======Open LDAP Provider Installation on Debian Squeeze.======
Using SSH from a terminal, login as root to the virtual machine you have created for use as the LDAP provider, using the root password set at creation.
  :~$ssh root@vm36.student.lab 
  root@vm36.student.lab's password:NaNaKiNg
====Preliminary configuration adaptation.====
At the virtual machine prompt use pico to edit the /etc/hosts file to match:
<cli>127.0.0.1    localhost
10.80.3.36   vm36.student.lab vm36

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts</cli>
And save the file with <Ctrl>+<X>.
====Packet Installation.====
  - Now, at the prompt, install the ssh nmap package using the command:
    <cli>root@vm36:~#apt-get install ssh nmap</cli>
      * Enter 'Y' when prompted and press <Enter>.

  - Next install the slapd and ldap-utils packages using the command:
<cli>root@vm36:~#apt-get install slapd ldap-utils</cli>
    * Again, enter 'Y' and press <Enter> when prompted.
    *  When prompted enter an administrator password for slapd,(CaK30RD3aTH) and press <Enter>.
    *  Reenter the password to confirm and press <Enter>.
Confirm that slapd is running using the command:
  ~# nmap -p 389 localhost

The response received should look like:
  Starting Nmap 5.00 ( http://nmap.org ) at 2010-10-27 15:05 CEST
  Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
  Interesting ports on localhost (127.0.0.1):
  PORT    STATE SERVICE
  389/tcp open  ldap
  
  Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

====Configuring the LDAP====
  - Use pico to edit the file /etc/ldap/ldap.conf
    * Change the line "#BASE    dc=example, dc=com" to read "BASE     dc=student, dc=lab"
    * Change the line "#URI     ldap://ldaps1.example.com" to read "URI     ldap://vm36.student.lab ldap://vm36.student.lab:666"
    * Save the file using the <Ctrl>+<x> command.
  - Create and edit a file for configuration changes using the command '~/pico olc-mod1.ldif'. Entering the following content.

  # 1.
  dn: cn=config
  changetype: modify
  replace: olcLogLevel
  olcLogLevel: stats
  
  # 2.1.
  dn: olcDatabase={1}hdb,cn=config
  changetype: modify
  add: olcDbIndex
  olcDbIndex: uid eq
  -
  # 2.2.
  add: olcDbIndex
  olcDbIndex: cn eq
  -
  # 2.3.
  add: olcDbIndex
  olcDbIndex: ou eq
  -
  # 2.4.
  add: olcDbIndex
  olcDbIndex: dc eq

  * Use the <Ctrl>+<x> command to save and exit from pico.
  - Implement the changes with the fololowing command:

  ~# ldapmodify -QY EXTERNAL -H ldapi:/// -f ~/olc-mod1.ldif

If the changes are implemented the screen should display:
<cli>modifying entry "cn=config"

modifying entry "olcDatabase={1}hdb,cn=config"

~# </cli>

===Create a Basic Tree===
  - Create and edit a file using 'pico ~/tree.ldif' so it contains the following:

  dn: ou=people,dc=student,dc=lab
  ou: people
  objectClass: organizationalUnit
  
  dn: ou=groups,dc=student,dc=lab
  ou: groups
  objectClass: organizationalUnit

    *Save and Exit using the <Ctrl>+<x> command
  - implement the changes using the following command:

  ~# ldapadd -cxWD cn=admin,dc=student,dc=lab -f ~/tree.ldif
  Enter LDAP Password:CaK30RD3aTH
  
The screen should display:
<cli>adding new entry "ou=people,dc=student,dc=lab"

adding new entry "ou=groups,dc=student,dc=lab"

~#</cli>

Perform a test. Run an ldapsearch with an anonymous bind (no DN specified) to check that the new organizational units have indeed been added to the database. Using the command:

  ~#ldapsearch -xLLL

Check that the output looks like the following and does not contain any obvious errors:
<cli>~# ldapsearch -xLLL
dn: dc=student,dc=lab
objectClass: top
objectClass: dcObject
objectClass: organization
o: student.lab
dc: student

dn: cn=admin,dc=student,dc=lab
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

dn: ou=people,dc=student,dc=lab
ou: people
objectClass: organizationalUnit

dn: ou=groups,dc=student,dc=lab
ou: groups
objectClass: organizationalUnit

~#</cli>

===Create a User Account===
  - Create a new user account, called genUsr. First create ane edit a file:
      * Use the command '~/genUsr.ldif'
      * Enter the following contents: 

  dn: cn=genUsr,ou=groups,dc=student,dc=lab
  cn: genUsr
  gidNumber: 20000
  objectClass: top
  objectClass: posixGroup
  
  dn: uid=genUsr,ou=people,dc=student,dc=lab
  uid: genUsr
  uidNumber: 20000
  gidNumber: 20000
  cn: Generic
  sn: User
  objectClass: top
  objectClass: person
  objectClass: posixAccount
  objectClass: shadowAccount
  loginShell: /bin/bash
  homeDirectory: /home/genUsr
  userPassword: Guest1

  - Implement the account using the command:

  ldapadd -cxWD cn=admin,dc=student,dc=lab -f ~/genUsr.ldif

  - Run a search for the new genUsr entry using the command:

  ldapsearch -xLLL uid=genUsr

    * The resulting output should look like:
<cli>dn: uid=genUsr,ou=people,dc=student,dc=lab
uid: genUsr
uidNumber: 20000
gidNumber: 20000
cn: General
sn: User
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/genUsr</cli>

It is possible to test authentication for a LDAP account by using the 'whoami' command:
  * Use the -w option followed by the assigned password specify the password in the command line.

  ldapwhoami -xD uid=genUsr,ou=people,dc=student,dc=lab -w Guest1

  * The same specification requirement is required for ldapsearch.
  * In all such cases the principle is the same: authentication and authorization must take place before any such single commands are processed. 

====References====
  - [[http://www.rjsystems.nl/en/2100-d6-openldap-provider.php|Tech Notes-OpenLDAP provider on Debian Squeeze]]