An Openldap Directory Server

J2EE, java, Security, Uncategorized

Introduction

The recent JNDI article and an upcoming JAAS article require an LDAP server. This tutorial will walk through the basic details of reproducing the Openldap Server used in these two articles.

Openldap, Sun LDAP Server, and IBM Directory Server all started out as the same University of Michigan code base. Each of them has a slapd process running that makes up the “LDAP Server”. There are probably other variants of this code base running around.

This is by no means an exhaustive tutorial; www.openldap.org has excellent documentation. This post gives enough information to recreate the LDAP database being used in recent examples on Thinkmiddleware.com

Instructions

By no means will this be an exhaustive tutorial, but it should get the adventurous moving in the generally correct direction.

  1. Download, compile, and install the most recent Openldap source tree from www.openldap.com following the instructions provided in the Quickstart guide.
  2. This should have created an LDAP database whose configuration files live under /usr/local/etc/openldap. The Java and InetOrgPerson schemas need to be added to the new LDAP database. Add the following to slapd.conf in this directory
    • include /usr/local/etc/openldap/schema/java.schema
    • include /usr/local/etc/openldap/schema/core.schema
    • include /usr/local/etc/openldap/schema/cosine.schema
    • include /usr/local/etc/openldap/schema/inetorgperson.schema
  3. The slapd.conf file used in the articles presented on this site contains the following:
    • database bdb
    • suffix “dc=thinkmiddleware,dc=com”
    • rootdn “cn=Manager,dc=thinkmiddleware,dc=com”
  4. Create a start command called /usr/local/bin/startLdap that contains the following:

    5. #!/bin/bash
    set -x
    su root -c /usr/local/libexec/slapd

  5. You can then start the LDAP Server by running startLdap.
  6. Verify a slapd process is running with “ps -ef | grep slapd”.
  7. Verify that something is listening on port 389 with “netstat -an | grep 389”.
  8. Create an addUser.sh script that contained the following:

    9. #!/bin/bash
    PASSWORD=$2
    ldapadd -x -D “cn=Manager,dc=thinkmiddleware,dc=com” -w ${PASSWORD} -f $1.ldif

  9. Create a script called loadUsers.sh that contains the following:

    10. #!/bin/bash
    COUNT=0
    TOTAL=5000
    echo “Password: ”
    read PASSWORD
    while [ $COUNT -lt $TOTAL ];
    do
    COUNT=`expr $COUNT + 1`
    echo “Adding user $COUNT”
    cp dummy.ldif $COUNT.ldif
    sed s/”dummy”/”$COUNT”/g $COUNT.ldif > $COUNT.ldif.tmp
    mv $COUNT.ldif.tmp $COUNT.ldif
    ./addUser.sh $COUNT $PASSWORD
    rm $COUNT.ldif
    done;

  10. Create a file called dummy.ldif, which contains the following:

    11. dn: cn=dummy,ou=Users,dc=thinkmiddleware,dc=com
    objectClass: inetOrgPerson
    cn: dummy
    sn: dummy
    mail: 01@thinkmiddleware.com
    userPassword: secret

  11. Using the Ldap Browser mentioned in the JNDI Tutorial, add a new Organization Unit, “ou=Users” under the “dc=thinkmiddleware,dc=com” branch.
  12. Create 5000 users under “ou=Users,dc=thinkmiddleware,dc=com” by running loadUsers.sh. Note, this creates 5000 separate LDIF (LDAP Data Interchange Format) files, but deletes the LDIF file created on each iteration.

The 5000 users are named: 1,2,…,4999,5000. The password for each is “secret”; for anything important, a different password is recommended. The Distinguished Name for each user is “cn=####,ou=User,dc=thinkmiddleware,dc=com” where ####=1,2,…,4999,5000.

At this point, an LDAP database that be used with example code in the JNDI & JAAS articles has been created.

Reference

[1] http://www.openldap.org
[2] http://www.mcs.anl.gov/~gawor/ldap/
[3] http://www.openldap.org/doc/admin24/quickstart.html