Ubuntu comes with OpenLDAP as its LDAP server, along with several
LDAP-enabled email clients, including Evolution and Mozilla Thunderbird.
This chapter covers all three of these applications.
Because LDAP data is usually available over the Internet—or at least your
local network—it is imperative that you make every effort to secure your
server. This chapter gives specific instruction on password configuration for
OpenLDAP, and we recommend that you follow the instructions closely.
Configuring the Server
If you have been using LDAP for years, you will be aware of its immense
power and flexibility. But if you are just trying LDAP for the first time, it will
seem like the most broken component you could imagine. LDAP has specific
configuration requirements, is vastly lacking in graphical tools, and has a
large number of acronyms to remember. On the bright side, all the hard work
you put in is worth it because when it works, LDAP improves your
networking experience immensely. You should read this entire chapter and
understand it before you go any further. Then read the README file in
/etc/ldap/schema before you begin configuring your server.
The first step in configuring your LDAP server is to install the client and
server applications. When you install the slapd and ldap-utils
packages from the Ubuntu repositories, you also install three other packages:
odbcinst, odbcinstdebian2, and unixodbc.
By default, Ubuntu configures slapd with the minimum options necessary
to run the daemon. This chapter shows how to configure everything from that
bare-bones installation up to where it will be useful.
Now you need to know the fully qualified domain name (FQDN) of your
server. In a moment, you will begin to write/modify some configuration files,
and this will be a vital part of that process. The example uses
matthewhelmke.com. Whenever you see that, change it to your FQDN.
From the FQDN you acquire your domain component, which is the name of
your domain, as stored in DNS. This is abbreviated as dc. LDAP considers
each part of a domain name (separated by dots) to be a domain component. In
the example, there are two dc items in matthewhelmke.com:
matthewhelmke and com.
OpenLDAP uses a separate directory that contains the cn=config directory
information tree (DIT) to configure the slapd daemon dynamically. This
enables you to modify schema definitions, indexes, and so on without