Tuesday 16 August 2016

Install and Configure OpenLDAP Authetication with Windows

Step By Step Guide for Installing OpenLDAP on Windows with PGina


Source Link:

http://soswin-techbits.blogspot.in/2011/10/installing-openldap-on-windows-7.html

http://www.applicationporting.org/2013/08/step-by-step-guide-for-openldap-windows.html


External Security Manger on Micro focus is one of the trickiest part micro focus is focusing to simplify for users. Micro focus provides Active Directory services and Open LDAP support for its products.


In this post i am trying to explain Step by step installation of OpenLDAP on windows. Majority of those who are working on micro focus tool sets are from mainframe background, for them we would like to share key details about LDAP, though lot of information is available on web.


What is LDAP


LDAP is Lightweight Directory Access Protocol for accessing and maintaining the directory services over the Network.Think of it as a look table which is storing the information in hierarchical structure. It contains various columns as "containers" to store the "rule" or information.


Download the Binaries of OPENLDAP for windows here.


Below is screen shot



Once downloaded, click on the binaries and run as administrator. It will show below dialog box










Click on Yes, it will show you below screen shot.


Click On Next


Tick on the licence agreements and then click on the install



It checks for Visual C++ run times and Kerberos.



Installation will start.



Provide the installation path , By Default it will look for C Drive and click on next.





Make sure all the check box's are ticked and click on Next.


Provide the both port and server name, All attributes are standard.




Check the LDF file it you are using Ldf files, you can choose Sql server or Berkely Database which is by default. Click on next.



It will starting getting installed.


Once Installed click on close.



After successful installation , you can check the Start menu , Open LDAP for windows will be added.


Connect an LDAP browser


Once installed the cn=Manager,dc=maxcrc,dc=com user is available to bind with but the dc=maxcrc needs adding before you can successfully connect an LDAP browser. OpenLDAP has command line utils in the ClientTools folder to allow you to perform this. CD to this folder (c:\Program Files (x86)\OpenLDAP\ClientTools) then paste the following command:

ldapmodify.exe -a -x -D cn=Manager,dc=maxcrc,dc=com -w secret -f ..\maxcrc.ldif



If successful you'll see the following output:



adding new entry "dc=maxcrc,dc=com"



adding new entry "ou=People,dc=maxcrc,dc=com"



You now have an organisational unit called "People" under the dc maxcrc. This is somewhere you can start creating new user objects (or whatever type of object you want.) Now we are going to connect the LDAP browser Jxplorer. Download and install from this site http://jxplorer.org/downloads/users.html


There are no configuration options during the install. Run Jxplorer and then from the File menu select connect. You will see and "Open LDAP/DSML Connection" dialog. Enter the details as follows:




and then click ok. After a short pause (5-10 seconds on my laptop but it is only an i3 1.33ghz) and the explorer pane on the left should be populated with a small tree structure:



We are now going to add a new user. Select the People Organisational unit then type Ctrl+n. Select inetorgperson from the "Available classes" window and enter cn=user1 for the RDN:



Click the OK button. You will now see the "Table Editor" in the right hand pane. The fields in bold are mandatory for the given object class. We need to populate the sn field before we can add our new user:




enter a surname and then press the "Submit" button at the bottom of the pane. Our user has now been added to the directory server. If you check this folder "C:\Program Files (x86)\OpenLDAP\ldifdata\dc=maxcrc,dc=com\ou=people" you will see a new file created called "cn=user1". Do not tweak these files direct, use the LDAP browser.


    Configure pGina Windows 7 OpenLDAP Authentication

   

    We have decided to configure a Windows 7 client to authenticate with LDAP or OpenLDAP. This is a good idea because LDAP is cross-platform and is an extremely stable platform, it also enables ease of administration. Let's get started.

    Download/Install pGina, get the stable version

    http://pgina.org/download.html

   

    yes, go ahead and download/install the above proprietary packages

    Launch, and configure the plugin section as follows:

   

    click on "ldap" and configure

    Configure the LDAP servers, seperate by a space

   

    configure the account to search LDAP, the password, and the group/OU that user accounts are in, and change member attribute to member.

   

    configure searching for DN as follows:

   

    now browse to the "gateway" tab, and configure a LDAP group to be in the local administrator group

   

    Save Settings, now go to the pGina plugin order, and set LDAP to first like so:

   

    test your settings with the simulation tab

   

    you should see the following:

   

    this tells us that LDAP authentication worked, and you do not have a local user account by that name.

   

 Logout, and test your LDAP authentication, it should now work!




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)