next up previous contents
Next: Maintenance Up: Open Administration for Schools Previous: LDAP - Directory Management

Subsections

LDAP - Installation

Open Admin (OA) can manage an external server running LDAP server software (OpenLDAP). This stores both staff and students that can then be used by other programs such as library software, printing software (cups), workstations (for login access and home directory mounts), CMS (Content Management Systems), and others.

This installation is based on a Debian/Ubuntu server. Other Linux servers will be similar.

The stages include:

  1. Install the OpenLDAP software on the server, making sure that you have the domain name of the server set as desired, since the installation will setup an ldap domain based on the server domain.

  2. Get the User Account information from an existing server (if necessary). This includes both the UID and GID information from that server. Otherwise, new accounts in OA can have unique values added to their user account which can then populate both the LDAP system as well as the user account information on a File Server (for home directory mounts from workstations, terminals). Place this information into OA for staff and students.

  3. Configure the basic information into the LDAP server (ie. admin account, base domain, staff and student groups). The other student and staff account information can then flow directly from OA into this server.

  4. Configure OA to communicate with the LDAP server (IP address, user and password info).

Installation

  1. Install OpenLDAP .

    apt-get install slapd ldap-utils

    This is will also ask for the administrator password for the LDAP server. Enter this and write it down somewhere(!). This will be needed by OA in order to add and update users. Also make sure that you have installed the required perl modules for the ldap scripts ( apt-get install libnet-ldap-perl ).

    In the /etc/openldap/ldap.conf file: (ubuntu) or /etc/ldap (debian). change BASE dc=MYSCHOOL, dc=MYDIVISION, dc=CA

    URI ldap://MYSCHOOL.MYDIVISION.CA ldap://localhost

    database hdb suffix 'dc=myschool,dc=mydivision,dc=ca' rootdn 'cn=admin,dc=myschool,dc=mydivision,dc=ca'

    also make sure: rootpw is set, and modules at the top are loaded. (core, cosine, inetorgperson, nis ).

    Turn off ability of users to change passwords in ldap, since this is controlled at the OA level by secretaries. They change password in OA, and then update the LDAP server from there.

  2. Now edit the ldap.conf file in the OA etc directory of your installation, and set the access information, etc. 

    $ldap_maxuidnumber = 10000; # starting uidnumber value for fill script.
$ldap_student_gidnumber = 500; # gid numbers from server.
$ldap_staff_gidnumber = 600;

$slappasswd = '/usr/local/sbin/slappasswd'; #location of LDAP password utility.
$basedn = 'dc=jp2,dc=loccsd,dc=ca';  # Change to YOUR domain setup 
$servername = '127.0.0.1'; # IP address of the LDAP server to manage; 

$adminuser = 'cn=admin,dc=jp2,dc=loccsd,dc=ca';  # Change to YOUR domain setup
$adminpassword = 'password';  # Ldap Admin password (you wrote down on install)

$group_staff = 'staff';
$group_student = 'student';
$org = 'jp2.loccsd.ca';  # Change to YOUR domain setup.

  3. We now need to populate the OA student/staff records with LDAP field information. If you have an existing file server that has account information you should first put that information into OA. In order to extract the account information, copy the utility program getuserinfo.pl from the utility/ldap section of the download. Place that on your file server and run it to create a CSV file containing account information.

    Next, upload this CSV file using the 'Fill' button on the LDAP area of the main OA page. This will place the account information into the OA database. For this to work correctly, the account information for students must be based on the student number with a leading 's'. The staff information must have the same userid as found on the OA server. If this is not the case, you will have to manually edit the CSV file to fix this.

    You will now have OA ldap fields filled with the correct information. If there are more users in OA that don't have LDAP information (since they don't exist on the file server), use the Fill button again to fill in any other LDAP user info, automatically. Once done, all users (staff and students) will have LDAP info (uid, uidnumber, gidnumber).

    You can then use the Syncrhonize buttons for students and staff to get this LDAP user information into the LDAP server.

next up previous contents
Next: Maintenance Up: Open Administration for Schools Previous: LDAP - Directory Management

2010-12-24