=kitchen,ou=rooms,dc=
porta,dc=tux"

adding new entry "cn=living room,ou=rooms,dc=
porta,dc=tux"

adding new entry "cn=bathroom,ou=rooms,dc=
porta,dc=tux"

adding new entry "cn=drawing room,ou=rooms,dc=
porta,dc=tux"

adding new entry "cn=bedroom,ou=rooms,dc=
porta,dc=tux"

adding new entry "cn=storage room,ou=rooms,dc=
porta,dc=tux"

root@porta.tux #

... where -D specifies the rootdn from slapd.conf, what follows after -w is your password, -x tells to open a simple bind (no SASL), and -f tells ldapadd what LDIF file to get the data from.

At this point I have a working directory service and we can start searching through it.

1 comment:

Juanillo said...

The file http://oozie.fm.interia.pl/src/rooms.ldif is not completed. the room definition part is missing

dn: ou=rooms,dc=porta,dc=tux
ou: rooms
objectClass: organizationalUnit
objectClass: top

Thanks for your time and effort