🐧Instalar y configurar OpenLDAP en SERVIDOR y CLIENTE en Ubuntu Server & Desktop 22.04

How to Install and Configure OpenLDAP on Ubuntu Server

Introduction to LDAP

• The video begins with a welcome message and an introduction to the topic of installing and configuring OpenLDAP on Ubuntu Server.

Understanding LDAP

• LDAP (Lightweight Directory Access Protocol) is introduced as a distributed access protocol, similar in structure to Windows Active Directory.

• The speaker explains that LDAP manages various directory entries such as users, groups, organizational units, folders, files, and printers.

Implementation of OpenLDAP

• OpenLDAP is described as an open-source implementation of the LDAP protocol that can be utilized across multiple systems; this tutorial focuses on Ubuntu Server 22.04 LTS.

Network Configuration Requirements

• A client machine running Ubuntu Desktop is required alongside the server; both must have internet access and connectivity between them.

• The server has two network adapters: one for local area network (LAN) connection and another configured in NAT mode for internet access.

DHCP Configuration Recommendations

• It’s recommended to complete a previous practice involving DHCP configuration to ensure all devices in the internal network receive necessary IP parameters automatically.

• The speaker emphasizes ensuring that the desktop machine has internet access by configuring the server as a router.

Verifying Network Connectivity

• Instructions are provided for checking network configurations using commands like ip addr on both machines to confirm they are within the same subnet.

• Successful ping tests between machines verify connectivity; testing internet access from the client machine is also advised.

Configuring Network Adapters on Ubuntu Server

• The speaker discusses modifying network adapter settings using sudo nano /etc/netplan/00.yaml, emphasizing correct syntax and spacing for successful configuration.

Changing Hostname

Configuration and Installation of Server Components

Setting Up the Static IP Address

• The process begins with assigning a static IP address to the server, specifically using 192.168.1.8 for server.clockwork.local.

Updating the Repository

• After setting up the IP, it's crucial to update the repository by executing commands: sudo apt update -y, sudo apt upgrade -y, and sudo apt dist-upgrade -y.

• These commands ensure that all packages are updated without manual prompts during installation.

Installing Required Packages

• The installation of necessary packages starts with sudo apt install slapd ldap-utils -y, confirming passwords as needed.

• Following package installation, basic server configuration is initiated using sudo dpkg-reconfigure slapd.

Domain Configuration

• During configuration, users are prompted to set their domain name; in this case, it’s set to clockwork.local.

• Users must remove .local from their organization name if they wish to use just "clockwork".

Database Management and Error Handling

• Users are asked whether they want to purge existing databases; agreeing will help reset configurations.

• If errors occur (e.g., incorrect password), users should verify their entries before proceeding.

Viewing Domain Information

• To check domain information, the command sudo slapcat is used which displays details about the distinguished name (DN).

Creating Directory Structure

• The next step involves creating an organizational unit (OU), group, and user within the directory structure.

Preparing LDIF Template for Organizational Units

• A template file named .ldif is created using sudo nano, which will define parameters for new organizational units.

Creating an Organizational Unit in LDAP

Steps to Create an Organizational Unit

• The process begins with creating an organizational unit (OU) for the IT department, using a syntax similar to PowerShell. The command structure is defined as objectClass: organizationalUnit.

• It’s crucial to follow the correct syntax when specifying the object class. The OU will be named "informática" and classified as an organizational unit.

• After defining the OU, it is saved and verified by listing files, confirming that the directory for "informática" exists within clower.local.

Importing the Organizational Unit

• To import this OU into the elevated server, use sudo ldapadd. This command allows adding entries based on previously created files.

• Following proper nomenclature is essential; specify CN (Common Name) as "admin", indicating which user has permissions to add this OU.

• The file path for importing must be correctly identified. In this case, it resides in the current directory (ou.ldif).

Verifying Creation of Organizational Unit

• After executing commands, verifying with sudo slapcat shows that both the domain and newly created OU ("informática") are present.

Creating User and Group Manually

Preparing Templates

• A template file (ou.ldif) is copied to create a new group file named grp.ldif, which will serve as a basis for group creation.

• Multiple templates are planned: one each for organizational units, users, groups, and modifications to users.

Defining Group Attributes

• Modifications in grp.ldif include setting distinguished names and defining attributes such as group name ("informática").

• This group serves to manage permissions collectively rather than individually assigning them to each user within "informática".

Understanding Structure Differences

• Clarification between OUs and groups: OUs organize users/groups while groups allow permission management across multiple users efficiently.

Finalizing Group Creation

Object Class Specification

• When defining a group in LDAP, it's important to differentiate from OUs by using posixGroup instead of organizationalUnit.

Setting Identification Numbers

• Each group requires a unique identification number (GID), starting at 10,000 to avoid conflicts with system-generated IDs (UID starts at 1000).

Creating User Groups and Entries in Directory

Setting Up the Initial Group

• The initial group is set to 10,000, with plans to adjust identifiers for subsequent groups (e.g., 10001, 10002).

• Emphasizes the importance of unique identifiers; using an existing number will cause errors during import.

• Instructions on saving changes in the directory and modifying it to reflect new data entries.

Verifying Directory Creation

• Confirmation that the created domain and organizational unit are correctly established under the admin's control.

• Discusses copying group files to create user entries, maintaining a template for future users.

Modifying User Templates

• Importance of keeping templates organized for easy addition of new users.

• Details on changing user identification fields from CN to UID and setting up user attributes like name and object class.

Ensuring Correct Object Class Configuration

• Highlights necessary adjustments in object classes to avoid errors during user addition.

• Stresses careful attention to detail when configuring user attributes to prevent issues later on.

Finalizing User Information

• Specifies how to input common names, UIDs, organizational units, and other essential details for each user.

• Introduces UID numbers starting at 2000; emphasizes consistency with group ID numbers.

Password Management Techniques

• Discusses setting home directories and login shells while ensuring proper password encryption practices are followed.

• Explains how encrypted passwords can be generated using tools like sudo slap passw, enhancing security measures.

Email Setup and Future Modifications

• Mentions creating temporary email addresses for users that can be modified later as needed.

User Management in LDAP: Creating and Modifying Users

Setting Up User Information

• The email format for users is established as @lockwork, with the local domain set to clockwork.local. The given name will be set as "clock worker."

• Key attributes are defined: CN (common name), SN (surname), and given name. These are essential for user identification within the directory.

Adding Users

• A new user is created, and upon checking with sudo slapcat, it confirms that the user has been added without displaying an encrypted password.

• Instructions on how to search for a user's information using LDAP commands are provided, emphasizing the need to specify search parameters.

Searching for Users

• The command structure for searching includes specifying the base DN (cloud.local) and UID. It highlights using simple authentication.

• A search example is demonstrated where specific attributes like SN, given name, and CN are retrieved based on UID.

Listing All Users

• To list all users in the directory, a wildcard (*) is used in the UID field. This retrieves all entries along with their respective attributes.

Creating Additional Users

• Another user named "clockworker2" is created with similar attributes as before. This step ensures there are multiple users for testing purposes.

Modifying User Attributes

• To modify an existing user's email address, a template file (cambios.ldif) is created from existing data to facilitate changes.

• The process of modifying user details involves identifying which attribute needs changing (in this case, email).

Finalizing Changes

User Management in LDAP

Modifying User Attributes

• The process begins with changing the email attribute for a user, specifically setting it to nuevo@clockwork.local.

• The command used is modify, which allows for changes to be made to existing entries in the directory.

• Demonstrates how to modify an entry by using the ldap command, focusing on changing user details without importing files.

Deleting a User

• To delete a user (e.g., Cloud worker 2), the modify command is again utilized, but this time with specific flags indicating deletion.

• It’s crucial to specify both the username and UID of the user being deleted, ensuring proper identification within the directory structure.

• The administrator's credentials are required for executing deletions, emphasizing security protocols in managing users.

Troubleshooting Errors

• An error occurs when attempting to delete due to a naming inconsistency in organizational units; "infomática" was incorrectly spelled as "informática".

• After correcting the spelling error and re-attempting deletion, confirmation is received that Cloud worker 2 has been successfully removed from the directory.

Searching Users Post-Deletion

• Following deletion, a search confirms only one remaining user (Cloud worker 1), illustrating effective management of directory entries.

• Highlights common pitfalls during operations such as typos or misconfigurations that can lead to errors.

Client Configuration Steps

• Transitioning focus towards client configuration after server setup is complete; initial steps include updating system packages.

• Installation of necessary software packages (libnss-ldap, etc.) is outlined as critical for client-server communication.

Finalizing Client Setup

• Instructions detail how to configure connection settings correctly by specifying server IP addresses and adjusting parameters accordingly.

Installation and Configuration of Local Cloud Services

Initial Setup and Configuration

• The process begins with accepting the password for local cloud services, followed by an agreement to allow installation to complete. If any parameters were incorrectly set, the command sudo dpg reconfigure can be used to make adjustments.

• It is emphasized that reconfiguration should only be done if there are mistakes in the distinguished name or IP address settings. This step is crucial for ensuring correct parameters are established.

Editing Configuration Files

• Two configuration files need editing; starting with ns switch.com, where 'System' is replaced with 'edad' under the password section. This adjustment is necessary for proper authentication.

• The next file to configure is common session. Here, it’s important to ensure that session options are correctly set up, including specifying paths and permissions accurately.

Verifying Configuration Changes

• After making changes, a command (get end passw) is executed to verify that configurations are functioning as intended. Successful output indicates both local users and LDAP directory users are recognized.

• A check on user directories confirms successful integration of local and LDAP users, indicating that previous configurations have been applied correctly.

Further Configurations

• The file /etc/pam.d/common-session needs further modifications at its end to include specific session options related to home directory management.

• Following this, a search query using LDAP commands checks if the directory structure returns expected results, confirming user information retrieval from the server.

User Management and Package Installation

• Confirmation of user creation within organizational units shows successful integration into the system's structure.

• The next steps involve installing necessary packages while logged in as a specific user (clockworker), which requires closing current terminals and opening new ones for proper access rights.

Understanding User Configuration in Ubuntu

Identifying Errors and User Setup

• The speaker emphasizes that if an error occurs while attempting a task, it is 100% due to user error, not a machine fault.

• The process of initiating a new user who is not on the list is introduced, highlighting the importance of correct credentials.

• Instructions are provided for creating a directory for the new user, specifically "Home/clockworker," ensuring proper setup.

Successful Connection Verification

• The speaker confirms that if all steps are executed correctly, the system will function as intended, allowing connection to various lines.