Tag Archives: openLDAP
In order to operate OpenStack Identity service with an external authentication source, it is necessary that one have an external authentication service available. In the OpenStack Cloud Computing Cookbook, we used OpenLDAP. As installing and configuring OpenLDAP is beyond the scope of the book, that information is provided here.
We will be performing an installation and configuration of OpenLDAP on it’s own Ubuntu 14.04 server.
How to do it…
We will break this into two steps: installing OpenLDAP, and configuring it for use with OpenStack.
Once you are logged in, to your Ubuntu 14.04 node, run the following commands to install OpenLDAP:
We set the Ubuntu installer to non-interactive, as we will be providing the configuration values for OpenLDAP prior to installation:
Next we provide an admin password so OpenLDAP will install:
echo -e " \ slapd slapd/internal/generated_adminpw password openstack slapd slapd/password2 password openstack slapd slapd/internal/adminpw password openstack slapd slapd/password1 password openstack " | sudo debconf-set-selections
Finally, we install OpenLDAP via slapd package:
sudo apt-get install -y slapd ldap-utils
OpenStack has a few requirements regarding which attribute types are used for user information. To accomodate this in our OpenLDAP we need to add these values to the new-attributes schema file:
sudo echo " attributetype ( 1.2.840.1135126.96.36.199 NAME 'userAccountControl' SYNTAX '188.8.131.52.4.1.14184.108.40.206.27' )
objectclass ( 1.2.840.1135220.127.116.11 NAME 'user' DESC 'a user' SUP inetOrgPerson STRUCTURAL MUST ( cn ) MAY ( userPassword $ memberOf $ userAccountControl ) )
" >> /etc/ldap/schema/new-attributes.schema
Finally, restart OpenLDAP:
sudo service slapd restart
How it works…
What we have done here is install OpenLDAP on Ubuntu 14.04. Additionally we created an LDAP schema, configuring the userAccountControl property, and configuring a ‘user’ object to provide login authorization.