ldap_search

Purpose of the exercise

How to setup a LDAP Server, to add entries to a LDAP Server, and to change users' rights to be able to add entries and change the attributes of entries.

How To

1. Create two virtual machines, SimpleArbiterDhcpGWLDAP(simpleArbiterDhcpGWLDAP.vdi) and LDAPServer(student-LDAPServer.vdi).
   


2. Change the network settings to both virtual machines. SimpleArbiterDhcpGWLDAP: Adapter 1 is set to "NAT" for internet access and adapter 2 to "internal network" for local network. LDAPServer: Adapter 1 set to "internal network" sot that it is in the same internal network as SimpleArbiterDhcpGWLDAP.
   
   
   


3. In SimpleArbiterDhcpGWLDAP log in as user "tester", in LDAPServer log in as user "root", run the command "apt-get update" to update the list of packages and open up another terminal by pressing "ALT+F2" and log in as user "student".


4. In LDAPServer run the command "apt-get install slapd ldap-utils" to install these packages which are the LDAP server and tools to access and manage the LDAP server.
   During the LDAP server installation you'll have to provide the password for the user "admin", the administrator of the server and confirm the password chosen.


5. Configure the LDAP server by choosing the appropriate domain name and other configuration parameters. Execute the commmand "dpkg-reconfigure slapd".
   
   
   
   
   
   
   
   
   a) If you will configure the "slapd" again don't forget to remove the old database "rm -rf /var/backups/unknown-2.4.44+dfsg-2.ldapdb".


6. Now that the LDAP server is configured for use, try to open a third console and log in as user "student" and execute the command "ldapsearch -D cn=admin,dc=ceres-20,dc=kpov, dc=lusy,dc=fri,dc=uni-lj,dc=si -W -b dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si", which will show the entries in the server.
   Because you will be using a lot the domain name to access the LDAP server you can set the environment variable "D", which will allow for quicker typing of commands.
   "export D=dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si"
   "ldapsearch -D cn=admin,$D -wvaje -b $D"


7. Create the file(LDIF format) "users.ldif" which will contain the objects(users) that we want to add to the LDAP server database.
   
   Execute the following command to add users to the LDAP server:
   "ldapadd -D cn=admin,$D -wvaje -f users.ldif"
   Add password to the users added to the LDAP server:
   "ldappasswd -D cn=admin,$D -wvaje -sj2531e cn=ninavidmar,ou=users,$D"
   "ldappasswd -D cn=admin,$D -wvaje -scTyRM0 cn=natalijaribnikar39,ou=users,$D"
   Execute command "ldapsearch -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -b $D" to bind to the LDAP server with the newly added user "natalijaribnikar39" and to see the entries currently in the LDAP server.
   


8. In order to change the users' rights settings, which allows a user to add entries to the directory and change values of attributes of entries in the directory you need to create an additional file acl.ldif:
   To see which backend database is used and other settings related to the users' rights execute command "ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config" as root user in the system, which does not need the user authentication to the LDAP server.
   
   The settings in the acl.ldif file:
   
   Now to change users' rights run the command "ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif" as user "root" in the system.


9. The user "natalijaribnikar39" has the right to add or change objects in the LDAP server.
   Now try to bind to the LDAP server using "natalijaribnikar39" user's credentials and add a new user to the server directory.
   "ldapadd -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -f newuser.ldif"


10. Now to test your result go to the SimpleArbiterDhcpGWLDAP virtual machine and run "./test_task.py" to run the test and see your score.