LDAP (slapd) and GOsa on Debian Squeeze

First "Solve" for the blog.

How to install Open LDAP (slapd) and GOsa on Debian Squeeze.  Sometime in recent history, the previous configuration file setup for LDAP (slapd.conf) was deprecated and a new config structure was put in place.  As as today (24/03/2012) the instructions for configuring LDAP on the debian pages still say that their instructions need updating.

So as with all debian installs, I started with the following:

apt-get install slapd gosa gosa-schema

Use your domain name, or local / internal domain name for the slapd install.

Enter whatever you like for the organisation name, or just press enter to accept the default.

Enter an admin password.  Probably good (as with all passwords) not to make it easily guessable, and not the same as other passwords on the same machine.

Pick either type for the database backend. I chose HDB after a bit of searching about the differences.

See http://lmgtfy.com/?q=HDB+or+BDB

Next step is the bit that really got me stumped, there wasn't a lot of help on Google for how to do this.

First create a file called /etc/ldap/convert.conf with the following contents:


#Exisiting ldap schemas
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema


#GOSA ldap schemas, order is important.
include /etc/ldap/schema/gosa/samba3.schema
include /etc/ldap/schema/gosa/gofon.schema
include /etc/ldap/schema/gosa/gosystem.schema
include /etc/ldap/schema/gosa/goto.schema
include /etc/ldap/schema/gosa/gosa-samba3.schema
include /etc/ldap/schema/gosa/gofax.schema
include /etc/ldap/schema/gosa/goserver.schema
include /etc/ldap/schema/gosa/goto-mime.schema
include /etc/ldap/schema/gosa/trust.schema

Then make an output directory

root@ldap:/etc/ldap# mkdir /tmp/convert_out

Then run the convert tool as follows:

root@ldap:/etc/ldap# slaptest -f convert.conf -F /tmp/convert_out
config file testing succeeded

This will have created some files in /tmp/convert_out.  We only want the schema files from this output, and we want them to end up in the directories for the new configuration files for slapd.  We also need to change the owner / group on these files so the slapd process can read them.

cp -p /tmp/convert_out/cn\=config/cn\=schema* /etc/ldap/slapd.d/cn\=config/

chown -R openldap.openldap /etc/ldap/slapd.d/ 

At this point, I restarted slapd, but I'm fairly certain this isn't required (your choice).

Next we get into the GOsa configuration...

Assuming Apache etc installed correctly on the machine, you should be able to go to

http://yourip/gosa/ or http://yourhostname/gosa

and see the GOsa administration pages.

At the bottom of the page, there's an "echo" command that you need to cut and paste into a terminal window.  It won't go past this step until you do.

Pick A Language

Hopefully you're all green here.  Mine was a fresh install on a clean debian install, so it looks like it should work out of the box.

On this screen you should see the "succeeded" text at the bottom, If not, something else is wrong, try re-starting slapd.

On this screen, enter "cn=admin" in the Admin DN field, and type the Admin password that you used during the LDAP install.  Then tick the auto append checkbox and click next.

Assuming you've done everything right, you should see this screen...

And that's where i'll end this post, after this the documentation all around is pretty good for GOsa and LDAP. 

Enjoy.   As always feedback / suggestions are welcome.