OPS335-Lab-ldap

From CDOT Wiki
Revision as of 21:16, 30 October 2019 by Peter.callaghan (talk | contribs) (INVESTIGATION 1: Connecting a Client Machine to an LDAP server)
Jump to: navigation, search

OBJECTIVE & PREPARATION

  • Learn some fundamental concepts and terminology used with LDAP.
  • Practice creating users in OpenLDAP.
  • Set up linux machines to authenticate against an OpenLDAP server.
  • Learn to update lDAP information with ldif files.

Online Resources

We'll use OpenLDAP in this course.

The purpose of LDAP the way it's used most of the time is relatively intuitive, but the implementation details will take longer to understand.

LDAP is a generic directory access protocol, but we'll look at it specifically as a server containing user credentials that can be used for authorization on multiple machines.

You should read as much of the OpenLDAP Administration Guide as you can handle. You'll find that parts of it make no sense at first, but as you get more practice with the software and the concepts they become easier to understand. As a minimum, read:

  • The introduction.
  • The quick start guide.
  • The configuration layout part of "Configuring slapd".
  • There is a glossary at the end of the guide. It's not complete and it doesn't have any details, but it's a good place to look when you get confused by weird-looking shorthands like dc, dn, or cn.

INVESTIGATION 1: Connecting a Client Machine to an LDAP server

You won't be asked to set up an OpenLDAP server from scratch, we don't have time for that. So you can start with a VM I made for you.

Download the disk image here and set it up the same way you've set up the midterm test review. You only need 512MB of RAM. Connect it to your lab network.

The machine doesn't have any regular users, only root. Use whatever technique works for you to reset the root password so that you can log in.

OpenLDAP has been set up on it using this itzgeek guide. You should read that guide even though you don't need to perform all those steps yourself.

My OpenLDAP server (lin3) has been set up with:

  • The Domain Components dc=andrew.dc=ops.
  • The admin username ldaproot and the password seneca99ldap
  • An Organisation Unit named People, for regular users.
  • With one regular user john, whose password you should change using the ldappasswd command.

The rest of your tasks for this section of the lab are:

  • Set up all your VMs to authenticate using the LDAP service hosted on lin3.

INVESTIGATION 2: Adding Users to LDAP

Perform the Following steps on your LDAP server VM:

  1. Add a new user

INVESTIGATION 3: Using Ldif Files

COMPLETING THE LAB

Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below

Online Submission (Peter Callaghan's sections only)

Follow the instructions for lab X on blackboard.

In-Class submission

To be completed by faculty who use in-class submission

EXPLORATION QUESTIONS

Retrieved from "https://wiki.cdot.senecapolytechnic.ca/w/index.php?title=OPS335-Lab-ldap&oldid=141544"