LDAP

http://www.debian-administration.org/articles/585#ldap-test1

Install LDAP packages

# apt-get install slapd ldap-utils  libdb4.6
# dpkg-reconfigure slapd

Configure LDAP package

 # dpkg-reconfigure slapd
 ┌───────────────────────────────────┤ Configuring slapd ├───────────────────────────────────┐
 │                                                                                           │
 │ If you enable this option, no initial configuration or database will be created for you.  │
 │                                                                                           │
 │ Omit OpenLDAP server configuration?                                                       │
 │                                                                                           │
 │                          <Yes>                              [<No>]                        │
 │                                                                                           │
 └───────────────────────────────────────────────────────────────────────────────────────────┘

┌───────────────────────────────────┤ Configuring slapd ├────────────────────────────────────┐
│ The DNS domain name is used to construct the base DN of the LDAP directory. For example,   │
│ 'foo.example.org' will create the directory with 'dc=foo, dc=example, dc=org' as base DN.  │
│                                                                                            │
│ DNS domain name:                                                                           │
│                                                                                            │
│ bws.example.com_____________________________________________________________________________ │
│                                                                                            │
│                                          <Ok>                                              │
│                                                                                            │
└────────────────────────────────────────────────────────────────────────────────────────────┘

 ┌──────────────────────────────────┤ Configuring slapd ├───────────────────────────────────┐
 │ Please enter the name of the organization to use in the base DN of your LDAP directory.  │
 │                                                                                          │
 │ Organization name:                                                                       │
 │                                                                                          │
 │ example.com_______________________________________________________________________________ │
 │                                                                                          │
 │                                          <Ok>                                            │
 │                                                                                          │
 └──────────────────────────────────────────────────────────────────────────────────────────┘


 ┌─────────────────────────┤ Configuring slapd ├──────────────────────────┐
 │ Please enter the password for the admin entry in your LDAP directory.  │
 │                                                                        │
 │ Administrator password:                                                │
 │                                                                        │
 │ ********______________________________________________________________ │
 │                                                                        │
 │                                 <Ok>                                   │
 │                                                                        │
 └────────────────────────────────────────────────────────────────────────┘

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ Please enter the admin password for your LDAP directory again to verify   │
 │ that you have typed it correctly.                                         │
 │                                                                           │
 │ Confirm password:                                                         │
 │                                                                           │
 │ ********_________________________________________________________________ │
 │                                                                           │
 │                                  <Ok>                                     │
 │                                                                           │
 └───────────────────────────────────────────────────────────────────────────┘


 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │ The HDB backend is recommended. HDB and BDB use similar storage formats,  │
 │ but HDB adds support for subtree renames. Both support the same           │
 │ configuration options.                                                    │
 │                                                                           │
 │ In either case, you should review the resulting database configuration    │
 │ for your needs. See /usr/share/doc/slapd/README.DB_CONFIG.gz for more     │
 │ details.                                                                  │
 │                                                                           │
 │ Database backend to use:                                                  │
 │                                                                           │
 │                                   [BDB]                                   │
 │                                    HDB                                    │
 │                                                                           │
 │                                                                           │
 │                                  <Ok>                                     │
 │                                                                           │
 └───────────────────────────────────────────────────────────────────────────┘


 ┌─────────────────────┤ Configuring slapd ├─────────────────────┐
 │                                                               │
 │                                                               │
 │                                                               │
 │ Do you want the database to be removed when slapd is purged?  │
 │                                                               │
 │                <Yes>                   [<No>]                 │
 │                                                               │
 └───────────────────────────────────────────────────────────────┘


 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │                                                                           │
 │ There are still files in /var/lib/ldap which will probably break the      │
 │ configuration process. If you enable this option, the maintainer scripts  │
 │ will move the old database files out of the way before creating a new     │
 │ database.                                                                 │
 │                                                                           │
 │ Move old database?                                                        │
 │                                                                           │
 │                    <Yes>                       [<No>]                     │
 │                                                                           │
 └───────────────────────────────────────────────────────────────────────────┘


 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
 │                                                                           │
 │ The obsolete LDAPv2 protocol is disabled by default in slapd. Programs    │
 │ and users should upgrade to LDAPv3.  If you have old programs which       │
 │ can't use LDAPv3, you should select this option and 'allow bind_v2' will  │
 │ be added to your slapd.conf file.                                         │
 │                                                                           │
 │ Allow LDAPv2 protocol?                                                    │
 │                                                                           │
 │                    <Yes>                       [<No>]                     │
 │                                                                           │
 └───────────────────────────────────────────────────────────────────────────┘

Initial LDAP configuration

# vim /etc/ldap/ldap.conf

    BASE  dc=bws,dc=example,dc=com
    URI ldap://172.16.1.200/

# vim /usr/share/slapd/slapd.conf

    loglevel 256
    index           objectClass eq
    index           uid         eq

# invoke-rc.d slapd stop
# slapindex
# chown openldap:openldap /var/lib/ldap/*
# invoke-rc.d slapd start

Initial test

#ldapsearch -x
#sudo slapcat

Creating basic tree structure

# vim ou.ldif
    dn: ou=People,dc=bws,dc=example,dc=com
    ou: People
    objectClass: organizationalUnit

Load the LDIF file into the server

# invoke-rc.d slapd stop
# slapadd -c -v -l ou.ldif
# invoke-rc.d slapd start

Test LDIF

# ldapsearch -x ou=people

Creating user accounts

# vim users.ldif

    dn: cn=omidraha,dc=bws,dc=example,dc=com
    objectClass: person
    objectClass: top
    cn: omidraha
    sn: omidraha

Load the LDIF file into the server

# ldapadd -x -D "cn=admin,dc=bws,dc=example,dc=com" -W -f users.ldif

To define the new user’s password

# ldappasswd -x -D cn=admin,dc=bws,dc=example,dc=com -W -S cn=omidraha,dc=bws,dc=example,dc=com

Verify the user entry has been created

# ldapsearch -x cn=omidraha

Sample python code to test

def auth_by_ldap(username, password, domain='dc=bws,dc=example,dc=com', server='ldap://localhost/'):
    import ldap
    con = ldap.initialize(server)
    dn = 'cn={},{}'.format(username, domain)
    try:
        con.simple_bind_s(dn, password.encode('utf8'))
    except ldap.INVALID_CREDENTIALS:
        return False
    return True