Installing a LDAP server on Debian Linux for use with JIRA

This page contains an example of how to install LDAP on Linux. It's assumed that you are working towards LDAP authentication in JIRA or Confluence.

Install LDAP

On Debian, an LDAP server can be installed with:

apt-get install slapd ldap-utils

Entering the following details when prompted (customize for your organization):

Domain name

atlassian.com

Organization name

Atlassian

Admin password

secret

LDAP v2 protocol

no

At this point, you might as well install a graphical LDAP browser, like 'gq'. Connecting anonymously, you'll see there is one entry, cn=admin,dc=atlassian,dc=com, created.

Create a schema

Rather than try to devise my own LDAP schema, I used the 'migrationtools' package to create a schema, and import system users from /etc/passwd:

apt-get install migrationtools

  1. Edit /etc/migrationtools/migrate_common.ph, and make the following changes:

@@ -68,10 +68,10 @@
}

  1. Default DNS domain
    -$DEFAULT_MAIL_DOMAIN = "padl.com";
    +$DEFAULT_MAIL_DOMAIN = "atlassian.com";
  1. Default base
    -$DEFAULT_BASE = "dc=padl,dc=com";
    +$DEFAULT_BASE = "dc=atlassian,dc=com";
  1. Turn this on for inetLocalMailReceipient
  2. sendmail support; add the following to
    @@ -93,8 +93,8 @@
    #$USE_UTF8 = 1;
  1. Uncomment these to avoid Debian managed system users and groups
    -#$IGNORE_UID_BELOW = 1000;
    -#$IGNORE_GID_BELOW = 100;
    +$IGNORE_UID_BELOW = 1000;
    +$IGNORE_GID_BELOW = 100;
  1. And here's the opposite for completeness
    #$IGNORE_UID_ABOVE = 9999;
  1. Run /usr/share/migrationtools/migrate_all_online

teacup:/usr/share/migrationtools# ./migrate_all_online.sh
Enter the X.500 naming context you wish to import into: [dc=padl,dc=com] dc=atlassian,dc=com
Enter the hostname of your LDAP server Connecting to an LDAP Directory: localhost
Enter the manager DN: [cn=admin,dc=atlassian,dc=com]:
Enter the credentials to bind with:
Do you wish to generate a DUAConfigProfile [yes|no]? no

Importing into dc=atlassian,dc=com...

Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Importing into LDAP...
adding new entry "ou=Hosts,dc=atlassian,dc=com"

adding new entry "ou=Rpc,dc=atlassian,dc=com"

adding new entry "ou=Services,dc=atlassian,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=atlassian,dc=com"

adding new entry "ou=Mounts,dc=atlassian,dc=com"

adding new entry "ou=Networks,dc=atlassian,dc=com"

adding new entry "ou=People,dc=atlassian,dc=com"

adding new entry "ou=Group,dc=atlassian,dc=com"

adding new entry "ou=Netgroup,dc=atlassian,dc=com"

adding new entry "ou=Protocols,dc=atlassian,dc=com"

adding new entry "ou=Aliases,dc=atlassian,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=atlassian,dc=com"

adding new entry "cn=postmaster,ou=Aliases,dc=atlassian,dc=com"
ldapadd: update failed: cn=postmaster,ou=Aliases,dc=atlassian,dc=com
ldap_add: Undefined attribute type (17)
additional info: rfc822MailMember: attribute type undefined

/usr/bin/ldapadd: returned non-zero exit status

At this point, you should be able to browse the updated schema in a LDAP browser:

Add users

Still in the migrationtools directory, run:

teacup:/usr/share/migrationtools# ./migrate_passwd.pl /etc/passwd | ldapadd -x -D "cn=admin,dc=atlassian,dc=com" -W
Enter LDAP Password:
adding new entry "uid=nobody,ou=People,dc=atlassian,dc=com"

adding new entry "uid=jturner,ou=People,dc=atlassian,dc=com"

adding new entry "uid=anonymous,ou=People,dc=atlassian,dc=com"

adding new entry "uid=devuser,ou=People,dc=atlassian,dc=com"

adding new entry "uid=jefft,ou=People,dc=atlassian,dc=com"

This creates users, but doesn't set passwords. We must do this manually:

teacup:/usr/share/migrationtools# ldappasswd -x -v -S -W -D "cn=admin,dc=atlassian,dc=com" "uid=jturner,ou=People,dc=atlassian,dc=com"
New password:
Re-enter new password:
Enter LDAP Password:
ldap_initialize( <DEFAULT> )
Result: Success (0)

You should now be able to connect anonymously, or as an authenticated user:

Notes

  • Some customers have found it helpful to use Likewise Open for LDAP authentication, as it is easy to install and setup.
Last modified on Feb 23, 2011

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.