FROM: 5HT
TO: #VOXOZ
DATE: 29 SEP 2015

LDAP: Identity Server

TL;DR — Enterprise token storage service



Password setup

    /usr/sbin/slappasswd -h {SSHA}

LDAP setup

  $ cat /etc/openldap/ldap.conf

    BASE        dc=synrc,dc=com
    TLS_REQCERT	demand

  $ cat /etc/openldap/slapd.conf

    include     /etc/openldap/schema/core.schema
    include     /etc/openldap/schema/cosine.schema
    include     /etc/openldap/schema/inetorgperson.schema
    pidfile     /var/db/openldap/run/slapd.pid
    argsfile    /var/db/openldap/run/slapd.args
    database    monitor
    database    bdb
    suffix      "dc=synrc,dc=com"
    rootdn      "cn=Manager,dc=synrc,dc=com"
    rootpw      {SSHA}Fp+86gE2WSeUd42FyvRVZKoJO5UiCuax
    directory   /var/db/openldap/openldap-data
    index       objectClass                       eq,pres
    index       ou,cn,mail,sn,givenname           eq,pres,sub
    index       uidNumber,gidNumber               eq,pres
    index       uid                               eq,pres,sub

LDAP server start

  $ sudo chown -R 5HT /var/db/openldap

  $ rm -rf /var/db/openldap/openldap-data ; \
    mkdir /var/db/openldap/openldap-data ; \
    sudo /usr/libexec/slapd -d 255

database initialization

  $ cat init.ldif

    dn: dc=synrc,dc=com
    objectClass: top
    objectClass: dcObject
    objectClass: organization
    dc: synrc
    o: synrc
    description: synrc.com

    dn: ou=People,dc=synrc,dc=com
    ou: People
    objectClass: top
    objectClass: organizationalUnit

  $ ldapadd -x -D "cn=Manager,dc=synrc,dc=com" -w pass -f init.ldif

database population

  $ cat add.ldif

    dn: cn=Vlad Ki,ou=People,dc=synrc,dc=com
    objectClass: top
    objectClass: person
    objectClass: inetOrgPerson
    givenName: Vlad
    userPassword: 12w13
    sn: Ki

    dn: cn=Maxim Ericsson,ou=people,dc=synrc,dc=com
    objectClass: top
    objectClass: person
    objectClass: inetOrgPerson
    givenName: Maxim
    userPassword: 12w14
    sn: Ericsson

  $ ldapadd -x -D "cn=Manager,dc=synrc,dc=com" -w pass -f add.ldif

Search Users population

  $ ldapsearch -x -D "cn=Manager,dc=synrc,dc=com" -w pass | grep dn:

    dn: dc=synrc,dc=com
    dn: ou=People,dc=synrc,dc=com
    dn: cn=Vlad Ki,ou=People,dc=synrc,dc=com
    dn: cn=Maxim Ericsson,ou=People,dc=synrc,dc=com