# Installation :
sudo apt install slapd ldap-utils
# Chargement des schémas de base (sans doute déjà chargés) :
sudo ldapadd -H ldapi:/// -Y EXTERNAL -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -H ldapi:/// -Y EXTERNAL -f /etc/ldap/schema/nis.ldif
sudo ldapadd -H ldapi:/// -Y EXTERNAL -f /etc/ldap/schema/inetorgperson.ldif
# Affiche la configuration (id 1 sur ce système) :
sudo ldapsearch -H ldapi:/// -Y EXTERNAL -b 'olcDatabase={1}mdb,cn=config'
# Autorise seulement root à modifier la base de données et voir les mots de passe, les autres peuvent tout lire (sauf les mots de passe) :
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f basic-rights.ldif
# Add a "People" organization unit:
sudo ldapadd -H ldapi:/// -Y EXTERNAL -f basic-hierarchy.ldif
# Add a simple person:
sudo ldapadd -H ldapi:/// -Y EXTERNAL -f add-user.ldif
# Liste toutes les entrées de l'annuaire :
sudo ldapsearch -H ldapi:/// -Y EXTERNAL -b 'dc=homelab'
# Définit le mot de passe de user1 :
sudo ldappasswd -H ldapi:/// -Y EXTERNAL -S "cn=User 1,ou=People,dc=homelab"
- basic-rights.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by anonymous auth by * none
olcAccess: {1}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by * read
- basic-hierarchy.ldif
dn: ou=People,dc=homelab
objectClass: organizationalUnit
ou: Personnes
- add-user.ldif
dn: cn=User 1,ou=People,dc=homelab
cn: User 1
givenName: User1
sn: Test
uid: user1
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/user1
mail: user1@mail.homelab
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount