Open Admin (OA) can manage an external server running LDAP server software (OpenLDAP). This stores both staff and students that can then be used by other programs such as library software, printing software (cups), workstations (for login access and home directory mounts), CMS (Content Management Systems), and others.
This installation is based on a Debian/Ubuntu server. Other Linux servers will be similar.
The stages include:
apt-get install slapd ldap-utils
This is will also ask for the administrator password for the LDAP server. Enter this and write it down somewhere(!). This will be needed by OA in order to add and update users. Also make sure that you have installed the required perl modules for the ldap scripts ( apt-get install libnet-ldap-perl ).
In the /etc/openldap/ldap.conf file: (ubuntu) or /etc/ldap (debian). change BASE dc=MYSCHOOL, dc=MYDIVISION, dc=CA
URI ldap://MYSCHOOL.MYDIVISION.CA ldap://localhost
database hdb suffix 'dc=myschool,dc=mydivision,dc=ca' rootdn 'cn=admin,dc=myschool,dc=mydivision,dc=ca'
also make sure: rootpw is set, and modules at the top are loaded. (core, cosine, inetorgperson, nis ).
Turn off ability of users to change passwords in ldap, since this is controlled at the OA level by secretaries. They change password in OA, and then update the LDAP server from there.
$ldap_maxuidnumber = 10000; # starting uidnumber value for fill script. $ldap_student_gidnumber = 500; # gid numbers from server. $ldap_staff_gidnumber = 600; $slappasswd = '/usr/local/sbin/slappasswd'; #location of LDAP password utility. $basedn = 'dc=jp2,dc=loccsd,dc=ca'; # Change to YOUR domain setup $servername = '127.0.0.1'; # IP address of the LDAP server to manage; $adminuser = 'cn=admin,dc=jp2,dc=loccsd,dc=ca'; # Change to YOUR domain setup $adminpassword = 'password'; # Ldap Admin password (you wrote down on install) $group_staff = 'staff'; $group_student = 'student'; $org = 'jp2.loccsd.ca'; # Change to YOUR domain setup.
Next, upload this CSV file using the 'Fill' button on the LDAP area of the main OA page. This will place the account information into the OA database. For this to work correctly, the account information for students must be based on the student number with a leading 's'. The staff information must have the same userid as found on the OA server. If this is not the case, you will have to manually edit the CSV file to fix this.
You will now have OA ldap fields filled with the correct information. If there are more users in OA that don't have LDAP information (since they don't exist on the file server), use the Fill button again to fill in any other LDAP user info, automatically. Once done, all users (staff and students) will have LDAP info (uid, uidnumber, gidnumber).
You can then use the Syncrhonize buttons for students and staff to get this LDAP user information into the LDAP server.