Installing a LDAP server on Debian Linux for use with JIRA
This page contains an example of how to install LDAP on Linux. It's assumed that you are working towards LDAP authentication in JIRA or Confluence.
Install LDAP
On Debian, an LDAP server can be installed with:
apt-get install slapd ldap-utils
Entering the following details when prompted (customize for your organization):
Domain name |
atlassian.com |
Organization name |
Atlassian |
Admin password |
secret |
LDAP v2 protocol |
no |
At this point, you might as well install a graphical LDAP browser, like 'gq'. Connecting anonymously, you'll see there is one entry, cn=admin,dc=atlassian,dc=com
, created.
Create a schema
Rather than try to devise my own LDAP schema, I used the 'migrationtools' package to create a schema, and import system users from /etc/passwd
:
apt-get install migrationtools
- Edit
/etc/migrationtools/migrate_common.ph
, and make the following changes:
@@ -68,10 +68,10 @@
}
- Default DNS domain
-$DEFAULT_MAIL_DOMAIN = "padl.com";
+$DEFAULT_MAIL_DOMAIN = "atlassian.com";
- Default base
-$DEFAULT_BASE = "dc=padl,dc=com";
+$DEFAULT_BASE = "dc=atlassian,dc=com";
- Turn this on for inetLocalMailReceipient
- sendmail support; add the following to
@@ -93,8 +93,8 @@
#$USE_UTF8 = 1;
- Uncomment these to avoid Debian managed system users and groups
-#$IGNORE_UID_BELOW = 1000;
-#$IGNORE_GID_BELOW = 100;
+$IGNORE_UID_BELOW = 1000;
+$IGNORE_GID_BELOW = 100;
- And here's the opposite for completeness
#$IGNORE_UID_ABOVE = 9999;
- Run /usr/share/migrationtools/migrate_all_online
teacup:/usr/share/migrationtools# ./migrate_all_online.sh
Enter the X.500 naming context you wish to import into: [dc=padl,dc=com] dc=atlassian,dc=com
Enter the hostname of your LDAP server Connecting to an LDAP Directory: localhost
Enter the manager DN: [cn=admin,dc=atlassian,dc=com]:
Enter the credentials to bind with:
Do you wish to generate a DUAConfigProfile [yes|no]? no
Importing into dc=atlassian,dc=com...
Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Importing into LDAP...
adding new entry "ou=Hosts,dc=atlassian,dc=com"
adding new entry "ou=Rpc,dc=atlassian,dc=com"
adding new entry "ou=Services,dc=atlassian,dc=com"
adding new entry "nisMapName=netgroup.byuser,dc=atlassian,dc=com"
adding new entry "ou=Mounts,dc=atlassian,dc=com"
adding new entry "ou=Networks,dc=atlassian,dc=com"
adding new entry "ou=People,dc=atlassian,dc=com"
adding new entry "ou=Group,dc=atlassian,dc=com"
adding new entry "ou=Netgroup,dc=atlassian,dc=com"
adding new entry "ou=Protocols,dc=atlassian,dc=com"
adding new entry "ou=Aliases,dc=atlassian,dc=com"
adding new entry "nisMapName=netgroup.byhost,dc=atlassian,dc=com"
adding new entry "cn=postmaster,ou=Aliases,dc=atlassian,dc=com"
ldapadd: update failed: cn=postmaster,ou=Aliases,dc=atlassian,dc=com
ldap_add: Undefined attribute type (17)
additional info: rfc822MailMember: attribute type undefined
/usr/bin/ldapadd: returned non-zero exit status
At this point, you should be able to browse the updated schema in a LDAP browser:
Add users
Still in the migrationtools directory, run:
teacup:/usr/share/migrationtools# ./migrate_passwd.pl /etc/passwd | ldapadd -x -D "cn=admin,dc=atlassian,dc=com" -W
Enter LDAP Password:
adding new entry "uid=nobody,ou=People,dc=atlassian,dc=com"
adding new entry "uid=jturner,ou=People,dc=atlassian,dc=com"
adding new entry "uid=anonymous,ou=People,dc=atlassian,dc=com"
adding new entry "uid=devuser,ou=People,dc=atlassian,dc=com"
adding new entry "uid=jefft,ou=People,dc=atlassian,dc=com"
This creates users, but doesn't set passwords. We must do this manually:
teacup:/usr/share/migrationtools# ldappasswd -x -v -S -W -D "cn=admin,dc=atlassian,dc=com" "uid=jturner,ou=People,dc=atlassian,dc=com"
New password:
Re-enter new password:
Enter LDAP Password:
ldap_initialize( <DEFAULT> )
Result: Success (0)
You should now be able to connect anonymously, or as an authenticated user:
Notes
- Some customers have found it helpful to use Likewise Open for LDAP authentication, as it is easy to install and setup.