Architecture
During the installation and configuration of the services you see below, I realized that even in the lab, user management is starting to become very confusing.
That’s why I turned to OpenLDAP, an open source and very simple tool. At first, I won’t go into great configuration details.
This is the third type of installation I have done with OpenLdap. I started with Docker, with the osixia/docker-openldap image, it is the one with the most documentation, but it is old and has not been updated for a long time.
Next, I tested bitnami/openldap, which seems to be more up to date, although I had problems with the last version, everything was going well, until I needed to configure TLS and the problems started.
So I decided to go for a VM, which might even make more sense, this way, the installation is complete. I found most of the step-by-step instructions at https://kifarunix.com/, that’s where I found the most complete and up-to-date material. Even so, I repeat the steps here.
There are several GUI interfaces, among the ones I evaluated, I highlight 3:
- phpLDAPAdmin – GitHub – leenooks/phpLDAPadmin: phpLDAPadmin – Web based LDAP administration tool
- LDAP Account Manager – Easy LDAP management | LDAP Account Manager
- Apache Directory Studio – Downloads — Apache Directory
In one of the next topics I will show the basic use of LDAP Account Manager, it has a very friendly interface, and despite being more tedious to configure, it is easy to install.
Here I will divide the installation into 4 points:
- Basic installation
- Certificate Creation / TLS Activation
- Extra settings:
- Logs
- Bind DN Read Only User
- Activation of the MemberOf module
Installation
To create the VM, I will use Vagrant, with a fixed IP, connected to my internal network and DNS.
nslookup ldap.devops-db.info
Server: 172.21.5.155
Address: 172.21.5.155#53
Name: ldap.devops-db.info
Address: 172.21.5.150(Vagrantfile)
Vagrant.configure("2") do |config|
config.vm.define "srv-infrastructure-ldap-master-01" do |openldap|
openldap.vm.box = "bento/ubuntu-22.04"
openldap.vm.hostname = 'srv-infrastructure-ldap-master-01'
openldap.vm.network "public_network", use_dhcp_assigned_default_route: true, bridge: "enp7s0", ip: "172.21.5.150"
openldap.vm.synced_folder "/work/", "/work"
openldap.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--memory", 1024]
v.customize ["modifyvm", :id, "--name", "srv-infrastructure-ldap-master-01"]
end
end
endInitially, update APT and install some basic services.
apt-get update
apt-get install -y python3 wget gnupg2 net-tools gpg lsb-release vim libcap2-bin curl python3-pip less iputils-ping ssh software-properties-common dnsutils jqNow installing the OpenLdap tools.
At this point, the installation will only ask for a password for Administration:
apt-get install -y slapd ldapscriptsAnswers:
1) JbBmKx#lK@ZX4*amqd5lIf the installation went well, check it out, even with the default settings.
$ slapcat
dn: dc=nodomain
objectClass: top
objectClass: dcObject
objectClass: organization
o: nodomain
dc: nodomain
structuralObjectClass: organization
entryUUID: 350c011e-8a3b-103e-8d91-db525a3a1f83
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20240408213212Z
entryCSN: 20240408213212.874276Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20240408213212ZNow let’s do the slapd configuration now. The installation will ask for several parameters, the answers for this installation are as follows:
$ dpkg-reconfigure slapd
Answers:
1) No
2) srv-infrastructure-ldap-master-01.devops-db.info
3) devops-db.info
4) JbBmKx#lK@ZX4*amqd5l
5) yes
6) yesCheck that the configuration went well:
$ ldapsearch -H ldapi:/// -x -LLL -s base -b "" namingContexts
dn:
namingContexts: dc=srv-infrastructure-ldap-master-01,dc=devops-db,dc=infoAt this point, we have finished the installation in the simplest way, it is even possible to make a query from outside the LDAP VM.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave a Reply