LDAP Howto

Rodolfo Alcazar Portillo rodolfo.alcazar at padep.org.bo
Sun Jun 24 15:47:47 UTC 2007

Am Samstag, den 23.06.2007, 16:22 +0200 schrieb Per Qvindesland:
> Hello List,
> Does anyone know about a SIMPLE howto to configure ldap to share address
> book for email clients? after having googled for hours I can find plenty
> but their one of two 1. not simple or 2. just don't work so I am hoping
> that someone here can point me in the right direction.


My own fedora-ldap-almost-howto, hope being useful to you, if you
improve it, please return it to the list, thnx. My job's domain ist
padep.org.bo, change your appropriate, and so with the rest. The
evolution part is up to you, but is very easy:

- Install w/yum:

# yum install php-ldap openldap openldap-clients openldap-servers 

- Configure to get this files:

# cat /etc/ldap.conf |grep "^base" 

base dc=padep,dc=org,dc=bo

# slappasswd 
New password: blahblah
Re-enter new password: blahblah

# cat /etc/openldap/slapd.conf | grep "^suffix\|^root"
suffix          "dc=padep,dc=org,dc=bo"
rootdn          "cn=admin,dc=padep,dc=org,dc=bo"
rootpw          {SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg

- Start service:

# service ldap start
Checking configuration files for slapd:  bdb_db_open: Warning - No
DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=padep,dc=org,dc=bo.
config file testing succeeded
                                                           [  OK  ]
Starting slapd:                                            [  OK  ]

- Create a basic .ldif file:

# cat /etc/openldap/padep.ldif
dn: dc=padep,dc=org,dc=bo
objectclass: dcObject
objectclass: organization
o: Example Company
dc: padep

dn: cn=admin,dc=padep,dc=org,dc=bo
objectclass: organizationalRole
cn: admin

objectclass: top
objectclass: organizationalUnit
ou: Group

objectclass: top
objectclass: organizationalUnit
ou: People

- load ldif file to db:

# ldapadd -x -D "cn=admin,dc=padep,dc=org,dc=bo" -W
-f /etc/openldap/padep.ldif

Enter LDAP Password: blahblah
adding new entry "dc=padep,dc=org,dc=bo"
adding new entry "cn=admin,dc=padep,dc=org,dc=bo"
adding new entry "ou=Group,dc=padep,dc=org,dc=bo"
adding new entry "ou=People,dc=padep,dc=org,dc=bo"

- Install  phpLDAPadmin, visit:

http://your.server.com./pla/htdocs/index.php; enter with

cn=admin,dc=padep,dc=org,dc=bo /pass=blahblah

- Head of my ldap file, obtained with phpLDAPadmin:

version: 1

# LDIF Export for: dc=padep,dc=org,dc=bo
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on
March 8, 2007 3:54 pm
# Server: My LDAP Server (
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 96

dn: dc=padep,dc=org,dc=bo
objectClass: dcObject
objectClass: organization
o: Example Company
dc: padep

dn: cn=admin,dc=padep,dc=org,dc=bo
objectClass: organizationalRole
cn: admin

dn: ou=c1,dc=padep,dc=org,dc=bo
ou: c1
objectClass: organizationalUnit
objectClass: top

dn: cn=benedicto.carani,ou=c1,dc=padep,dc=org,dc=bo
cn: benedicto.carani
givenName: Benedicto
mail: benedicto.carani at padep.org.bo
o: Padep
objectClass: inetOrgPerson
objectClass: top
ou: c1
postalCode: 02
sn: Carani

dn: cn=boris.rodriguez,ou=c1,dc=padep,dc=org,dc=bo
cn: boris.rodriguez
givenName: Boris
mail: boris.rodriguez at padep.org.bo
o: Padep
objectClass: inetOrgPerson
objectClass: top
ou: c1
postalCode: 02
sn: Rodriguez

- PHP exapmle filtering cn=a*

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("localhost");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";
if ($ds) {
   echo "Binding ...";
   echo "Bind result is " . $r . "<br />";
   echo "Searching for (cn=a*) ...";
   $sr=ldap_search($ds, "dc=padep,dc=org,dc=bo", "cn=a*"); 
   echo "Search result is ".$sr."<br>";
   echo "Number of entires returned is " . ldap_count_entries($ds,
$sr) . "<br />";
   echo "Getting entries ...<p>";
   $info = ldap_get_entries($ds, $sr);
   echo "Data for " . $info["count"] . " items returned:<p>";
   for ($i=0; $i<$info["count"]; $i++) {
       echo "dn is: " . $info[$i]["dn"] . "<br />";
       echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
       echo "first email entry is: " . $info[$i]["mail"][0] .
"<br /><hr />";
   echo "Closing connection";

} else {
   echo "<h4>Unable to connect to LDAP server</h4>";

LDAP query test
Connecting ...connect result is Resource id #2
Binding ...Bind result is 1
Searching for (sn=S*) ...Search result is Resource id #3
Number of entires returned is 6
Getting entries ...

Data for 6 items returned:

dn is: cn=admin,dc=padep,dc=org,dc=bo
first cn entry is: admin
first email entry is:

dn is: cn=aidee.suarez,ou=c3,dc=padep,dc=org,dc=bo
first cn entry is: aidee.suarez
first email entry is: aidee.suarez at padep.org.bo


Closing connection

testing command:

# ldapsearch -x -b 'dc=padep,dc=org,dc=bo' '(objectclass=*)'

Good luck!
Rodolfo Alcazar - rodolfo.alcazar at padep.org.bo
591-70656800, -22417628, LA PAZ, BOLIVIA
otbits.blogspot.com / counter.li.org: #367962
- I'm Bender, baby! Please insert liquor!

More information about the fedora-list mailing list