Change Root DN Password on OpenLDAP

First, we need to locate the credentials information of the administrator account in the correct database within the LDAP tree.

This can be done using the ldapsearch command:

ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b  cn=config olcRootDN=cn=admin,dc=example,dc=com dn olcRootDN olcRootPW

(replace the olcRootDN value with the correct value to match your configuration)

This command will return something like:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={1}hdb,cn=config
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: {SHA}ks1xBVfgRXavGCpkPefc9hRHL4X=

There are two interesting information we know now:

we need to modify the entry “dn: olcDatabase={1}hdb,cn=config“
the current password is hashed with SHA1 algorythm.
To generate our new password with the same algorythm we'll use the command slappasswd with the syntax:

slappasswd -h <the hashing scheme we want to use - for example {SHA}>

The system will then prompt you for the new password to use, twice, and will finally display the hashed value we’re interested in:

root@testbox:~# slappasswd -h {SHA}
New password:
Re-enter new password:
{SHA}W6ph5Mm7Ps6GglULbPgzG37mj0g=

Then we’ll proceed to modify the entry we’ve identified above using the command:

root@testbox:~# ldapmodify -Y EXTERNAL -H ldapi:///

The system will start the listening mode for modifying commands:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

First, we enter the entry we want to modify:

dn: olcDatabase={1}hdb,cn=config

Second, we type in the parameter we want to modify:

replace: olcRootPW

Third, we type in the new password generated above (copy and paste is MUCH less error prone than manual typing at this point ;) )

olcRootPW: {SHA}W6ph5Mm7Ps6GglULbPgzG37mj0g=

Hit Enter another time to commit the modification and the following line will appear:

modifying entry "olcDatabase={1}hdb,cn=config"

After this, you can exit the listening mode with CTRL+C and restart the LDAP database service using:

service slapd stop
service slapd start

and login now with the new password set.

CloudStack LDAP

References:

• http://docs.cloudstack.org/CloudStack_Documentation/Design_Documents/LDAP_Authentication
• http://docs.cloudstack.org/CloudStack_Documentation/Developer's_Guide%3A_CloudStack

First you need to configure LDAP by making an API call with an URL like this:

http://127.0.0.1:8096/client/api?command=ldapConfig&hostname=127.0.0.1&searchbase=ou%3Dpeople%2Co%3DsevenSeas&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=%20cn%3DJohn+Fryer%2Cou%3Dpeople%2Co%3DsevenSeas&bindpass=secret&port=10389&response=json

Or in a more readable format:

http://127.0.0.1:8096/client/api?command=ldapConfig
&hostname=127.0.0.1
&searchbase=ou%3Dpeople%2Co%3DsevenSeas
&queryfilter=%28%26%28uid%3D%25u%29%29
&binddn=%20cn%3DJohn+Fryer%2Cou%3Dpeople%2Co%3DsevenSeas
&bindpass=secret
&port=10389
&response=json

Note the URL encoded values, here you have the decoded version:

http://127.0.0.1:8096/client/api?command=ldapConfig
&hostname=127.0.0.1
&searchbase=ou=people,o=sevenSeas
&queryfilter=(&(uid=%u))
&binddn= cn=John Fryer,ou=people,o=sevenSeas
&bindpass=secret
&port=10389
&response=json

You can use this link to encode/decode your url -> http://meyerweb.com/eric/tools/dencoder/

After you've created your URL (with encoded values) open your browser, login into cloudstack and then fire up your ldap config URL.
Now if you go back to cloudstack and under "Global Settings" search for LDAP and you should see that LDAP is configured.

Now you have to manually create the user accounts with the same logins as in your LDAP server or you can use the CloudStack API to make a script and "sync" your LDAP users into CloudStack, I've written a PHP script that does this.
You'll have to modify it to match your LDAP schema and you can get it after the break.

OpenKM LDAP auth

Hello, after some time kicking the machine and trying a several configurations, i got it working..

NOTE: for the config options to be red from the file you must first delete the equivalent configs from the web user interface (those are stored in the DB and override the config file)

Checkout the relevant parts of the final configuration files after the break

Configure LDAP authentication for Alfresco

Under the /subsystems/authentication structure, there are folders for ldap, passthru, etc. In the ldap folder, there is a .properties file... ldap-authentication.properties.
This is what you have to edit...
Specifying your server, ldap structure, authentication account, if you sync or not, etc. Go through it, there are pretty good explanations in the comments.

Lastly, edit the repository.properties file... add ldap1:ldap to the chain (probably only has alfrescoNtlm on it?) to activate your ldap config. You can also set this in the alfresco-global.properties file
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/repository.properties
 - or -
file: /opt/alfresco/tomcat/shared/classes/alfresco-global.properties

# The default authentication chain
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

restart, test...

Check out the example after the break.