26 Jul 2013

Using 389 Directory Server with Apache Syncope

Written by apatricelli

389 Directory Server is an Open Source LDAP server by Fedora, valid alternative to other implementations like as Apache DS, OpenLDAP or OpenDJ: let's see how to install it and use it with Apache Syncope.

Installation and Configuration

1. To install 389 Directory Server on Ubuntu, run:

$ sudo apt-get install 389-*

2. before going into setup we need to modify permissions of two folders and to add a new user that will be associated to new LDAP service:

$ sudo useradd fds 
$ sudo chown fds:fds -R /var/lock/dirsrv/ /var/lib/dirsrv

3. run 389 DS setup:

$ sudo setup-ds-admin

Here provide fds as user, 1389 as LDAP port, and dc=tirasa,dc=net as base context.

4. After correct installation and startup we can effectively create the root object on LDAP:

[root@fedora ~]# ldapmodify -a -D "cn=Directory Manager" -p 1389 -h localhost -w password
              dn: dc=tirasa,dc=net
              objectclass: domain
              dc: tirasa
              adding new entry "dc=tirasa,dc=net"

389 as Syncope resource

This post should be enough to configure and use 389 Directory Server with Apache Syncope; only, you might want to enable the changelog in order to empower actual synchronization.

In order to enable the changelog in 389 DS you need to create an LDIF file with the following content:

dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
              changetype: modify
              replace: nsslapd-pluginEnabled
              nsslapd-pluginEnabled: on

then import it via:

$ ldapmodify -h server.example.com -p 1389 -D "cn= directory manager" -w password -f retro.ldif

and restart DS:

$ sudo service dirsrv restart

At this point you should get an LDAP tree similar to the image below:




« Return