From a45aada258502d30bbcb450d7df0c9a7bb2fef1c Mon Sep 17 00:00:00 2001 From: Marisa Date: Tue, 16 Sep 2025 13:54:39 -0400 Subject: [PATCH] Update READMEnew.md --- READMEnew.md | 128 ++++++++++++++++++++++----------------------------- 1 file changed, 56 insertions(+), 72 deletions(-) diff --git a/READMEnew.md b/READMEnew.md index acf71bf..5db0dd5 100644 --- a/READMEnew.md +++ b/READMEnew.md @@ -3,7 +3,7 @@ A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__** -### _Creating the ldapdock container_ +### _Creating the ldapdock image container_ build ldapdock ``` @@ -21,6 +21,7 @@ run into the container to setup openLDAP ``` > docker run -h example.com -i -t ldapdock /bin/bash ``` +### _Inside the ldapdock image container_ make sure to use the following command to start openLDAP ``` @@ -37,7 +38,7 @@ root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base ... ``` -make a new test directory and create two attributes/branches with People and Group +make new test LDAP directories (LDAP OU) and create two attributes/branches with People and Group ``` root@example:/# vim base.ldif ``` @@ -52,7 +53,7 @@ objectClass: organizationalUnit ou: Group ``` -create the test directory on our LDAP server, the password in the dockerfile by default is _admin_ +create the test directory in our LDAP server, the password in the dockerfile by default is _admin_ ``` root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif Enter LDAP Password: @@ -61,96 +62,79 @@ adding new entry "ou=People,dc=example,dc=com" adding new entry "ou=Groups,dc=example,dc=com" ``` -now we have an **Organizational Unit (ou=People, ou=Group, etc.)** prepared to deal with users and groups, with a directory structure we can begin managing users - -################################################### - -run into the container setting up the LDAP server and the hostname +verify the entries in the LDAP server ``` -> docker run -h example.com -i -t ldapdock /bin/bash +root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=People' dn +dn: ou=People,dc=example,dc=com +root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=Groups' dn +dn: ou=Groups,dc=example,dc=com +``` +now we have an **Organizational Unit (ou=People, ou=Group, etc.)** with users and groups within an LDAP directory structure correctly created + +### _Users administrative tasks_ + +create a new LDAP directory called Supergirls (LDAP OU) with the following data +``` +root@example:/# vim add_ou.ldif +dn: ou=Supergirls,dc=example,dc=com +objectClass: organizationalUnit +ou: Supergirls ``` -### _Inside the ldapdock image_ - -start the openLDAP daemon server +create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is _admin_ ``` -> service slapd start - * Starting OpenLDAP slapd [ OK ] +root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif +Enter LDAP Password: +adding new entry "ou=Supergirls,dc=example,dc=com" ``` -__*__ edit base configuration of openLDAP server +verify the entry in the LDAP server ``` -> vim /etc/ldap/ldap.conf +root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn +dn: ou=Supergirls,dc=example,dc=com + +root@example:/# ``` -__*__ check basic LDAP schemas are loaded +create a new LDAP password to manage our new directory, and annotate the result hashed password ``` -# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn -dn: cn=schema,cn=config - -dn: cn={0}core,cn=schema,cn=config - -dn: cn={1}cosine,cn=schema,cn=config - -dn: cn={2}nis,cn=schema,cn=config - -dn: cn={3}inetorgperson,cn=schema,cn=config -``` -__*__ load basic LDAP schemas in case the base config didn't -``` -# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif -SASL/EXTERNAL authentication started -SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -SASL SSF: 0 -adding new entry "cn=core,cn=schema,cn=config" -``` - -create a **password** for openLDAP root user -``` -> slappasswd +root@example:/# slappasswd New password: Re-enter new password: -{SSHA}hashpwd +{SSHA}hashedpasswd ``` -__*__ checkout the root DN configuration, the oldRootDN that we will setup later +create a .ldif file with the necessary attributes to insert in our Supergirls directory ``` -> ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN -dn: olcDatabase={0}config,cn=config -olcRootDN: cn=admin,cn=config - -dn: olcDatabase={1}mdb,cn=config -olcRootDN: cn=admin,dc=example,dc=com +root@example:/# vim add_user_supergirls.ldif +dn: uid=marisa,ou=Supergirls,dc=example,dc=com +objectClass: inetOrgPerson +objectClass: posixAccount +cn: Marisa +sn: Kirisame +givenName: Marisa +displayName: Marisa Kirisame +uid: marisa +uidNumber: 1001 +gidNumber: 5000 +homeDirectory: /home/marisa +loginShell: /bin/bash +userPassword: {SSHA}hashedpasswd +mail: marisa@example.com ``` -### _Base administrative Tasks for openLDAP_ - -create a file setting up our default root DN and our *hostname* **(change *dc=example,dc=com* as needed)** +insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password _admin_ ``` -> vim change_root.ldif -dn: olcDatabase={1}mdb,cn=config -changetype: modify -replace: olcRootDN -olcRootDN: cn=admin,dc=example,dc=com -``` -now save this changes in the main database -``` -> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif +root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif +Enter LDAP Password: +adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com" ``` -create a file setting up our default rootPW **(change *{SSHA}hashpwd* with our previous *password*)** +verify the user (marisa) has been added tp tje Supergirls OU ``` -> vim change_password.ldif -dn: olcDatabase={1}mdb,cn=config -changetype: modify -replace: olcRootPW -olcRootPW: {SSHA}hashpwd +root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn +dn: uid=marisa,ou=Supergirls,dc=example,dc=com ``` -now apply our new password for the main database -``` -> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif -modifying entry "olcDatabase={1}mdb,cn=config" -``` -we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files) +