LDAP

http://www.debian-administration.org/articles/585#ldap-test1

Install LDAP packages

# apt-get install slapd ldap-utils  libdb4.6
# dpkg-reconfigure slapd

Configure LDAP package

 # dpkg-reconfigure slapd
 ┌───────────────────────────────────┤ Configuring slapd ├───────────────────────────────────┐
                                                                                              If you enable this option, no initial configuration or database will be created for you.                                                                                                Omit OpenLDAP server configuration?                                                                                                                                                                              <Yes>                              [<No>]                                                                                                                     └───────────────────────────────────────────────────────────────────────────────────────────┘

┌───────────────────────────────────┤ Configuring slapd ├────────────────────────────────────┐
│ The DNS domain name is used to construct the base DN of the LDAP directory. For example,   │
│ 'foo.example.org' will create the directory with 'dc=foo, dc=example, dc=org' as base DN.  │
│                                                                                            │
│ DNS domain name:                                                                           │
│                                                                                            │
│ bws.example.com_____________________________________________________________________________ │
│                                                                                            │
│                                          <Ok>                                              │
│                                                                                            │
└────────────────────────────────────────────────────────────────────────────────────────────┘

 ┌──────────────────────────────────┤ Configuring slapd ├───────────────────────────────────┐
  Please enter the name of the organization to use in the base DN of your LDAP directory.                                                                                               Organization name:                                                                                                                                                                    example.com_______________________________________________________________________________                                                                                                                                       <Ok>                                                                                                                                        └──────────────────────────────────────────────────────────────────────────────────────────┘


 ┌─────────────────────────┤ Configuring slapd ├──────────────────────────┐
  Please enter the password for the admin entry in your LDAP directory.                                                                             Administrator password:                                                                                                                           ********______________________________________________________________                                                                                                            <Ok>                                                                                                             └────────────────────────────────────────────────────────────────────────┘

 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
  Please enter the admin password for your LDAP directory again to verify     that you have typed it correctly.                                                                                                                       Confirm password:                                                                                                                                       ********_________________________________________________________________                                                                                                                <Ok>                                                                                                                  └───────────────────────────────────────────────────────────────────────────┘


 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
  The HDB backend is recommended. HDB and BDB use similar storage formats,    but HDB adds support for subtree renames. Both support the same             configuration options.                                                                                                                                  In either case, you should review the resulting database configuration      for your needs. See /usr/share/doc/slapd/README.DB_CONFIG.gz for more       details.                                                                                                                                                Database backend to use:                                                                                                                                                                  [BDB]                                                                        HDB                                                                                                                                                                                                                               <Ok>                                                                                                                  └───────────────────────────────────────────────────────────────────────────┘


 ┌─────────────────────┤ Configuring slapd ├─────────────────────┐
                                                                                                                                                                                                  Do you want the database to be removed when slapd is purged?                                                                                   <Yes>                   [<No>]                                                                                  └───────────────────────────────────────────────────────────────┘


 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
                                                                              There are still files in /var/lib/ldap which will probably break the        configuration process. If you enable this option, the maintainer scripts    will move the old database files out of the way before creating a new       database.                                                                                                                                               Move old database?                                                                                                                                                         <Yes>                       [<No>]                                                                                                  └───────────────────────────────────────────────────────────────────────────┘


 ┌───────────────────────────┤ Configuring slapd ├───────────────────────────┐
                                                                              The obsolete LDAPv2 protocol is disabled by default in slapd. Programs      and users should upgrade to LDAPv3.  If you have old programs which         can't use LDAPv3, you should select this option and 'allow bind_v2' will    be added to your slapd.conf file.                                                                                                                       Allow LDAPv2 protocol?                                                                                                                                                     <Yes>                       [<No>]                                                                                                  └───────────────────────────────────────────────────────────────────────────┘

Initial LDAP configuration

# vim /etc/ldap/ldap.conf

    BASE  dc=bws,dc=example,dc=com
    URI ldap://172.16.1.200/

# vim /usr/share/slapd/slapd.conf

    loglevel 256
    index           objectClass eq
    index           uid         eq

# invoke-rc.d slapd stop
# slapindex
# chown openldap:openldap /var/lib/ldap/*
# invoke-rc.d slapd start

Initial test

#ldapsearch -x
#sudo slapcat

Creating basic tree structure

# vim ou.ldif
    dn: ou=People,dc=bws,dc=example,dc=com
    ou: People
    objectClass: organizationalUnit

Load the LDIF file into the server

# invoke-rc.d slapd stop
# slapadd -c -v -l ou.ldif
# invoke-rc.d slapd start

Test LDIF

# ldapsearch -x ou=people

Creating user accounts

# vim users.ldif

    dn: cn=omidraha,dc=bws,dc=example,dc=com
    objectClass: person
    objectClass: top
    cn: omidraha
    sn: omidraha

Load the LDIF file into the server

# ldapadd -x -D "cn=admin,dc=bws,dc=example,dc=com" -W -f users.ldif

To define the new user’s password

# ldappasswd -x -D cn=admin,dc=bws,dc=example,dc=com -W -S cn=omidraha,dc=bws,dc=example,dc=com

Verify the user entry has been created

# ldapsearch -x cn=omidraha

Sample python code to test

def auth_by_ldap(username, password, domain='dc=bws,dc=example,dc=com', server='ldap://localhost/'):
    import ldap
    con = ldap.initialize(server)
    dn = 'cn={},{}'.format(username, domain)
    try:
        con.simple_bind_s(dn, password.encode('utf8'))
    except ldap.INVALID_CREDENTIALS:
        return False
    return True

Apache LDAP Directory Studio

https://directory.apache.org/studio/downloads.html