Skip to main content

Setup OpenLDAP on MAC

By Sagar Chaudhari

macOS (Mac OS X or OS X) is the current series of Unix-based graphical operating systems developed and marketed by Apple Inc. designed to run on Apple's Macintosh computers ("Macs"). Within the market of desktop, laptop and home computers, and by web usage, it is the second most widely used desktop OS after Microsoft Windows. Recently, while working on one of my projects, there was a requiremnt to integrate our system with LDAP i.e. Lightweight Directory Access Protocol (LDAP). So, I wanted to try out some samples by installing OpenLDAP on my MAC. Initially, it looked streightforward but later I realized that there are multiple steps involved to get OpenLDAP up and running in my Mac. So, I thought of documenting various steps so that others can refer them.

What do you need to begin?

  • MAC
    • Obviously you need MAC because these steps will work only for MAC (Sorry Windows users)
  • Homebrew
    • This is a package manager for macOS. Click here and follow the instruction to install this on your MAC.
  • OpenLDAP
    • Click here and download the .tgz file. At the time of this blog, the latest available version was 2.4.45
  • JXplorer
    • This is an open source LDAP browser. Click here and download osx.zip file. At the time of this blog, the latest available version was 3.3.1.2

Setup

Lets begin the step now. I am assuming that you already have Homebrew installed. Now, we need to install Berkeley Database which is needed for OpenLDAP. Open "Terminal" and execute following command to install Berkeley DB.
brew install berkeley-db4
view raw install-berkeley-db4.txt hosted with ❤ by GitHub

Output after executing the command:
If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/berkeley-db@4/bin:$PATH"' >> ~/.bash_profile
For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/berkeley-db@4/lib
CPPFLAGS: -I/usr/local/opt/berkeley-db@4/include
view raw install-berkeley-db4-output.txt hosted with ❤ by GitHub

Now, its time to configure OpenLDAP. Extract the contents of OpenLDAP .tgz file. Open "Terminal" and go to the openldap-<version> folder and execute following command.
./configure CPPFLAGS="-I/usr/local/opt/berkeley-db@4/include" LDFLAGS="-L/usr/local/opt/berkeley-db@4/lib"
view raw openldap-configure-command.txt hosted with ❤ by GitHub
Note that LDFLAGS and CPPFLAGS values are taken from the output of Berkeley DB install command.

If everything is successful, last line of above command should be: Please "make depend" to build dependencies.Next step? Yes, we will execute this command.
make depend
view raw make-depend-command.txt hosted with ❤ by GitHub
This will take time, but once this is done we will execute following command which will build OpenLDAP and make it ready to install.
make
view raw make-command.txt hosted with ❤ by GitHub
Now, following step is optional but it is recommended. This command will execute various unit tests. Executing unit tests will take time, so be patient.
make test
view raw make-test-command.txt hosted with ❤ by GitHub
Once all the tests are complete and successful, we are now ready to install OpenLDAP. Following command will install OpenLDAP on your MAC.
make install
view raw make-install-command.txt hosted with ❤ by GitHub
Now the installation is complete. After installation two folders are generated. The first one is /usr/local/var/openldap-data where data is stored. Second one is /usr/local/etc/openldap where all the installation files will be present. Here are the steps for configuring slapd.conf file.
Step 1. Go to following folder.
cd /usr/local/etc/openldap
Step 2. Open slapd.conf file.
vi slapd.conf
Step 3. You will see this line:
include /usr/local/etc/openldap/schema/core.schema
Step 4. Add following lines:
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
Step 5. Update suffix to desired value:
suffix "dc=my-domain,dc=com"
Step 6. Update rootdn, it should match with above suffix value:
rootdn "cn=Manager,dc=my-domain,dc=com"
Step 7. Update rootpw:
rootpw secret
view raw slapd-conf.txt hosted with ❤ by GitHub
The slapd.conf file contains "rootpw". You can choose to keep this value in plaintext format which can be a security issue. If you choose to encrypt the value, then you will have to execute following command which generates encrypted password.
To generate password hash:
./slappasswd -s <NewPassword>
view raw slappasswd-command.txt hosted with ❤ by GitHub
Now execute following command to launch OpenLDAP.
sudo /usr/local/libexec/slapd -d3
view raw launch-openldap-command.txt hosted with ❤ by GitHub
Now, create root-ou.ldif file with following contents.
dn:dc=my-domain,dc=com
objectClass:dcObject
objectClass:organizationalUnit
dc:my-domain
ou:my-domain
view raw root-ou.ldif hosted with ❤ by GitHub
Finally, execute following command to add root organization unit.
ldapadd -D "cn=Manager,dc=my-domain,dc=com" -W -x -f /<Location>/root-ou.ldif
view raw add-root-ou.txt hosted with ❤ by GitHub
You can now use any LDAP browser to manage LDAP tree. I am using JXplorer.
All the best!

P.S. Click here to access my other posts.

Labels

Labels:

Comments

  1. imaneMay 21, 2020 at 6:03 AM

    thank you for sharing this article very interesting. please i had a problem after executing command to add root organization unit. it asks me to enter ldap password so in this case wich password should be enter .and thank you so much

    ReplyDelete
  2. KITS TechnologiesApril 28, 2021 at 4:17 AM

    nice post.
    mulesoft online training
    linux online training

    ReplyDelete
  3. UnknownMay 10, 2021 at 5:26 AM

    successfully installed this thing.
    One moment - directory /usr/local/var/openldap-data - didn't appear - so, I had to create it manually.

    ReplyDelete
  4. LavanyaDecember 10, 2021 at 1:51 AM

    Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing
    Mule 4 Training
    Best Mulesoft Online Training

    ReplyDelete

Post a Comment

Popular posts from this blog

Postman - Set Timeout / Think Time / Pause / Delay

By Sagar Chaudhari
Those who are involved in API or web service development should be knowing about Postman , it is one of the most popular tools to build API requests and test them. Collection Runner is one of the feature of Postman . You can create one or more requests and group them in Collection, and as name suggests, you can run the entire collection i.e. series or requests. What if you need to add "Think Time" or "Delay" or "Pause" between two requests? It is surely possible, here are some options: Using Collection Runner GUI This option will be applicable to all the requests in the collection In the Collection Runner window, enter value for Delay in milliseconds Using Command Line This option will be applicable to all the requests in the collection Newman is a comman line collection runner for Postman Command To Execute: newman run <collection-file-source> --delay-request [number] Click here to get the details about Newman Newman installation...
245 comments
Read more

How to Extract Values from Response Header in JMeter?

By Sagar Chaudhari
JMeter is a powerful tool for API testing. Let's say you are are writing test cases for one of your RESTful service; and you want to extract and validate the value returned as part of response header. It is little bit tricky to extract the value from Response Header in JMeter , but it is possible. For example, your RESTful service returns "ETag" in response header. When you look at the raw response data, the value is displayed something like this: ETag: 2666d92fa9ebf10250acdb235546f045 To exact value of this reaponse header in JMeter: Right click on your HTTP request, then add Post Processor element - Regular Expression Extractor Select Radio button - Main sample only Select Radio burron - Response Headers Type some name in Reference Name section - for example, eTagVariable Type this expression in Reference Expression section - ETag:\s+(.+) IMPORTANT: This expression will select pick the ETag response header parameter and select everything after colon bla...
6 comments
Read more

MuleSoft - Static IP Addresses and Multiple Workers

By Sagar Chaudhari
Did you just realize that your Mule Application requires horizontal scalling ? Well, thats easy - just go to CloudHub Runtime Manager, select your application and change the "Workers" count from 1 to either 2, 3 or 4. If numbers are grayed out, then you might have to adjust the "Worker Size", or purchase additional capacity from MuleSoft. So, what is the issue then? At the time of the blog post, based on Mule documentation, if you are using only 1 worker and if you want to apply static IP, then you can simply navigate to "Static IPs" section in Runtime Manager and allocate the static IP address. The issue is when you want to apply Static IP addresses for more than 1 workers for various reasons including IP whitelisting. Based on Mule documentation you cannot apply static IPs if you are using more than 1 worker. From Mule Documentation: "Static IPs are not supported for private IP addresses inside a CloudHub VPC and it is only supported for app...
18 comments
Read more

Sublime Text 3 - Pertty Format JSON

By Sagar Chaudhari
You must be looking for some easy options to pretty format JSON data. Well, there are many websites which provides this capability and you can pretty format JSON data in browser. I use Sublime Text 3 text editor, and I was trying to see if I can pretty format JSON within the text editor itself. You can follow these simple steps: Open Sublime Text 3 text editor If you are using MAC OS Press Command + Shift + P Then select "Install Package" Search for "Pretty JSON" Install If you are using Windows OS Press CTRL + Shift + P Then select "Install Package" Search for "Pretty JSON" Install Once the installation is complete, select JSON string If you are using MAC OS Press Command + Control + J If you are using Windows OS Press CTRL + ALT + J Thats it! Now you don't have to copy your JSON string from Sublime Text 3, paste in your browser, format it, then copy formatted JSON from browser and paste it back in your Sublime...
3 comments
Read more

MuleSoft - JSON Schema Validation with Dynamic Schema Location

By Sagar Chaudhari
While working on a Mule Application project, if you a planning to validate JSON payload against some JSON schema , and more importantly if you want to pass schema location dynamically, then this post will be benificial for you. Mule provides JSON Schema Validator as out of the box feature. From mule documentation , evaluates JSON payloads at runtime and verifies that they match a referenced JSON schema. You can match against schemas that exist in a local file or in an external URI. If the validation fails, an exception is raised with feedback about what went wrong and a reference to the original invalid payload. Above code works but here is the catch, in my scenario, the schema location was dynamic. Let's say the schema location is present in the database. Once the schema location value is retrieved from database, it is stored in a flow variable. For simplicity, I am creating a flow variable with hard-coded value. In actual application, the flow variable value will be the va...
9 comments
Read more

VirtualBox - Access Guest Localhost from Host Computer

By Sagar Chaudhari
Oracle VirtualBox is a free, open source and powerful virtualization tool. Some minor configurations tweaks are required to access guest localhost from host computer. I am running VirtualBox with Ubuntu on my MAC OS. One easy way to access guest localhost from host computer is to start VirtualBox with following configurations. I have Ubuntu installed on virtual machine, but steps should be similar for other OS versions as well: Shut down virtual machine In VirtualBox, right click on the virtual machine and go to " Settings " Select " Network " tab Select " Adapter1 " Select " Enable Network Adapter " checkbox Click on " Attached to " drop down box and select " Host-only Adapter " Next, go to " Advanced " section Click on " Promiscuocus Mode " drop down box and select " Allow VMs " Finally, launch virtual machine  Now, open command promt or terminal window and type " ifconfig ...
7 comments
Read more

MuleSoft LDAP Connector With Example

By Sagar Chaudhari
As we all know, the L ightweight D irectory A ccess Protocol ( LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users. This has a major benefit that allows a central place to update and change user passwords. With MuleSoft’s LDAP Connector , we can access and maintain directory information services over an IP network by connecting to any LDAP server. LDAP Connector is developed by MuleSoft's developer community and it is categorized as Community Connectors. Latest LDAP Connector documentation is available here . Unfortunately, the information and examples of this connector are limited and scattered all over the web. Today, I am trying to cover as many details as p...
12 comments
Read more

Access GitHub Repositories with SourceTree and 2FA (2 Factor Authentication)

By Sagar Chaudhari
Many developers and organizations use GitHub as code repository. Similarly, many prefer to commit code in GitHub repositories using various commands. I personally think that using any kind of user interface for committing code and performing various GIT operations is much more simpler and productive. SourceTree is one such Atlassian product. SourceTree is a free Git client and provides beautiful GUI that offers a visual representation for various Git repositories. For added security, you can enable 2FA (i.e. 2 Factor Authentication) for your GitHub account. Configuring GitHub with SourceTree is very very simple. Here are the steps on MAC OS (steps on Windows OS are similar): If you have not enabled 2FA: Open SourceTree and go to Preferences Select Accounts Click on Add button to add account On the pop-up window, select Host as "GitHub" Select Auth Type as "Basic" Type your GitHub username (not email) Type your password Select Protocol as HTTPS...
9 comments
Read more

Run JMeter Tests with Maven

By Sagar Chaudhari
In this article, I will be focusing on configuring JMeter with Maven but lets first understand some basics of JMeter and Maven. The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance. These days, performance testing is very very important especially when the applications are targeting large number of users. There are many tools available in market, some are paid, some are free. Apache JMeter is one such free and open source software. Though JMeter's was initially developed for load testing web applications, it is now far more advanced. The biggest advantage of the JMeter is that it can do many things like performance and functional testing for web services, databases, FTPs or Web Servers, LDAP, JMS, trigger emails/notifications. Most of these features are implemented with plugins. JMeter is powerful, easy to install and use and FREE! It is a Java desktop application with simple us...
Post a Comment
Read more