Configuring the Administrator

The basedn is the very top of the LDAP tree. In the base of Acme, the basedn will be o=Acme, c = uk. The o component means Organization, whereas the c component refers to the country. As with everything in LDAP, there are strict rules on naming the basedn. The most common elements are the o= and c= definitions, but also the general domain component (dc) is used to refer to the fully qualified domain name (FQDN) of the organization. In the case of Acme, you could use a basedn of dc=Acme, dc=co, dc=uk. However, as we are designing the LDAP structure from an organizational chart, we will use the organizational terms. To edit the LDAP configuration files, you must be root. When you have set the username and password for the administrator, you can be any user as long as you can authenticate as the administrator when connecting to OpenLDAP. You can then do the following:

1. In the slapd.conf file, find the entry for the suffix and the rootdn (the administrator user) and change it to reflect your organization:

m suffix rootdn

The rootdn should reflect your basedn with a user component. In this case, we have used the cn definition for the user (Common Name).

When the suffix and the rootdn have been defined, you need to configure the administrator password. There are a few ways to do this — insecure and secure. Obviously, you want to set up the password securely.

The rootdn is not an entry in the LDAP directory but the account information for the LDAP administrator.

To produce an encrypted password, you need to use the slappasswd command:

bible:/etc/openldap # slappasswd New password: Re-enter new password: {SSHA}F13k4cAbh0IAxbpKNhH7uVcTL4HGzsJ+ bible:/etc/openldap #

You can define the password using cleartext (the password is just entered into the slapd .conf), if you want to do a quick and dirty implementation, but for security reasons, on a production system you should insert the encrypted form of the password.

3. After you enter the password you want to use twice, the slappasswd command returns an encrypted password that can be used in slapd.conf.

4. When you have the encrypted password, you need to find the rootpw entry in slapd.conf and enter it there.

rootpw {SSHA}F13k4cAbh0IAxbpKNhH7uVcTL4HGzsJ+

Was this article helpful?

0 0

Post a comment