Recently, I’ve needed to setup an open source centralized authentication server. After research and testing some of the options, I settled on OpenDS, and while I’m leery of anything running Java, I’ll admit… OpenDS is really nice. Most importantly, getting it up and running is a piece of cake.
If you stop by
OpenDS’s website, you’ll find a big “Get 2.2 Now” button. This does a WebStart install, which I’ve never seen before, but works fairly well on Windows and OSX environments. I’m sure it would also work under Linux, provided I had a Linux machine that ran a GUI (which I generally don’t). So these instructions will cover installing it from the command line, and some basic post-install configuration from the GUI (it’s just so much easier).
- apt-get install python-software-properties
- add-apt-repository “deb http://archive.canonical.com/ lucid partner”
- From Lucid Release Notes
- apt-get update
- apt-get install sun-java6-jre unzip
- wget http://www.opends.org/promoted-builds/2.2.0/OpenDS-2.2.0.zip
- unzip OpenDS-2.2.0.zip
- mv OpenDS-2.2.0 /opt/opends/
- /opt/opends/bin/create-rc-script —outputFile /etc/init.d/opends
- update-rc.d opends defaults
- /etc/init.d/opends start
- cd /opt/opends/
- ./setup
- Answer the on screen instructions, the defaults should be acceptable in most cases, but I prefer to turn on SSL and StartTLS
That’s it. Like I said, not exactly rocket science. If you do the WebStart on a machine with a GUI, you’ll be installed in even less time. After that you can use the GUI to populate your server instance with useful data. So on your GUI equipped machine (which you’ve installed OpenDS onto):
- Launch ./opends/bin/control-panel (Or ./opends/bat/control-panel.bat — for Windows)
- Select “Remote Server”
- Enter the IP address
- Leave port 4444 (unless you changed it)
- Change ‘cn=Directory Manager’ to your admin username
- Enter your password
- Ok!
At this point there are two important screens for someone who wants to get up and running pronto:
- Schema > Manage Schema — The allows you to see what schema is built into OpenDS (basically everything in the LDAP RFC’s) and lets you add your own schema. Simply hit “New Attribute” or “New Object Class”
- Directory Data > Manage Entries — This is where you’ll go to add/delete/change all the information in your directory. I think this interface is probably the best of all the LDAP interfaces I’ve tried (Including Apache Directory Studio and phpLDAPadmin)
I would suggest creating (under the base DN you specified during the install, something like ‘dc=test,dc=com’): At least 2 new Organizational Units. ‘ou=People’ and ‘ou=Groups’. Those two are the standards for Users and Groups, respectively. After you have the ou’s, you can right click and create new people or groups. A word of advice on Groups, I haven’t had a lot of luck on application compatibility with “Dynamic Group” or “Virtual Static Group”. I’ve found it is much safer to stick with “Static Group”.