Configure LDAP services – Apache Directory

December 10, 2024 Code Vault Curators

In this blog article, we will see more in detail about directory services and LDAP protocols. We will also set up our own directory service.

Let’s start with the directory.

What is a directory?

Directory is a collection or list of data and they saves the information and provides them when needed.

Real time examples are – telephone directory and computer folders.

These data are stored in a hierarchical structure and retrieved when needed. Cool.

So, What is a directory service?

It is a solution that provides the information stored in a directory.

Okay, you ask me to search for a phone number in the telephone directory, here I act as the directory service and provide you with the information.

In software, this can be a program that access the stored data. The program may use some protocol. Remember LDAP? – Lightweight Directory Access Protocol.

The data or resources (objects) are usually organized hierarchically and are identified by a set of attributes

Hierarchy refers to levels. If you look at the above picture, on the hierarchical data we see there are 4 levels.

The root level then the organization level, then organization unit level and finally Person level.

There are many directory services in the market and most of them support LDAP implementations. I mean these directories service through LDAP protocol.

Usually if you pick any organization, they maintain their employee records in their own directory services. For any multinational company, the hierarchy can start on the region level – US, Europe, Asia then on the department level, then can be on practice level…. The hierarchy can go on.

Let’s look at some popular LDAP implementation directory services

Active directory – Microsoft’s directory service for Windows
Apache directory server.
Redhat directory server
Oracle internet directory
IBM Tivoli directory server
OpenLDAP

You see almost all of the IT manufacturing giants have their own release version of directory service. Most of them are licensed.

Business Requirement: Myknowtech is an Pega specialized organization and they have their own pega HR applications. All employees in Myknowtech Organization have to access the pega application through LDAP URL. It means they need to validate against the credentials stored in the organization directory. The organization won’t have a big budget to have a licensed directory service. Finally, Board decided to go with a open-source directory service and the name is Apache directory server.

Let’s start with setting up the apache directory server.

How to download and install the apache directory server?

You need to download minimum two packages.

Apache directory studio
Apache directory server

Note: The downloads vary per LDAP implementation.

1. Apache Directory Studio

Step 1: Download the Apache directory studio

You can follow the link – https://directory.apache.org/studio/downloads.html

In that link, based on your operating system download the package.

In this tutorial I am using Windows 64 bit installer package.

Step 2: Proceed with the default installation steps – Yes, Yes, Yes

And then install it

Step 3: Now go to the right folder and start the apache directory studio.

Oh, I don’t have a java virtual machine to run the apache directory studio. It is a java program.

Have the JVM installed in the right directory (mine is new laptop, hope you have it already)

Place the JRE in the right path and run the application again

Step 4: You should see the LDAP – Apache directory studio

Now, we need to download and install the apache directory server. The steps follow the same as studio

2. Apache Directory Server

Step 1: Download the Apache directory studio

You can follow the link – https://directory.apache.org/apacheds/downloads.html

In that link, based on your operating system, download the package.

Step 2: Proceed with the default installation steps, same as above

Step 3: You should see the package successfully installed.

Run the Manage ApacheDS application

If you are in Windows OS, you will see the Services window with an entry for ApacheDS.

I just selected and started the service (server). It is running in my machine locally. In other terms, my machine is the local host for this apache server.

Till now, we did download and installed the apache server and studio and now the server is up and running in my machine.

How to setup your own directory in Apache server?

I have broken this into 3 stages.

a) Set up the connection from Apache studio to the Apache server

We are going to connect to the Apache DS default server, which is running in the local machine.

Step 1: Open the Apache studio and navigate to LDAP tab – New Connection.

Step 2: Provide the following configuration details

Connection name – an appropriate name

HostName – localhost

Port – 389 / 10389

10389 can be used for StartTLS and 10636 for SSL. Here we use 10389.

Step 3: provide the authentication details.

Eventually, different applications including Pega should connect to this LDAP server and these servers should be secured in a right way.

The default Apache server uses, simple authentication and the below binding parameter.

Username: uid=admin,ou=system

Ou stands for organization unit

Password: secret

Click Finish.

I have successfully connected to the LDAP server 😊

Note: You can always, connect and disconnect from the Connections viewer.

You can always edit the configuration details from the connection view.

LDAP browser view

In the LDAP browser view, you will see the directory structure and the entries you made in your LDAP directory.

You see under the default ou=system (we call it as partition), a new uid=admin is created. You only gave the attribute values while connecting to the default server.

You can double click on the UID=admin and change the password for the admin if needed.

No, not if needed! You should always change the default password 😉

Now let’s take about partitions.

What are partitions?

Usually all the entries are stored in partitions. Each partition can refer to the tree structure, the hierarchical data.

If you think in real time, a multinational company can have different partitions based on different regions where as a small company can have a single partition at the organization level.

I will show you how to define a new partition.

b) Set up your own partition

Step 1: Go to the connections view and right click on the myknowpega connection and the click on Open Configuration.

Step 2: Switch to the partitions tab.

There you will see the default partitions – system and example.

Step 3: Add a new partition for myknowpega

I added the suffix as o stands for organization.

To save, do ctrl+s or file->save

Now, you should restart the server to view the partition details in the studio LDAP browser.

Once done, refresh the node, by right clicking and reload entries.

You will smile like me 😛

We have successfully added partitions 😊

One last step, to add an entry to the partition

c) Add entry into the LDAP directory

Step 1: In the LDAP browser view, right click -> New -> New Entry

Step 2: You can either create an entry from scratch and do a copy from a template.

This is the first time I am creating, so from scratch

Step 3: Decide what type of objects you are going to add.

For my scenario, I need to capture the employees of myknowpega organization. You can always add multiple object classes. I added classes corresponding to person.