[cvs] [Wiki] changed: NewLDAPHowTo

Ben Chavet ben at horde.org
Sat Jun 18 23:02:09 PDT 2005


ben  Sat, 18 Jun 2005 23:02:09 -0700

Modified page: http://wiki.horde.org/NewLDAPHowTo
New Revision:  1.20
Change log:  Include ldap groups in the directory configuration.

@@ -5,38 +5,65 @@
 [[toc]]
 
 ----
 
-This document is intended to help administrators set up a **new** Horde 3 installation using a **new** LDAP directory.  Installing and configuring an LDAP directory is outside the scope of this document.  It is assumed that you have a working LDAP directory, and that we will be adding a new branch to it.  Please feel free to fill in any gaps or to clarify any existing information presented here.
+This document is intended to help administrators set up a **new** Horde 3 installation using a **new** LDAP directory.  Installing and configuring an LDAP directory is outside the scope of this document.  It is assumed that you have a working LDAP directory, and that we are adding a new branch to it.  
+
+Please feel free to fill in any gaps or clarify any existing information presented here.
 
 For starters, this will be a running progress of what I am doing to set up a working Horde installation using LDAP wherever possible.
 
 ----
 
 ++ Document Standards
 
-We will be using the following standards and assumptions throughout this document.  Please adjust accordingly to your situation.
+The following standards and assumptions are used throughout this document.  Please adjust accordingly to your situation.
 
 * The LDAP directory is on the same machine we are installing Horde on.
 * The LDAP directory does not allow anonymous binding.
 * The LDAP administrative account is {{cn=root,dc=example,dc=com}}.
 * The LDAP directory security accounts will be stored in {{ou=DSA,dc=example,dc=com}}
-* !OpenLDAP 2.1.30-r4 running on a Gentoo Linux machine is used for this example.
+* !OpenLDAP 2.1.30-r4 running on a Gentoo Linux machine is used for the presented examples.
 
 ----
 
 ++ LDAP Directory Configuration
+
++++ Directory Structure
+
+The following shows the LDAP directory structure we are using.  
+
+<code>
+dc=example,dc=com
+|-- ou=DSA
+|   `-- cn=horde
+`-- ou=horde
+    |-- ou=users
+    |   `--cn=admin
+    `-- ou=groups
+</code>
+
+This is certainly not the only, or even necessarily the "correct", directory structure to use.  Horde is not picky, and can be configured to use any structure you choose.  We chose this particular structure in order to leave our LDAP directory open for non-horde use in the future.  If you choose not to use this structure, be sure to modify the examples to fit your directory structure.
 
 +++ Required Schemas
 
-There are a few schema files that need to be included in the slapd config file.  These files are located in {{horde/scripts/ldap/horde.schema}}, and {{turba/scripts/ldap/rfc2739.schema}}.  Copy these files to {{/etc/openldap/schema}}, and add these lines to the global section in {{/etc/openldap/slapd.conf}}:
+The following schemas **must** be included in your LDAP configuration.
+
+<code>
+include /etc/openldap/schema/core.schema
+include /etc/openldap/schema/cosine.schema
+include /etc/openldap/schema/inetorgperson.schema
+include /etc/openldap/schema/nis.schema
+</code>
+
+And the following schemas are optional.
 
 <code>
-include /etc/openldap/schema/horde.schema
 include /etc/openldap/schema/rfc2739.schema
+include /etc/openldap/schema/horde.schema
 </code>
 
-Then, restart slapd for these changes to take effect.
+{{rfc2739.schema}} is used by turba to store calendar information, and can be found in {{horde/turba/scripts/ldap/rfc2739.schema}}.  {{horde.schema}} is used by horde to store user preferences, and can be found in {{horde/scripts/ldap/horde.schema}}.  If you intend to use either of these features, copy the respective schema file to {{/etc/openldap/schema}}.
 
 +++ Import LDAP Entries
 
 Put the following in a file named {{horde.ldif}}.  Don't worry about the password values just yet, we'll be changing them in a minute.  Also, make sure to adjust the //dn// values for your directory.
@@ -56,9 +83,13 @@
 dn: ou=horde,dc=example,dc=com
 objectclass: organizationalUnit
 ou: horde
 
-dn: uid=admin,ou=horde,dc=example,dc=com
+dn: ou=users,ou=horde,dc=example,dc=com
+objectclass: organizationalUnit
+ou: horde
+
+dn: uid=admin,ou=users,ou=horde,dc=example,dc=com
 objectclass: top
 objectclass: uidobject
 objectclass: person
 objectclass: hordePerson
@@ -66,8 +97,12 @@
 uid: admin
 cn: Administrator
 sn: Administrator
 userpassword: supersecretpassword
+
+dn: ou=groups,ou=horde,dc=example,dc=com
+objectclass: organizationalUnit
+ou: horde
 </code>
 
 Then, run the following command to import the entries into the LDAP directory.  You will be prompted for the LDAP root password.
 
@@ -84,11 +119,11 @@
 <code>
 ldappasswd -x -h localhost -D "cn=root,dc=example,dc=com" -s secretpassword -W cn=horde,ou=DSA,dc=example,dc=com
 </code>
 
-Set the password for {{uid=admin,ou=horde,dc=example,dc=com}}:
+Set the password for {{uid=admin,ou=users,ou=horde,dc=example,dc=com}}:
 <code>
-ldappasswd -x -h localhost -D "cn=root,dc=example,dc=com" -s secretpassword -W uid=admin,ou=horde,dc=example,dc=com
+ldappasswd -x -h localhost -D "cn=root,dc=example,dc=com" -s secretpassword -W uid=admin,ou=users,ou=horde,dc=example,dc=com
 </code>
 
 +++ Directory Permissions
 


More information about the cvs mailing list