Tag Archives: ldap

Migrating Microsoft Virtual Server/PC image to VMware Server

Microsoft has for free the Virtual Server or Virtual PC 2007 SP 1 as virtualization software. I wanted to test Microsoft Windows 2003 R2 Server. On the Virtual Appliance Marketplace at VMware is only a VHD from Microsoft available. A VHD is the Microsoft vm image type. I installed the Microsoft Virtual Server and had no luck to start the vhd image successfully. Virtual PC 2007 works instead. I can start the VM and configure this vm server as active directory, DNS and WINS server like described in this howto. The networking functionality in Microsoft Virtual Server/PC is a pain in my ass. For active directory and dns server is a fixed ip configured inside the vm. No clue on which ip i can reach my vm from the host system. Sun virtualbox works in that aspect more like expected. You can switch between NAT and hostonly mode. With the host only networking mode has the VM a fixed ip inside the host system. So far so good. I tested this with a ubuntu 9.04 server as guest os inside virtualbox. For updates you need to shutdown, reconfigure to use NAT and start the vm again. In NAT mode is the vm only accessible via the virtualbox window. You have to define each port manually if you want to access the NAT vm from outside the virtualbox. Typically i use such a vm ubuntu server as subversion, maven artifactory, … server for development. VMware server 2.x works for me like expected. NAT networking to have internet access from the guest os and full access on all ports from the hostsystem. The guest os see a DHCP networking interface and the host os has a fixed ip to access the vm. So how do i get the 30 days trial edition from Microsoft Windows 2003 server get to run inside VMware server? After setting up the server inside Virtual PC you had to remove the Virtual Machine additions via the menu. This additions are not available as software package inside the software overview in windows 2003 server. Now shutdown the guest os and close virtual pc. With the VMWare vCenter Converter 3.0.3 (Starter Edition) you can convert the VHD to a VMX image for VMWare Server or Player. Select in the last step of the wizard to remove all checkpoints inside the guest os, to install VMWare tools and to setup the networking interface (NAT on one instead of two nic). The VHD image has 1,5 GB and needs on my laptop round about 1h to convert. After that i can start VMWare server and register this new guest os image. The converter has set the type correct to MS Windows 2003 server 32bit. A little bit annoying is that my bluetooth connected mouse works perfect inside Virtual PC but not out of the box inside the VMWare window 🙁 So i grabbed my old usb mouse to have a running mouse. With the Sysinternals ADExplorer i can examine my new active directory from my host os. Inside eclipse 3.5 is Apache Directory Studio a good choice to to access the AD via LDAP.

Howto setup a OpenLDAP Server for Ubuntu 8.10

Most enterprises use LDAP as interface to their company structure database. In the Microsoft world is Active Directory the implementation for LDAP. Under Linux is OpenLDAP the common choice for admins. Such LDAP directories are tree based. OpenLDAP is the reference implementation for LDAP v3.

The JNDI API inside the Java SDK is usable as implementation to access such LDAP directories. With Spring LDAP is more sophisticated API available.

My first code sample works in the company against their OpenLDAP server. For security reasons is the access not possible from outside. So my JUNIT Tests was code red after running in my homeoffice. Maven standard is to run all test prior to build a package like a J2EE war or ear file. So i decided to setup a OpenLDAP server inside my ubuntu 8.10 server vmware server vm.

First step is to retrieve and install the openldap package as root:

  • sudo su –
  • apt-get install slapd ldap-utils nmap php5-ldap db4.2-util

You have to set a password during installation for the OpenLDAP server. Keep that in mind!
Now run the configuration assistant:

  • dpkg-reconfigure slapd

Wizard steps:

  1. omit openldap server configuration? – no
  2. dns domain name? vm.example.org
  3. organization name? myCompany
  4. database backend to use? hdb
  5. do you want the database to be removed when slapd is purged? yes
  6. may be the question: move old database? yes
  7. administrator password? the same one as entered during installation
  8. confirm password? see last step
  9. allow LDAPv2 protocol? no

Now edit the /etc/ldap/ldap.conf file for the client side configuration:

ldap_version 3
URI ldap://localhost:389
SIZELIMIT 0
TIMELIMIT 0
DEREF never
BASE dc=vm,dc=example, dc=org

With the command “ldapsearch -x” you should see the following output:

# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# vm.example.org
dn: dc=vm,dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: myCompany
dc: vm

# admin, vm.example.org
dn: cn=admin,dc=vm,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

For easier admininstration exist a php admin ui called phpldapadmin and can be installed with:

  • apt-get install phpldapadmin
  • ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin

Open now the config file /etc/phpldapadmin/config.php with joe (a editor) and change the line with the ldap node info to:


/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
   auto-detect it for you. */
$ldapservers->SetValue($i,'server','base',array('dc=vm,dc=example,dc=org'));
...
$ldapservers->SetValue($i,'login','dn','cn=admin,dc=vm,dc=example,dc=org');

Check your PHP5 memory settings in /etc/php5/apache2/php.ini:

memory_limit = 64M      ; Maximum amount of memory a script may consume (16MB)

Restart the apache to use this changed configuration

  • /etc/init.d/apache2 restart

and go to:

http://your.vm.ip/phpldapadmin

Click on the login link on the left side and enter as “login dn”:

  • cn=admin,dc=vm,dc=example,dc=org

and your password in mind. First step is now to enter a “organisational unit”:

  • click on the left side on the link beside the world icon “dc=vm…”
  • click on “create a child entry here”
  • choose “organisational unit” as template
  • enter “people” and click on “create object”
  • click on this new orginsational unit people in the tree
  • click on “create a child entry here”
  • choose “Address Book Entry (mozillaOrgPerson)” as template
  • enter “John” as “first name”
  • enter “Doe” as “last name”
  • go to common name (cn) and enter “John Doe”
  • click on “create object”

Now check with “ldapsearch -x” if everything is ok:

# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# vm.example.org
dn: dc=vm,dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: myCompany
dc: vm

# admin, vm.example.org
dn: cn=admin,dc=vm,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# people, vm.example.org
dn: ou=people,dc=vm,dc=example,dc=org
objectClass: organizationalUnit
objectClass: top
ou: people

# John Doe, people, vm.example.org
dn: cn=John Doe,ou=people,dc=vm,dc=example,dc=org
objectClass: inetOrgPerson
objectClass: top
givenName: John
sn: Doe
cn: John Doe

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

Your LDAP server is now running and you can easily configure it inside your favorite browser

LDAP Tree