Welcome!

Open Source Authors: Maureen O'Gara, Jeremy Geelan, Liz McMillan, Reuven Cohen, Lavenya Dilip

Related Topics: Open Source

Open Source: Article

How to Create a Directory Service Using the OpenLDAP Directory Server

A directory service is an application that stores, retrieves, and modifies information about network resources
By Deepak Vohra, Ajay Vohra
Article Rating:
July 15, 2007 04:00 PM EDT
Reads:
 25,785

Next, create directory entries for JDeveloper developers under the organizational unit jdeveloper. Attributes sn and cn are required attributes for the object class person. An example directory entry is shown in following listing:

#Steve's Directory Entry
dn: cn=Steve Muench,ou=jdeveloper,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Steve Muench
sn: Muench
title: JDeveloper Developer

The LDIF file jdevDir.ldif is listed in Listing 1. Copy the ldif file to the C:\Program Files\OpenLDAP directory. Next, start the OpenLDAP slapd server with the following command from the OpenLDAP installation directory:

C:\Program Files\OpenLDAP> .\slapd -d 1

OpenLDAP provides the ldapadd tool to add a directory entry. Run the ldapadd command on the jdevDir.ldif file as shown below. The -d argument specifies the bind DN for authenticating the connection to the directory. The -w argument specifies the password for authenticating to the bind DN. The -file argument specifies the LDIF file that contains the directory entries.

C:\Program Files\OpenLDAP>ldapadd -D "cn=Manager,dc=example,dc=com" -v -w openldap -f jdevDir.ldif

Directory entries get added to the LDAP server.

Searching a Directory
The ldapsearch tool is used to search an LDAP directory and display the results in LDIF text format. As directory entries are identified by DNs, directory entries are searched by DNs. As an example, search the directory for DN "cn=Steve Muench,ou=jdeveloper,dc=example,dc=com." The ldap command to authenticate to the base DN and search the directory entry for DN "cn=Steve Muench,ou=jdeveloper,dc=example,dc=com" is as follows:

>ldapsearch -D "cn=Manager,dc=example,dc=com" -w openldap -b "cn=Steve Muench,ou=jdeveloper,dc=example,dc=com"

The -b argument specifies the base DN to search. The output of the ldapsearch operation is listed below.

# extended LDIF
#
# LDAPv3
# base <cn=Steve Muench,ou=jdeveloper,dc=example,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# Steve Muench, jdeveloper, example.com
dn: cn=Steve Muench,ou=jdeveloper,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: Steve Muench
sn: Muench
title: JDeveloper Developer

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Modifying a Directory
OpenLDAP provides the ldapmodify tool to modify a directory. With the ldapmodify tool a new entry can be added, an entry can be modified, and an entry can be deleted. The modifications to be made can be specified on a command line or in an LDIF file. An LDIF file is recommended for specifying modifications since a large number of modifications can be specified in an LDIF file. As an example add a new entry specified in addEntry.ldif in Listing 2.

Listing 2 addEntry.ldif
dn: cn=Deepak Vohra,ou=jdeveloper,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Deepak Vohra
sn: Vohra
title: JDeveloper Developer

The -a option of the ldapmodify command is used to add a new entry. Run the ldapmodify command as shown below. The LDIF file is specified with the -f option.

ldapmodify -D "cn=Manager,dc=example,dc=com" -w openldap -a -f addEntry.ldif


Published July 15, 2007 – Reads 25,785
Copyright © 2007 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Deepak Vohra

Deepak Vohra is a Sun Certified Java 1.4 Programmer and a Web developer.

More Stories By Ajay Vohra

Ajay Vohra is a senior solutions architect with DataSynapse Inc.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
karan 02/20/08 12:18:02 AM EST

hi acn i know hoe to create directory structure for
dn: uid: karan.sngl@gmail.com,dc=mail,dc=xyz,dc=de.

and our suffix is dc=mail,dc=xyz,dc=de.

Do reply me at karan.sngl@gmail.com
please help me out i m getting so much problem in creating directory scructure
Tom Britton 07/12/07 04:57:45 PM EDT

LDAP is an overly complex, arcane system for storing and retrieving informtion, some of which can be used for authentication. This article may be useful for extending the authors' list of publications but does little to help explain or demystify LDAP, OpenLdap, or anything else. It uses jargon with abandon, and where some of the jargon is defined, it provides no explanation, providing no understanding. As a cookbook, its recipes are too terse to be useful. Of course in a magazine article, space is at a premium, but the authors have used their allocation very poorly. A waste of time and print space.