/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsWe assume that you have PCQLinux 8.0 installed on a machine, and that the Linux machine is connected to a network that has a Windows machine with Outlook Express installed. In the article Yellow Pages on your Network, page 119 in this issue, we took an example of CyberMedia employee directory. In this article we implement the same directory structure on an LDAP server running on Linux. After the setup,
you should be able to search and find the e-mail address of any employee in the organization using Outlook
Express.
|
|
|
LDAP Browser/Editor provides a graphical interface for setting up and browsing LDAP directory service running on Linux |
/pcq/media/post_attachments/d102a49724ccae12bd300fe15475302d7133194befe0c00933f2e69665115b82.jpg)
Install LDAP Server
From CD2 of PCQLinux 8.0 (given in March 2003), install the RPMs named openldap-servers-2.0.27-2.8.0.i386.rpm found in the directory PCQuest/RPMS on the CD. The command to install the RPM files is
rpm —ivh openldap-servers-2.0.27-2.8.0.i386.rpm
Next, open the file named slapd.conf in the directory /etc/openldap in a text editor. Scroll down to the line that says
suffix “dc=my-domain,dc=com”
and change it to
suffix “dc=cmil,dc=com”
representing cmil.com. Substitute cmil and com with the domain components of your domain name. The concept of domain component has been explained in the article Yellow Pages on your Network. Next, find the line that says
rootdn “cn=Manager,dc=my-domain,dc=com”
and change it to
rootdn “cn=Manager,dc=cmil,dc=com”
Scroll down to the line
# rootpw secret
and modify it to
rootpw pcqlabs
Make sure you remove the preceding hash mark (#). You can substitute pcqlabs with your preferred password. The rootdn and this password will be used to login into the LDAP server as you will see later in the article. Save the file. Henceforth, we will use a graphical tool to set up the remaining configuration.
Start the LDAP server using the following command.
/etc/rc.d/init.d/ldap start
If you want the LDAP server to start automatically on subsequent reboots, launch ntsysv by issuing the following at the Linux console or terminal window.
ntsysv
From amongst the list of services shown, select
ldap.
Use a Graphical Tool
Conventionally, LDAP on Linux is configured by editing and writing configuration files, making the process tedious and error
prone. We will use a graphical Java-based configuration tool called LDAP Browser/Editor. You can even run the LDAP Browser/Editor on a Windows machine and connect to the LDAP server running on the Linux machine, across the network. You can also run it on the same Linux machine, which is running the LDAP server.
Download the zipped archive (650 KB) of the configuration tool from www.iit.edu/~gawojar/l
dap/dwld/bin-dwld.cgi?fileid=latestzip
If you want to run the tool in Windows, extract the zipped archive to, say C: . This will create a directory name ldapbrowser. In Linux, you can use the unzip command to exact the archive. Copy the archive to a directory /opt (say) and then issue the following command.
unzip Browser281.zip
To run the LDAP Browser/Editor you must have JRE (Java Runtime Environment) or JDK (Java Development Kit) 1.2.2 or above installed on the Windows or Linux machine. You can find JDK 1.4.1 for Windows and Linux on the PCQuest Xtreme CD, April 2003.
In Windows, you can launch the configuration tool by double-clicking on the file named browser.jar found in the ldapbrowser directory. In Linux, launch X Window and fire up a terminal window within X. Change to the directory /opt/ldapbrowser and issue the following command to launch the tool:
java -jar browser.jar
Here, we assume that the Java executable is in the PATH. This should bring up the graphical LDAP Browser/Editor.
Login to the Server
Click on the Quick Connect tab on the LDAP Browser/Editor. For Host, fill in the IP address of the Linux machine running the LDAP server (say 192.168.1.2 or 127.0.0.1 if the LDAP server is running on the same machine). For Base DN, type in the following:
dn=cmil,dn=com
Uncheck the option ‘Anonymous Bind’ and then fill in the following for the User DN.
cn=Manager
Check the option ‘append base DN’ and fill in the rootpw password that you had specified in the slapd.conf file (pcqlabs in our case). Click on connect. This will bring up an Explorer-like interface with an item named ‘dc=cmil,dc=com’ on the left. Now we start constructing the directory tree step-by-step
Construct the Directory Tree
Select the item “dc=cmil,dc=com”. With the item selected, click on the Edit>Add Entry>organization. Modify the dn to
dc=cmil,dc=com
For the objectclass, substitute “organization” with “dcObject” (without the double quotes). We have set up the base DN.
ow we are ready to add the organization, department and the employees’ details in the LDAP directory.
Add organization
Select the item “dc=cmil”. With the item selected, click on the Edit>Add Entry>organization. Modify the dn to:
dc=cybermedia, dc=cmil,dc=com.
Or, you can add values to other attributes such as streetAddress, postalCode and telephoneNumber. When done, click on
Apply.
Add departments
Select the entry o=cybermedia in the main screen and click on Edit>Add Entry>organizationalUnit. Modify the dn to
ou=pcqlabs, o=cybermedia, dc=cmil,dc=com
Or, enter values for other attributes such as postalAddress, streetAddress and international ISDN Number. Clicking on Apply will create an organizational unit (a department) named Pcqlabs under CyberMedia. As per the tree structure in the Yellow Pages on your Network article, add another department named pcquest under cmil. Again, select the entry o=cybermedia on the main screen and click on Edit>Add Entry>organizationalUnit. Modify the dn to ou=pcquest, o=cybermedia, dc=cmil,dc=com. Or, enter values for other attributes.
Add employee details
Now, add the directory information for the employees. We start with adding employee’s information for pcqlabs department. Select ou=pcqlabs entry in the main window and click on Edit>Add Entry>organizationalPerson. As an example, we enter the details of
an employee named “shekhar govindarajan”. Modify the dn to
cn=shekhar govindarajan, ou=pcqlabs, o=cybermedia, dc=cmil,dc=com
Scroll down and fill in the value “pcqlabs” (without the quotes) for the attribute named “ou”. For the objectclass, substitute “Person” with “inetOrgPerson” (without the double quotes). Click on Edit>Add Attribute and type in “sn” for the name of the attribute. Fill in the value “Govindarajan” (without quotes) for sn. sn stands for surname.
Click on Edit>Add Attribute and type in “mail” for the name of the attribute and fill in the e-mail address of the
employee–shekharg@cmil.com in this case. If the employee has a mobile number, Click on Edit>Add Attribute and type in “mobile” and fill in the mobile number for the attribute’s value.
Fill in the values for other attributes such as telephone number, title and postAddress. Click on
Apply. Now you should be able to see an entry for Shekhar Govindarajan in the tree structure on the main window.
Similarly, you can add the details of more employees under pcqlabs. Select ou=pcqlabs entry in the main window and click on Edit>Add Entry>organizationalPerson and fill in the details as explained above. But make sure the “cn” attribute (set to “shekhar govindarajan” in the first case) specified for the “dn” must be unique.
To add employees under the other department, say PCQuest, repeat the same procedure but make sure you select ou=pcquest instead of ou=pcqlabs before clicking on Edit>Add
Entry>organizationalPerson.
Once you have finished populating the directory, it is time to set up Outlook Express to pick the details such as e-mail address of a person from the LDAP
directory.
Set up Outlook Express on Windows Clients
Launch Outlook Express. Click on Tools>Accounts>Add Directory Service. For “Internet Directory (LDAP) Server” enter the IP address of the Linux machine running the LDAP server. Select “yes” for check e-mail addresses. Click on Finish.
Next, click on Tools>Accounts>Directory Service and select the directory service (represented by the IP address that you have had entered for LDAP server). Click on Properties>Advanced. For the Search Base, enter the following.
dc=cmil,dc=com
or
o=cybermedia, dc=cmil,dc=cmil
If you want Outlook to search the LDAP directory and find e-mail addresses only for the employees in a particular department (say pcqlabs), enter the following for the search base.
ou=pcqlabs, o=cybermedia, dc=cmil,dc=cmil
Henceforth, whenever you send a mail, you can just try typing in the name of the person. Outlook Express should be able to resolve the e-mail address by contacting the LDAP server. You can also use the menu item Edit>Find>People. In the “Look In” drop-down list, select the directory service (represented by the IP address). Subsequently, you should be able to find the details of any employee using the search.
Shekhar Govindarajan