Configuring Openldap for authentication in postgres on ubuntu

by bensonyerima

This blog explains the process of configuring OpenLDAP server on Ubuntu OS. After the setup, i will also setup authentication to connect to postgres server.

I will be using the below servers

192.168.0.121 ldapserverubuntu.hopto.org -- this is my ldap server
192.168.0.103 ldappostgres.hopto.org  this is where postgres will be installed
192.168.0.187 ldapubuntuclient.hopto.org    will use this as a client machine for connection. But note that the configuration to be done here can also be done on the postgres server.

# sudo apt-get update
# sudo apt install slapd ldap-utils
  • It will ask you to set a password for the admin entry in the LDAP directory.
  • Once that is done, slapd will be automatically started. You can check its status with:

The installation process will install the package without any configurations. To have our OpenLDAP server running properly, we need to do some basic post-installation configuration. Run the following command to start the configuration wizard:

# sudo dpkg-reconfigure slapd

Below are a few questions and their answers:

  • Omit LDAP server configuration: NO.
  • DNS domain name: Enter your domain name. It will ask you to set a correct A record for your domain name. You can also use a domain example.com.

This information is used to create the base Distinguished Name (DN) of the LDAP directory:

  • Organization name: Enter your organization name
  • Administrator password: Enter the same password set during installation.
  • Database backend: MDB.
  • Do you want the database to be removed when slapd is purged? -> No.
  • Move old database? -> Yes.
  • Allow LDAPv2 protocol? No. The latest version of LDAP is LDAP v.3, developed in 1997. LDAPv2 is obsolete.

Your OpenLDAP server is now ready to use.
/etc/ldap/ldap.conf” is the configuration file for all OpenLDAP clients. Open this file.

You need to specify two parameters: the base DN and the URI of your OpenLDAP server.
Copy and paste the following text at the end of the file. Replace your-domain and com as appropriate

# vi /etc/ldap/ldap.conf

BASE dc=hadoop,dc=com

URI ldap://192.17.229.1 or ldap://ldap01.hadoop.com:389

“Result: 0 Success” indicates that OpenLDAP server is working fine. If you get the following line, then it’s not working. “No such object (32)”

Add a LDAP Group and users using the ldapadd command given below

Some of the file used in the video are seen below

root@ubuntu:~# cat example.ldif
dn: dc=hopto,dc=org
objectClass: dcObject
objectClass: organization
dc: hopto
o: hopto

root@ubuntu:~# cat groups.ldif 
dn: cn=edbuser,ou=users,dc=hopto,dc=org
objectClass: posixGroup
objectClass: top
cn: edbuser
userPassword: {crypt}x
gidNumber: 1001
root@ubuntu:~# 
root@ubuntu:~#

root@ubuntu:~# cat groups.ldif 
dn: cn=edbuser,ou=users,dc=hopto,dc=org
objectClass: posixGroup
objectClass: top
cn: edbuser
userPassword: {crypt}x
gidNumber: 1001
root@ubuntu:~# 
root@ubuntu:~# cat edbuser.ldif 
dn: uid=edbuser,ou=users,dc=hopto,dc=org
uid: edbuser
cn: edbuser
objectClass: shadowAccount
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword: {SSHA}jm7PMULNLz3qTjpb3hPIRLdqWoo4fFAH
shadowLastChange: 17016
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/edbuser
sn: edbuser
mail: [email protected]

root@ubuntu:~# cat users.ldif
dn: ou=users,dc=hopto,dc=org
objectClass: organizationalUnit
ou: users


# ldapadd -x -W -D “cn=admin,dc=hopto,dc=org” –f example.ldif
# ldapsearch -x -W -D “cn=admin,dc=hopto,dc=org” “(objectclass=*)”

# apt-get install ldap-auth-client nscd

During this client installation, you will be prompted for details of your LDAP server.

Configure the LDAP profile for NSS by running:

# sudo auth-client-config -t nss -p lac_ldap

# vi /usr/share/pam-configs/mkhomedir

Name: Create home directory on login

Default: yes

Priority: 900

Session-Type: Additional

Session:

required pam_mkhomedir.so umask=0022 skel=/etc/skel

Save the changes and close the file.

# /etc/init.d/nscd restart

# update-rc.d nscd defaults

On the postgres server, you make sure the following is Ok

enterprisedb@ubuntu:/var/lib/edb/as13/data$ psql
psql.bin (13.1.4 (Ubuntu 13.1.4-1+ubuntu5), server 13.1.4 (Ubuntu 13.1.4-1+ubuntu5))
Type "help" for help.

edb=# show port;
 port 
------
 5444
(1 row)

edb=# show data_directory;
     data_directory      
-------------------------
 /var/lib/edb-as/13/main
(1 row)

edb=# show listen_addresses;
 listen_addresses 
------------------
 *
(1 row)

edb=# \q
enterprisedb@ubuntu:/var/lib/edb/as13/data$ cat pg_hba.conf |grep -v ^#

local   all             all                                     trust
host    all             all            0.0.0.0/0  ldap  ldapserver=ldapserverubuntu.hopto.org ldapport=389 ldapprefix="uid=" ldapsuffix=",ou=users,dc=hopto,dc=org"
enterprisedb@ubuntu:/var/lib/edb/as13/data$ 
enterprisedb@ubuntu:/var/lib/edb/as13/data$

The video will show how to the above configuration is done.

About the author

bensonyerima

Hi, I'm Benson Yerima, a database administrator with an obsession for all things tech. This blog is dedicated for helping people learn about database technology.

View all posts