Some people like to use website to be logged in with external people. Some people wants logged in for only in-house members. so they host their on server. such time of work generally to be used only Intranet. and they don’t want internet people to logged in for the application. In such case LDAP login will be one solution. most of the organization already have their ldap is configured. so web application need to use LDAP details.

Following are the thing which I am expecting to be installed on your machine.

• openldap
• php-ldap module
• phpldapadmin [just to cross check functionality]

LDAP is having their own structure of managing and maintaining the hierarchy. each level of representation have their pre defined schemas. These schemas are written in /etc/openldap/ldap.conf & /etc/openldap/slapd.conf both of these files are only accessible to root. Please note that I have made this development in linux operating system so all documentation written here are base of linux things.

Now As development point of view. if you want to make the working environment on your local machine you have to perform following details.

Now first step is to configure slapd.conf just login as root and open this file for edit and you will see first 4-5 lines which represent their schemas

include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema

Please note that every ldap having different set have schemas. so depending upon their ldif file has to be written. Here I have considered default installation made in fedora 13. basically ldap stores in details in light weight database structure bdb (burckley DB) or ldbm. Here I have considering bdb.

in slapd.conf file you will find these lines.

database bdb
suffix "dc=runwalsoft"
rootdn "cn=root,dc=runwalsoft"

Might be dc and cn will be different machine to machine. Note that dc is suppose to be domain name. let say if you have your server as something.com then dc will be dc=something,dc=com. There are few terminologies which you need to understand here.

dn = Distinguished Name, cn = common name, rdn = relative distinguish name, dit = directory information tree, slapd = standalone LDAP.

Now In the same file you will find “rootpw” this is main admin password for ldap. In *nix system admin is always called as root. so machine root and ldap root you can seperate it. and its password you can set with line as follow

rootpw {SSHA}sDH698lRKptqw6d1uFmAKifrgZnvlcGc

Here ssha is encryption which is used. for setting new password you can use slappasswd command. when you type this in terminal they will give you some encryption for it.

Few lines at bottom you will find word directory so this is directory path where the actually directory is stored. now last but not the least at the bottom you will have to give others to access this ldap. if you don’t give access to ldap rest of the things will not be possible to use it.

access to * by dn.exact="cn=root,dc=runwalsoft" read by * none

With the above line we are allowing people(inhouse users) to use access ldap structure. Now this is all you have configured ldap configuration. Now its main part is to add users or information into ldap. but before that you need to be sure whether whether ldap is working properly or not.

on services make sure you have enabled slapd service. or you can from command prompt start slapd service

service slapd restart

Always make one thing sure that whatever you made changes in any conf file you have to restart that service.

How to see whether ldap is properly configured or not ?

Just open terminal(command prompt) and type following code

ldapsearch -x -b '' -s base '(objectclass=*)'

In that output if you see dc then it means that functionality is proper. and configuration is made proper.

Now next part is to add ldap details e.g. user and other information. Now you have to know that every information which we are going to save it has to work with schemas which is included in slapd.conf file.

Lets create one file “working.ldif” where we are going to add following set of code.

Now next part will be adding this working.ldif file to ldap structure for that you need to use following command.

ldapadd -x -D "cn=root,dc=runwalsoft" -w-f working.ldif

After that this will ask for root’s password. enter the password, and done. things are working. now…

how to see structure of our newly created ldap ?.

a) Either you can use php program or b) you can use phpldapadmin

before making the program. I hope you have installed phpldapadmin when you try to visit site http://localhost/phpldapadmin you will see it is asking for login dn and Password

Now dn is the thing which you have written in slapd.conf file so in dn box you have to write the following things.

cn=root,dc=runwalsoft

and in password write down the password . I am expecting that this will allows you to connect and make it working. now let say if you don’t want to login with root then also you can properly use phpldapadmin. just in dn you have to write complete path.

cn=user1,ou=people,dc=runwalsoft

and in pasword : user1

this also allows you to connect to ldap. please note that phpldapadmin only allows you to view bottom childs of your hierarchy and not the parent.

Now you will notice that when we try to create child node for ldap structure we have to use their objectClass so these objectClass differs from schema to schema. Now in the next blog you will learn how to connect ldap using php.

If you have any question don’t hesitate to ask me. I will respond your comments.