Frequently Asked Questions

I have enabled the LDAP server. How can I manage it?
Last Updated 5 years ago

LDAP server management

LDAP server can be managed up to a point from iNODE's web interface. All server side settings (base DN, root DN, ACLs) can be configured through iNODEs web interface.

iNODE supports the use of the LDAP server as authentication backend and as such, it provides the tools to access and fully manage and maintain the LDAP user database. This ensures that the users on the LDAP have the proper attributes and the corresponding proper values in order to be used by all iNODE's services.

Since LDAP can be used as the backend for numerous other applications and services, in order to fully manage the LDAP server, an LDAP client/browser is required. There are many free and open source clients that can be used for this purpose. Some are more generic, while others are more specialized. The following link provides a list of clients that can be used to browse or manage the LDAP server:

https://en.wikipedia.org/wiki/List_of_LDAP_software


In this turorial we will use LDAP admin to manage the LDAP server, manually adding users and creating OUs to organize our data.


LDAP connection settings

Right after LDAP initialization, it is possible to connect to the LDAP server only by using the root DN provided on "LDAP server :: General Settings".

To connect to the LDAP server using LDAP Admin, click on Start -> Connect... Menu and create a new connection, providing the server's IP, the root DN and the root password as specified on "Configuration :: LDAP Server :: General Settings" :

image

If the LDAP server has not been initialized with any data, an error message of this form should appear:



For proper initialization of the LDAP server, follow the LDAP server initialization instructions.


After initialization is completed successfully, disconnecting and reconnecting to the LDAP server should now show the Base DN object without problems:

image


Creating LDAP objects

The basic structural component in order to organize data on the LDAP server is the Organizational Unit (OU). To create a new OU right click on the parent node on the LDAP server, where you want the OU to be created and then click on "New... -> Organizational unit..."
The following form will request the name of the OU along with some further details.

Fill in the name and click on the OK button

image

Keep creating the necessary OUs required until the structure on the LDAP server is as required.


User Management

LDAP can contain user objects, that contain the credentials used to authenticate connecting clients.
You can manuall add a user for authentication on the LDAP server.

Note that in case LDAP server is used as the authentication backend, iNODE users should be managed through the web interface, in order to ensure that the user objects contain all the necessary attributes required to authenticate to all services.

In the case where the LDAP server is not used by iNODE as the authentication backend, users objects need to be manually created in order to provide levels of access to users and services.

If there are no users on the LDAP server, only the root DN can be used to authenticate on the LDAP server. This is the only account that does not require a corresponding object on the LDAP server.

To create a user, right click on the parent LDAP node and then click on New -> User...

image

This basic user object can be used as an addressbook contact. In order to be usable for authentication, a password must be provided for this user too.

There are three checkboxes on the user creation form that control the object classes of the new user. Each checkbox provides the necessary attributes for use of this object as a shadow (linux) account, samba account or mail account respectively.
For now we only need this account for use with LDAP.

To set a password for this user, right click on the created user object and click on "Set Password..."

image

Provide a password for the user, selecting the encryption/hashing method used to store it:

image

After adding the password to the user, it is possible to connect to the LDAP server using the user's DN and password as credentials.
The following picture shows the status of the LDAP server after creating a couple of users and a basic structure to organize the company's data using organizational Units (OUs).


image


NOTE: It is advised to keep a backup copy of the LDAP server's contents before making any changes. A backup of all the contents of the LDAP server can be obtained from the "Maintenance :: LDAP :: LDAP Maintenance" menu. Just click on the "Export" button under "Export LDAP contents" and download the resulting LDIF file.

Please Wait!

Please wait... it will take a second!