Friday, 23 March 2012

LDAP (slapd) and GOsa on Debian Squeeze

First "Solve" for the blog.


How to install Open LDAP (slapd) and GOsa on Debian Squeeze.  Sometime in recent history, the previous configuration file setup for LDAP (slapd.conf) was deprecated and a new config structure was put in place.  As as today (24/03/2012) the instructions for configuring LDAP on the debian pages still say that their instructions need updating.


So as with all debian installs, I started with the following:
apt-get install slapd gosa gosa-schema

Use your domain name, or local / internal domain name for the slapd install.
Enter whatever you like for the organisation name, or just press enter to accept the default.



Enter an admin password.  Probably good (as with all passwords) not to make it easily guessable, and not the same as other passwords on the same machine.


Pick either type for the database backend. I chose HDB after a bit of searching about the differences.


Next step is the bit that really got me stumped, there wasn't a lot of help on Google for how to do this.

First create a file called /etc/ldap/convert.conf with the following contents:


#Exisiting ldap schemas
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema


#GOSA ldap schemas, order is important.
include /etc/ldap/schema/gosa/samba3.schema
include /etc/ldap/schema/gosa/gofon.schema
include /etc/ldap/schema/gosa/gosystem.schema
include /etc/ldap/schema/gosa/goto.schema
include /etc/ldap/schema/gosa/gosa-samba3.schema
include /etc/ldap/schema/gosa/gofax.schema
include /etc/ldap/schema/gosa/goserver.schema
include /etc/ldap/schema/gosa/goto-mime.schema
include /etc/ldap/schema/gosa/trust.schema



Then make an output directory
root@ldap:/etc/ldap# mkdir /tmp/convert_out


Then run the convert tool as follows:

root@ldap:/etc/ldap# slaptest -f convert.conf -F /tmp/convert_out
config file testing succeeded


This will have created some files in /tmp/convert_out.  We only want the schema files from this output, and we want them to end up in the directories for the new configuration files for slapd.  We also need to change the owner / group on these files so the slapd process can read them.

cp -p /tmp/convert_out/cn\=config/cn\=schema* /etc/ldap/slapd.d/cn\=config/
chown -R openldap.openldap /etc/ldap/slapd.d/ 

At this point, I restarted slapd, but I'm fairly certain this isn't required (your choice).

Next we get into the GOsa configuration...


Assuming Apache etc installed correctly on the machine, you should be able to go to
http://yourip/gosa/ or http://yourhostname/gosa
and see the GOsa administration pages.


At the bottom of the page, there's an "echo" command that you need to cut and paste into a terminal window.  It won't go past this step until you do.

Pick A Language


Hopefully you're all green here.  Mine was a fresh install on a clean debian install, so it looks like it should work out of the box.


On this screen you should see the "succeeded" text at the bottom, If not, something else is wrong, try re-starting slapd.


On this screen, enter "cn=admin" in the Admin DN field, and type the Admin password that you used during the LDAP install.  Then tick the auto append checkbox and click next.


Assuming you've done everything right, you should see this screen...

And that's where i'll end this post, after this the documentation all around is pretty good for GOsa and LDAP. 

Enjoy.   As always feedback / suggestions are welcome.

Why?

My most recent "solve" was last week, and it wasn't until I figured it out that I thought I should probably start writing about this kind of thing.

So this blog will be my place to dump instructions, solutions, screen shots and links for the crazy list of things I solve after finding no (or little) help searching the web.