LDAP - Light Directory Accessing Protocol - Reading Notes

Definition and Resources

- Description: [wiki,baidubaike, RFC4511]

- LDAP Server: openldap

- Use Ruby gem 'ActiveLdap' as LDAP client: ActiveLDAP

Introduction

All the following example are based on "Practical Ruby for System Administration", Section 7.2.1

Start Ldap Server on Local Host

Install OpenLdap

use step1 - step 7 from quick start to install OpenLdap.

Start Ldap Server

Use the following to slapd.conf start Open Ldap.

#slapd.conf

include /usr/local/etc/openldap/schema/core.schemainclude /usr/local/etc/openldap/schema/cosine.schemainclude /usr/local/etc/openldap/schema/nis.schemadatabase bdbsuffix "dc=imaginarycorp,dc=com"rootdn "cn=Manager,dc=imaginarycorp,dc=com"rootpw secretdirectory /usr/local/var/openldap-data

use -d option to display debug information while starting the server:

sudo /usr/local/libexec/slapd -d255

Add Entries by LDIF

Here only display the results from 'ldapsearch' command:

[10:52 luckyvan@luckyvan-VirtualBox openldap-2.4.35] > ldapsearch -x -b 'dc=imaginarycorp,dc=com' '(objectclass=*)'

# extended LDIF## LDAPv3# base <dc=imaginarycorp,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL## imaginarycorp.comdn: dc=imaginarycorp,dc=comobjectClass: domainobjectClass: topdc: imaginarycorp# Users, imaginarycorp.comdn: ou=Users,dc=imaginarycorp,dc=comobjectClass: organizationalUnitobjectClass: topou: Users# Groups, imaginarycorp.comdn: ou=Groups,dc=imaginarycorp,dc=comobjectClass: organizationalUnitobjectClass: topou: Groups# billy, Users, imaginarycorp.comdn: uid=billy,ou=Users,dc=imaginarycorp,dc=comobjectClass: topobjectClass: accountobjectClass: posixAccountuid: billycn: billyuserPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=uidNumber: 199995gidNumber: 20homeDirectory: /home/billy# jonny, Users, imaginarycorp.comdn: uid=jonny,ou=Users,dc=imaginarycorp,dc=comobjectClass: topobjectClass: accountobjectClass: posixAccountuid: jonnycn: jonnyuserPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=uidNumber: 199996gidNumber: 20homeDirectory: /home/jonny# admin, Groups, imaginarycorp.comdn: cn=admin,ou=Groups,dc=imaginarycorp,dc=comobjectClass: topobjectClass: posixGroupcn: admingidNumber: 20userPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=# gopher, Groups, imaginarycorp.comdn: cn=gopher,ou=Groups,dc=imaginarycorp,dc=comobjectClass: topobjectClass: posixGroupcn: gophergidNumber: 21userPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=# search resultsearch: 2result: 0 Success# numResponses: 8# numEntries: 7

The LDIF file should follow very strict format and one may encounter enormous errors on the first trying. Here are some places can be checked:

Common LDAP Schema

Common Errors

Use Ruby 'ActiveLdap' to access a LDAP Server

Gem Install

# gem install activeldap

# gem install net-ldap

    

Access Example through irb

2.0.0-p0 :001 > require 'active_ldap' => true 2.0.0-p0 :002 > require 'net/ldap' => true 2.0.0-p0 :003 > ActiveLdap::Base.setup_connection :host => 'localhost', :base => "dc=imaginarycorp,dc=com" => nil 2.0.0-p0 :004 > class User < ActiveLdap::Base2.0.0-p0 :005?>    ldap_mapping :dn_attribute => "uid", :prefix => "ou=Users", #!! prefix is case sensitive2.0.0-p0 :006 >      :classes => ["top", "posixAccount"],2.0.0-p0 :007 >     :scope => :one2.0.0-p0 :008?>   belongs_to :groups, :class => "Group", :many => "memberUID" #!! fail to establish the relationship between 'User' and 'Group'2.0.0-p0 :009?>   end => nil 2.0.0-p0 :010 > User.find(:all, "*")  # find all users => [#<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["billy"], commonName: ["billy"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/billy"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["billy"], uidNumber: [199995], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["billy"]>, #<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["jonny"], commonName: ["jonny"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/jonny"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["jonny"], uidNumber: [199996], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["jonny"]>] 2.0.0-p0 :011 > class Group < ActiveLdap::Base2.0.0-p0 :012?>   ldap_mapping :dn_attribute => "cn", :prefix => "ou=Groups",2.0.0-p0 :013 >     :classes => ["top", "posixGroup"],2.0.0-p0 :014 >     :scope => :one2.0.0-p0 :015?>   has_many :users, :class => "User", :wrap => "memberUID"2.0.0-p0 :016?>   end => nil 2.0.0-p0 :017 > Group.find(:all, "*") # find all groups => [#<Group objectClass:<top, posixGroup>, must:<cn, gidNumber, objectClass>, may:<description, memberUid, userPassword>, cn: ["admin"], commonName: ["admin"], description: [], gidNumber: [20], memberUid: [], objectClass: ["top", "posixGroup"], userPassword: ["{crypt}duTx91g7PoNzE"]>, #<Group objectClass:<top, posixGroup>, must:<cn, gidNumber, objectClass>, may:<description, memberUid, userPassword>, cn: ["gopher"], commonName: ["gopher"], description: [], gidNumber: [21], memberUid: [], objectClass: ["top", "posixGroup"], userPassword: ["{crypt}duTx91g7PoNzE"]>] 2.0.0-p0 :018 > billy = User.find "billy" => #<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["billy"], commonName: ["billy"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/billy"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["billy"], uidNumber: [199995], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["billy"]> 2.0.0-p0 :019 > billy.groups.each{ |g| p g.cn} => [] 2.0.0-p0 :020 > admin = Group.find "admin" => #<Group objectClass:<top, posixGroup>, must:<cn, gidNumber, objectClass>, may:<description, memberUid, userPassword>, cn: ["admin"], commonName: ["admin"], description: [], gidNumber: [20], memberUid: [], objectClass: ["top", "posixGroup"], userPassword: ["{crypt}duTx91g7PoNzE"]> 2.0.0-p0 :021 > admin.users.size # fail to establish relationship exmaple => 0 2.0.0-p0 :022 > class User < ActiveLdap::Base2.0.0-p0 :023?>   has_many :users, :class => "User", :wrap => "uid"2.0.0-p0 :024?>   ^C2.0.0-p0 :024 > endSyntaxError: (irb):24: syntax error, unexpected keyword_endfrom /home/luckyvan/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0-p0 :025 > class User < ActiveLdap::Base2.0.0-p0 :026?>   belongs_to :groups, :class => "Group", :many => "uid"2.0.0-p0 :027?>   end => nil 2.0.0-p0 :028 > class Group < ActiveLdap::Base2.0.0-p0 :029?>   has_many :users, :class => "User", :wrap => "uid"2.0.0-p0 :030?>   end => nil 2.0.0-p0 :031 > billy = User.find("billy") => #<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["billy"], commonName: ["billy"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/billy"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["billy"], uidNumber: [199995], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["billy"]> 2.0.0-p0 :032 > billy.groups.size => 0 2.0.0-p0 :033 > fred = User.new "fred" # new a user named fred => #<User objectClass:<top, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, loginShell, userPassword>, cn: [], commonName: [], description: [], gecos: [], gidNumber: [], homeDirectory: [], loginShell: [], objectClass: ["top", "posixAccount"], uid: ["fred"], uidNumber: [], userPassword: [], userid: ["fred"]> 2.0.0-p0 :034 > fre.uid_number = 1014NameError: undefined local variable or method `fre' for main:Objectfrom (irb):34from /home/luckyvan/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0-p0 :035 > fred.uid_number = 1014 => 1014 2.0.0-p0 :036 > fred.gid_number = 21 => 21 2.0.0-p0 :037 > fred.home_directory = "/home/fred" => "/home/fred" 2.0.0-p0 :038 > raise fred.errors.full_messages.join(", ") unless fred.save # fail to add fred due to lack of 'cn' attributesRuntimeError: Cn is required attribute by objectClass 'posixAccount': aliases: commonNamefrom (irb):38from /home/luckyvan/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0-p0 :039 > fred.cn = "fred" => "fred" 2.0.0-p0 :040 > raise fred.errors.full_messages.join(", ") unless fred.save # fail to add fred due to authenticationActiveLdap::StrongAuthenticationRequired: unknown result (8): uid=fred,ou=Users,dc=imaginarycorp,dc=com