Adding Nodes

Appendix D - Open LDAP Setup : Adding Nodes

Adding Nodes

After installing OpenLDAP, we are ready to create some nodes. When comparing to a relational database, we could compare nodes to a table where we store our records. Of course they are not the same, but this comparison is made so you can have a grasp of what a node is.

We want two nodes:

Groups node

People node

There is no native application or shell. Instead, Openldap comes with a few executables you can use to perform your actions. You feed these executables with files containing the data you want to add. So let's get to it.

Make a file named add_nodes.ldif in your favorite text editor and add the following lines.

dn: ou=people,dc=test,dc=com

objectClass: organizationalUnit

ou: People

dn: ou=groups,dc=test,dc=com

objectClass: organizationalUnit

ou: Groups

To add these nodes, simply run the following command and give the admin password (that you chose during slapd setup) when prompted:

ldapadd -x -D cn=admin,dc=test,dc=com -W -f add_nodes.ldif

Our base is dc=test,dc=com and with this we have just added people and groups nodes.

Enabling MemberOf

In order to easily and efficiently do queries that enables you to see which users that are part of which groups, we need to set up the feature in ldap that allows us to do this.

To do so, make the following 3 files:

memberof_config.ldif

dn: cn=module,cn=config

cn: module

objectClass: olcModuleList

olcModuleLoad: memberof

olcModulePath: /usr/lib/ldap

dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config

objectClass: olcConfig

objectClass: olcMemberOf

objectClass: olcOverlayConfig

objectClass: top

olcOverlay: memberof

olcMemberOfDangling: ignore

olcMemberOfRefInt: TRUE

olcMemberOfGroupOC: groupOfNames

olcMemberOfMemberAD: member

olcMemberOfMemberOfAD: memberOf

refint1.ldif

dn: cn=module{1},cn=config

add: olcmoduleload

olcmoduleload: refint

refint2.ldif

dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config

objectClass: olcConfig

objectClass: olcOverlayConfig

objectClass: olcRefintConfig

objectClass: top

olcOverlay: {1}refint

olcRefintAttribute: memberof member manager owner

To set up the memberof module and configure it, run this command:

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif

To load and configure the refint module:

sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint1.ldif

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint2.ldif

Every group created before this module is enabled has to be deleted and remade, in order for these changes to take effect. LDAP assigns a member attribute, behind the scenes, to existing users, when creating a group.