Project 6 - LDAP

CSCI-4220 Network Programming

Spring 1999

Project 6 - LDAP client
Due Date: ?

LDAP Client

This project involves learning about LDAP, specifically about the structure of the information provided by an LDAP server and about the LDAP Application Programming Interface. A LDAP server and sample database is provided, you need to write a client that can extract some specific information from the database and make changes as well.

OpenLDAP Distribution: The OpenLDAP distribution has been installed on monica.cs.rpi.edu in ~hollingd/ldap. This distribution includes an LDAP server (called slapd) that you will use to test your LDAP client. A number of scripts have been provided so that you can easily run the server as well as some sample clients - it would be a good idea to play with these a bit before starting (to get an understanding of how LDAP works). All the source code for the OpenLDAP distribution is available - feel free to use whatever you can.

Slapd: The LDAP server is currently configured to run in ~hollingd/ldap/Netprog, since you don't have write permissions in this directory you will need to make a copy of this directory, and to update the slapd configuration file before you can run the server.

To make a copy of the ldap server directory in ~/P6:

> cd make sure you start in your home directory

> mkdir P6 create a directory named P6

> cd P6

> cp -r /cs/hollingd/ldap/Netprog . make a copy of the slapd directory

Now you need to edit the LDAP server configuration file. The file is named slapd.conf, you need to change the following line:

directory       /cs/hollingd/ldap/Netprog

to point to the directory you just created (/cs/yourid/P6/Netprog).

The configuration file is set up to allow anyone to access and change any record in the database, this means you don't have to set up any of the fancy authentication mechanisms that can be supported. Feel free to change this if you want to look at LDAP authentication (but it's not required).

The sample database includes records for the course Netprog99, including records for students, instructors and cookies (of course). The hierarchy is as follows:

College
- Course
  - Group
    - Students
    - Instructors
    - Cookies

A sample Distinguished Name (dn) in this hierarchy is (corresponding to me):

cn=Dave Hollinger, group=Instructors, course=Netprog, college=RPI

a dn for Joe Student would be:

cn=Joe Student, group=Students, course=Netprog, college=RPI

and a dn for a good cookie:

cn=Chocolate Chip, group=Cookies, course=Netprog, college=RPI

Note that this hierarcy strays from the "traditional" heirarchy used in just about all the LDAP literature. In the traditional hierarcy the top level is country (c), the next level is organization (o), followed by organizational unit (ou). It is important to realize that these reflect a commonly used hierarchy, but are not part of LDAP.

The sample database is in the file "netprog.ldif", the format of this file is described in the man page for ldif (you don't need to understand it to be able to do this assignment) and this file is converted to a dbm database using ldif2ldbm (slapd uses the dbm files not the ldif file). You can look at the file netprog.ldif to see what records are in the database, but changing the file won't change anything available via the slapd server (unless you run ldif2ldbm).

To start up the server (after you've changed slapd.conf) you run the slapd program like this:

> /cs/hollingd/ldap/libexec/slapd -d 10 -p 3333 -f slapd.conf

The "-d 10" option tells slapd to run in the foreground and to print out some debugging information. If you change 10 to 1 it will print out less, if you use "-d 65535" it will print out all kinds of stuff. The "-p 3333" tells the server to run on port 3333, if you don't specify a port number this way it will try to bind to port 389 (the default LDAP port number) and fail.

Sample Clients: There are a number of sample client that come with the OpenLDAP distribution - they are all in /cs/hollingd/ldap/bin. Man pages for each is in /cs/hollingd/ldap/man - to add this to your MANPATH do the following (assuming you are using bash):

export MANPATH=$MANPATH:/cs/hollingd/ldap/man

After setting your MANPATH you can do

man ldapsearch

(or whatever). There is also some documentation on the OpenLDAP software at www.openldap.org and the entire OpenLDAP distribution is in /cs/hollingd/ldap/dist/.

Assignment: For this project you need to write an LDAP client (or clients) that do the following:

Look up the email address of any person. For example a program named emaillookup that might work like this:
```
> emaillookup monica 3333 "Dave Hollinger"
hollingd@cs.rpi.edu
```
In this case monica is the host running the LDAP server on port 3333.
Write a client that will change the email address of a person. For example a program named emailchange that might work like this:
```
> emailchange monica 3333 "Dave Hollinger" hollid2@rpi.edu
Old address: hollingd@cs.rpi.edu
New address: hollid2@rpi.edu
> emaillookup monica 3333 "Dave Hollinger"
hollid2@rpi.edu
```
In this case monica is the host running the LDAP server on port 3333, and the emailchange program changed the email address associated with the person "Dave Hollinger".

Hints, Suggestions:

Read (at least partially) the following RFCs:
Start with the sample client code in RFC1823, add what you need. This code is available in /cs/hollingd/ldap/Netprog/sample_client - the Makefile is set up to compile it on our system, but the code itself won't do much since it doesn't point to a real server, etc. You need to include the libraries found in the Makefile in any client you build.

`> cd`	make sure you start in your home directory
`> mkdir P6`	create a directory named P6
`> cd P6`
`> cp -r /cs/hollingd/ldap/Netprog .`	make a copy of the slapd directory

CSCI-4220 Network Programming

Project 6 - LDAP client Due Date: ?

LDAP Client

Project 6 - LDAP client
Due Date: ?