Installing a LDAP server on Debian Linux for use with JIRA

All Versions

JIRA 4.0 Beta Documentation

Index

There are some great instructions on the general process of installing LDAP on Linux at http://www.metaconsultancy.com/whitepapers/ldap.htm

This page just documents how it worked for me. I assume you are working towards LDAP authentication in JIRA or Confluence.

Install LDAP

On Debian, an LDAP server can be installed with:

apt-get install slapd ldap-utils

Entering the following details when prompted (customize for your organization):

Domain name atlassian.com
Organization name Atlassian
Admin password secret
LDAP v2 protocol no

At this point, you might as well install a graphical LDAP browser, like 'gq'. Connecting anonymously, you'll see there is one entry, cn=admin,dc=atlassian,dc=com, created.

Create a schema

Rather than try to devise my own LDAP schema, I used the 'migrationtools' package to create a schema, and import system users from /etc/passwd:

apt-get install migrationtools

  1. Edit /etc/migrationtools/migrate_common.ph, and make the following changes:

@@ -68,10 +68,10 @@
}

  1. Default DNS domain
    -$DEFAULT_MAIL_DOMAIN = "padl.com";
    +$DEFAULT_MAIL_DOMAIN = "atlassian.com";
  1. Default base
    -$DEFAULT_BASE = "dc=padl,dc=com";
    +$DEFAULT_BASE = "dc=atlassian,dc=com";
  1. Turn this on for inetLocalMailReceipient
  2. sendmail support; add the following to
    @@ -93,8 +93,8 @@
    #$USE_UTF8 = 1;
  1. Uncomment these to avoid Debian managed system users and groups
    -#$IGNORE_UID_BELOW = 1000;
    -#$IGNORE_GID_BELOW = 100;
    +$IGNORE_UID_BELOW = 1000;
    +$IGNORE_GID_BELOW = 100;
  1. And here's the opposite for completeness
    #$IGNORE_UID_ABOVE = 9999;
  1. Run /usr/share/migrationtools/migrate_all_online

teacup:/usr/share/migrationtools# ./migrate_all_online.sh
Enter the X.500 naming context you wish to import into: [dc=padl,dc=com] dc=atlassian,dc=com
Enter the hostname of your LDAP server Integrating JIRA with LDAP: localhost
Enter the manager DN: [cn=admin,dc=atlassian,dc=com]:
Enter the credentials to bind with:
Do you wish to generate a DUAConfigProfile [yes]? no

Importing into dc=atlassian,dc=com...

Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Importing into LDAP...
adding new entry "ou=Hosts,dc=atlassian,dc=com"

adding new entry "ou=Rpc,dc=atlassian,dc=com"

adding new entry "ou=Services,dc=atlassian,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=atlassian,dc=com"

adding new entry "ou=Mounts,dc=atlassian,dc=com"

adding new entry "ou=Networks,dc=atlassian,dc=com"

adding new entry "ou=People,dc=atlassian,dc=com"

adding new entry "ou=Group,dc=atlassian,dc=com"

adding new entry "ou=Netgroup,dc=atlassian,dc=com"

adding new entry "ou=Protocols,dc=atlassian,dc=com"

adding new entry "ou=Aliases,dc=atlassian,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=atlassian,dc=com"

adding new entry "cn=postmaster,ou=Aliases,dc=atlassian,dc=com"
ldapadd: update failed: cn=postmaster,ou=Aliases,dc=atlassian,dc=com
ldap_add: Undefined attribute type (17)
additional info: rfc822MailMember: attribute type undefined

/usr/bin/ldapadd: returned non-zero exit status

At this point, you should be able to browse the updated schema in a LDAP browser:

Add users

Still in the migrationtools directory, run:

teacup:/usr/share/migrationtools# ./migrate_passwd.pl /etc/passwd | ldapadd -x -D "cn=admin,dc=atlassian,dc=com" -W
Enter LDAP Password:
adding new entry "uid=nobody,ou=People,dc=atlassian,dc=com"

adding new entry "uid=jturner,ou=People,dc=atlassian,dc=com"

adding new entry "uid=anonymous,ou=People,dc=atlassian,dc=com"

adding new entry "uid=devuser,ou=People,dc=atlassian,dc=com"

adding new entry "uid=jefft,ou=People,dc=atlassian,dc=com"

This creates users, but doesn't set passwords. We must do this manually:

teacup:/usr/share/migrationtools# ldappasswd -x -v -S -W -D "cn=admin,dc=atlassian,dc=com" "uid=jturner,ou=People,dc=atlassian,dc=com"
New password:
Re-enter new password:
Enter LDAP Password:
ldap_initialize( <DEFAULT> )
Result: Success (0)

You should now be able to connect anonymously, or as an authenticated user:
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.


Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.