7. Administration
OpenLDAP Server
OpenLDAP is an Open source LDAP server designed for UNIX
platforms. A Windows version can be downloaded from:
http://download.bergmans.us/openldap/openldap-2.2.29/
openldap-2.2.29-db-4.3.29-openssl-0.9.8awin32_Setup.exe.
OpenLDAP Server Installation
After downloading the program, launch the installer, select your
language, accept the license and choose the target installation
directory. The default directory is:
c:\Program Files\OpenLDAP.
When the Select Components dialog box appears, select install
BDB-tools and install OpenLDAP-slapd as NT service, as shown in
the diagram, below:
OpenLDAP Server Configuration
The main OpenLDAP configuration file, slapd.conf, has to be
customized before launching the server. The modifications to the
configuration file will do the following:
• Specify the Unicode data directory. The default is ./ucdata.
• Choose the required LDAP schemas. The core schema is
mandatory.
• Configure the path for the OpenLDAP pid and args start up files.
The first contains the server pid, the second includes command
line arguments.
• Choose the database type. The default is bdb (Berkeley DB).
• Specify the server suffix. All entries in the directory will have this
suffix, which represents the root of the directory tree. For example,
with suffix dc=tripplite,dc=com, the fully qualified name of all
entries in the database will end with dc=tripplite,dc=com.
• Define the name of the administrator entry for the server (rootdn),
along with its password (rootpw). This is the server's super user.
The rootdn name must match the suffix defined above. (Since all
entry names must end with the defined suffix, and the rootdn is
an entry)
An example configuration file is provided in the figure, below:
( continued )
Starting the OpenLDAP Server
To start the OpenLDAP Server, run slapd (the OpenLDAP Server exe-
cutable file) from the command line. slapd supports a number of
command line options, the most important option is the d switch
that triggers debug information. For example, a command of slapd
-d 256 would start OpenLDAP with a debug level of 256, as shown
in the following screenshot:
Note: For details about slapd options and their meanings, refer to
the OpenLDAP documentation.
Customizing the OpenLDAP Schema
The schema that slapd uses may be extended to support additional
syntaxes, matching rules, attribute types, and object classes. In the
case of the B020-Series KVM Switch, the B020-Series KVM Switch
User class and the permission attribute are extended to define a
new schema. The extended schema file used to authenticate and
authorize users logging in to the B020-Series KVM Switch is shown
in the figure, below:
50