Deploy and Configure Bitnami OpenLDAP Using Podman on External Servers

This section describes how to deploy and configure Bitnami OpenLDAP using Podman on external servers.

Step 1: Pull and Run the Bitnami OpenLDAP Image

To pull the Bitnami OpenLDAP image, run the following command:

podman run -d --name openldap \
-p 0.0.0.0:1389:1389 \
-p 0.0.0.0:1636:1636 \
-e LDAP_ADMIN_USERNAME=admin \
-e LDAP_ADMIN_PASSWORD=Dell1234\
-e LDAP_ROOT=dc=omnia,dc=test \
-v openldap_data:/bitnami/openldap \
docker.io/bitnamilegacy/openldap:latest

The following are the parameters used in the command:

• -d: Run container in detached mode.

• –name openldap: Assigns a container name.

• -p: Maps host ports to container ports.

• -e: Sets environment variables for admin credentials and domain root.

• -v: Persists data in a local volume.

• docker.io/bitnamilegacy/openldap:latest: Specifies the image.

Step 2: Check the Status of the Container

To check the status of the container, run the following command:

podman ps

Step 3: Create LDIF File

The LDIF (LDAP Data Interchange Format) file is used to define the structure of the LDAP directory. The entries in the LDIF file include organization units, users, and groups.

1. To create an Organization Unit (OU) for users and groups, use the following content:

   dn: ou=People,dc=omnia,dc=test
   objectClass: top
   objectClass: organizationalUnit
   ou: People
   

This creates an organizational unit named People under the base domain.

2. To create a user, use the following content:

   dn: uid=ldapuser,ou=People,dc=omnia,dc=test
   objectClass: inetOrgPerson
   objectClass: posixAccount
   objectClass: shadowAccount
   cn: ldapuser
   sn: ldapuser
   loginShell: /bin/bash
   uidNumber: 2000
   gidNumber: 2000
   homeDirectory: /home/ldapuser
   shadowLastChange: 0
   shadowMax: 0
   shadowWarning: 0
   

This creates a user named ldapuser with standard POSIX attributes.

3. To create a group, use the following content:

   dn: cn=ldapuser,ou=groups,dc=omnia,dc=test
   objectClass: posixGroup
   cn: ldapuser
   gidNumber: 2000
   memberUid: ldapuser
   

This creates a group named ldapuser with a GID of 2000 and adds the user ldapuser to the group.

Step 4: Copy the LDIF Files into the Container

Once you have created the LDIF files (ou_people.ldif, ldapuser.ldif, ldapuser_grp.ldif), copy them into the running OpenLDAP container using the following commands:

podman cp ou_people.ldif openldap:/
podman cp ldapuser.ldif openldap:/
podman cp ldapuser_grp.ldif openldap:/

This command copies all LDIF files into the running OpenLDAP container under the /tmp directory.

Step 5: Add LDIF Files to the Directory

To import the LDIF files into the OpenLDAP directory, run the following commands:

ldapadd -x -H ldap://localhost:1389 -D "cn=admin,dc=omnia,dc=test" -w Dell1234 -f ou_people.ldif
ldapadd -x -H ldap://localhost:1389 -D "cn=admin,dc=omnia,dc=test" -w Dell1234 -f ldapuser.ldif
ldapadd -x -H ldap://localhost:1389 -D "cn=admin,dc=omnia,dc=test" -w Dell1234 -f ldapuser_grp.ldif

The following are the parameters used in this command:

• -x: Use simple authentication.

• -H: LDAP server URL.

• -D: Bind DN (admin distinguished name).

• -w: Admin password.

• -f: File to import.

Step 6: Set Password for OpenLDAP user

To set the password for the OpenLDAP user, run the following command:

ldappasswd -x -D "cn=admin,dc=omnia,dc=test" -W -S -H ldap://localhost:1389 "uid=ldapuser,ou=People,dc=omnia,dc=test"

The following are the parameters used in the command:

• -x: Use simple authentication.

• -D: Bind DN (admin distinguished name).

• -W: Prompt for the admin password.

• -S: Prompt for the new password to assign.

• The user’s full DN identifies which entry to modify.

Step 7: Verify the User in LDAP

To verify the user within the LDAP directory, run the following command:

ldapsearch -x -H ldap://100.98.68.19:1389 -D "cn=admin,dc=omnia,dc=test" -W -b "dc=omnia,dc=test"

The following are the parameters used in the command:

• -b: Search base DN.

• -H: Host and port of the LDAP service.

• This command lists all entries, including your newly created ldapuser.

Troubleshooting

If you encounter any issues, follow these steps:

• Ensure the container ports (1389 and 1636) are open and not blocked by firewalls.

• Check container logs with the following command:

  podman logs openldap
  

• If you encounter schema or DN errors, validate your LDIF syntax using the following command:

  slaptest -f <ldif-file>
  

If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.