In part 1 of this series, I covered installing the Apache Directory Server (ApacheDS), an open source LDAP server and in part 2, I discussed configuring the Apache Directory Studio application to connect to your ApacheDS instance. In this third part, I will look at replacing the default Example schema in ApacheDS with a new one, and adding a new organizational unit to the directory.
When you first open Apache Directory Studio, on the left side of the screen under the LDAP browser tab, you’ll see a DIT (Directory Information Tree) hierarchy like the one illustrated here. The ROOT DSE (Directory System Agent Server Entry) is the start of the tree and has no associated properties. Under that you will see four nodes. The first is the top level entry for a specific domain, denoted by “dc=”. In this case, there are two dc (domain component) parameters, that together indicate that is domain is: example.com. Below that are three more nodes which define system and schema settings (ou-config, ou=schema and ou=system). There is a significant amount of detail contained here, and its outside the scope of what I am trying to cover. Please check the ApacheDS website for more explanations.
CHANGE THE DIT entry
In the bottom left panel of the Directory Studio window, click on the Connections tab if its not active. Then right click the ApacheDS entry and choose “Open Configuration” from the menu that appears. The center pane will change and display the server information.
Change the ID box to the name you want to use. For my purposes, I’ll use my name. Then in the Suffix box, change the DC setting to your domain name. Click FILE -> SAVE to save your updated Configuration file. Restart your server.
ADD NEW ENTRY – ORGANIZATIONAL UNIT
After your server restarts, reconnect to it using Apache Directory Studio. Open the DIT tree, and right click on the new dc entry you created above. Chose New -> New Entry from the menu that appears. You’ll be prompted to select : Create entry from scratch or Use existing entry as a template. For right now, leave New Entry from Scratch selected, and click NEXT at the bottom of the window.
Scroll through the list of available object classes on the left, until you find organizationalUnit. (Organizational Units are distinct groups of related entities in the organization. For this example, I am creating an OU of employees.) Click organizationalUnit once to highlight it, and then click the ADD button in the middle. Two entries will be added to the right side of the screen: organizationalUnit and top. Click NEXT at the bottom of the screen.
The window will change to the Distinguished Name screen. The parent field will be filled out with the area of the tree where you clicked to access the add a New Entry menu. If you have the wrong spot in the tree, click the BROWSE button and you will see a new window allowing you to navigate through the existing tree. For my purposes I am working at the top of the tree which is fine. In the RDN section, drop the list down and choose ou from the list of available attributes. In the field after the equals sign I entered “employees”
From the drop down list you can see there are a number of additional attributes you can add. In my case, only OU was currently needed. If you accidentally add a line to the RDN section, the DN preview line will say “RDN is invalid” and you will not be able to proceed. To fix it, click the Minus button next to the blank line. If the RDN line populates successfully, click NEXT at the bottom of the window.
The window will update and be replaced with the Attributes section. For the Attributes here, make sure there are values entered on the right. The window description here says you have to “Enter at least the MUST attributes”. While not defined here, MUST attributes are those that are in bold text. Generally MUST attributes are those that a child object has in common with its parent (inherits them from the parent).
In this case all MUST attributes are filled in, so go ahead and click FINISH. A short message will appear in the window indicating the LDAP tree is being updated, and once completed, the window will close. Your LDAP tree will show the new organizationalUnit of “employees”.
Congratulations! You’ve created your first Entry in your tree. In the final part of this series, we’ll walk through adding users to your LDAP tree and setting passwords for them.