OpenLDAP for Windows

By

Tony

,

This is a very simple article to keep small bits of info about installing OpenLDAP for Windows. I am using the version available from UserBooster as it seemed to work quite well for me.

Resources

OpenLDAP for Windows from UserBooster

http://userbooster.de/en/download/openldap-for-windows.aspx

The licensing for OpenLDAP for Windows from UserBooster states: “OpenLDAP for Windows is free for private and commercial use.

OpenLDAP ProjectOpenLDAP Project Logo

http://www.openldap.org/

 

Setup

1. Download OpenLDAP for Windows, I used: 

OpenLDAP 2.4.34
2. Run the installer and accept all the defaults. This will install both the VC++ runtime and MIT Kerberos for Windows: 

OpenLDAP for Windows
3. The default installs the following: 

OpenLDAP for Windows
4. One of the things that frustrated me is that it installs MIT Kerberos which is fine except the default behavior is to popup each day to remind you the certificates are expiring. It does appear these are renewed automatically so I really don’t need to see the popup all the time.After OpenLDAP is installed I suggest yo open “MIT Kerberos Ticket Manager”, you will find it under “Programs | Kerberos For Windows (32bit)”. This is done through the “Options” tab: 
5. Open a DOS box in the root directory of OpenLDAP and run the following:

ClientTools\ldapmodify.exe -a -x -D "cn=Manager,dc=maxcrc,dc=com" -w  <mypassword> -f maxcrc.ldif
  • Obviously you would change “<mypassword>” to the password you set when you installed OpenLDAP.

Start over

Should you find you stuffed it all up and want to reset the database just stop the “OpenLDAP Service” Windows service. then delete all the files in the “\data” subdirectory of OpenLDAP and your database is back to scratch.

If you want to understand what the bind user is just look at “slapd.conf” in the root of the OpenLDAP root directory and look for:

rootdn        “cn=Manager,dc=maxcrc,dc=com”

 Custom Setups

I won’t go into detail but suffice to say you can setup OpenLDAP to have any default root you want and any default binddn by editing slapd.conf and deleting the database as described above. So you don’t have to use the domain “maxcrc.com” !

Related
Recent