Many times we need to integrate LDAP server with our softwares for user authentication. This blog will explain how to setup a basic LDAP server on a machine using OpenDS.
For the basics, LDAP is Lightweight Directory Access Protocol more on which can be read on LDAP: Wikipedia. OpenDS is one LDAP Server which can be downloaded from this link of OpenDS.org . I will recommend to download the zip version which contains setup script.
Download and extract this to a directory lets say D:/pFiles/OpenDS. Now run setup.bat which will launch the installation..
Make sure you have already setup a proper hostname for your system. Like for me I have chosen rkg.test and put it in hosts file.
Just press next and fill server settings. Give a port number which is more than 1024; this is because ports between 0-1024(not an exact figure) are reserved and sometimes blocked in intranet. I chose 11389 for this installation. Choose the Root User DN which will be used to connect to LDAP and for all other admin tasks like create/edit/delete etc. DN stands for Distinguished Name.
For a basic server we don't need to setup replication so just leave the options as it is in next screen.
Now fill the Directory Data, Here we will Base DN which is must when we try to connect to LDAP through our softwares. Optionally we can install sample data if we want.
After setup is finished Launch Control Panel. Control panel is where we can manage all the entries. Clicking on the button will prompt to fill Bind DN which is nothing but Root User DN and password.
Click on Manage Entries and we will see a new screen where we can view the tree of all the entries. We can modify/delete/add any entry.
After our all the entries are setup now we are ready to use this LDAP for any integration needed. Now the most important thing, features which OpenDS is providing to us(Probably I should have listed them before in this post, but I feel this position better since now we have a basic understanding how LDAP looks like :D)
This listing is directly copied from OpenDS.org from this page
Directory Server Features
The OpenDS directory server is an LDAPv3 compliant directory server written entirely in Java. The directory server includes the following high-level functionality:
- Full LDAPv3 compliance (RFC 4510–4519) with support for numerous standard and experimental extensions
- High performance and space effective data storage
- Ease of configuration and administration
- A highly extensible administrative framework that enables you to customize most of the features listed below.
- An administration connector that manages all administration traffic to the server. The administration connector enables the separation of user traffic and administration traffic to simplify logging and monitoring, and to ensure that administrative commands take precedence over commands that manipulate user data.
- A graphical control panel that displays server status information and enables you to perform basic server and data administration.
- Several command-line utilities to assist with configuration, administration tasks, basic monitoring, and data management. The main configuration utility (dsconfig) provides an interactive mode that walks you through most configuration tasks.
- An advanced replication mechanism
- Enhanced multi-master replication across directory server instances
- An assured replication feature that ensures high availability of data and immediacy of data availability for specific deployment requirements
- Fractional replication capabilities
- Support for an external change log that publicizes all changes that have occurred in a directory server database
- An extensible security model
- Support for various levels of authentication and confidentiality
- Access to resources based on privileges
- An advanced access control mechanism
- Multi-faceted monitoring capabilities
- Rich user management functionality
- Password policies
- Identity mapping
- Account status notification
- A DSML to LDAP gateway
Read and Enjoy
Ravi Kumar Gupta