Today I had to install a new iFolder server in a VMWare ESX environment. It was a  little more difficult than I expected it to be.  Everything from the mono .Net layer, to openLDAP, to iFolder over SSL had it’s own little challenges.  Hopefully this step by step will help a few of you out getting this very slick personal backup and file sharing solution installed and running.

• Step 1 – Virtual Machine Setup
  
• Step 2 – Finalize the LDAP server (you are here)
• Step 3 – Finalize the iFolder Web server

Step 2 – Finalize the LDAP Server

As you’ll recall in (if you don’t recall, don’t miss out on) step 1, we created a very basic OpenSUSE 10.3 installation and converted it to a template before the installation process completed.  I’m going to move on from there with the LDAP server first.

In the VMWare Infrastructure Client I brought up the view of all the templates in my environment.  Right-clicking on my OPENSUSE10.3 template, I select “Deploy Virtual Machine from this template…”   The settings you enter in the Deploy Template Wizard will be very specific to your environment so I won’t cover them in detail here.  The only change I made after the deployment process completed was to disconnect the CD / DVD ISO because I won’t be needing it anymore.

Power on the virtual machine (mine is named IFOLDERLDAP01) and open up the console.

Finish Setup

OpenSUSE will detect that you have not completed the installation process and load up the YaST First run utility.

1. Set your root password, as always, set a good one.
2. Hostname and Domain name: This can anything you want, just remember what the settings are.  I always uncheck “Change hostname via DHCP”
3. Network configuration: You’ll need to set a static IP address, valid DNS servers, and a valid default gateway.
4. Test Internet Connection: I always skip this
5. Authentication Method: Even though we’ll be installing openldap, it’s not installed yet, so set the Authentication Method to local
6. New Local User: Enter in a default first user
7. Release Notes: select Next
8. Finish

At this point you should have a very basic OpenSUSE server up and running and connected to the Internet.  From here, we’ll install the LDAP server.  You should be back at the login prompt, so login as root, type “yast” (no quotes) and press enter.

Install required packages

In the YaST2 Control Center select Software -> Sofware Management.  Your system may update it’s cache at this point.  After a few moments you should see a list of installed software.  Open the search field and type “ldap”.  A list of results will show up, scroll down to openldap2 and press Shitf+=, this will place a + sign next to the package to it’s marked for installation.  Continue scrolling down to “yast2-ldap-server” and press Shift+=  Select Accept.  YaST will auto resolve a few dependencies.  You can accept the changes it suggests.    When the packages are finished being installed, you can exit out of Yast.

Now is a good time to update any basic system settings you normally would, I always update the sshd_config to it’s locked down much better than the default settings.  Also, if you’re running the SuSE Firewall, make sure you have TCP ports 22 and 389 open for SSH and basic LDAP connections.

Configure LDAP Server

Open up yast again and navigate to Network Services -> LDAP Server

Select “Yes” and go into the configuration, then highlight Databases and select “Add Database…”

On the Add Database screen, you’ll need to enter your Base DN, as well as the LDAP root password.  You can leave the Root DN with it’s default value if you like. After you’ve added the Database select Finish to close the LDAP Server Configuration window.

Back at the YaST main Control Center screen, I suggest going into Network Servers -> LDAP Browser to verify your LDAP server is running.

Access Credentials

• LDAP server: 127.0.0.1
• Administrator DN: cn=Administrator,dc=yourdomain,dc=com (use the domain name you entered)
• Password: the password you entered

Note: Make note of the Administrator DN, you’ll need it again in later steps.  Also, if given an TLS/SSL error, it’s okay to retry the connection without encryption enabled.

Exit out of YaST.

There are a few useful steps you can review over on OpenSUSE.org as well.  I do recommend checking the link out, but I’ll show you a different way, using YaST, to add users.

LDAP Client Configuration

In the YaST control center, go to Network Services -> LDAP Client.  In the User Authentication box select “Use LDAP”.  In the LDAP Client box change the LDAP Base DN to the domain you’re using, uncheck LDAP TLS/SSL, and then open up “Advanced Configuration…”

Change from the “Client Configuration” window you start in to “Administration Settings”.  In the Administrator DN field, enter in the same Administrator DN you recorded up in the Access Credentials section above.   Accept the Changes and then select Finish back on the LDAP Client Configuration window.

Here, YaST may notify you that a few missing packages need to be installed, go ahead and continue so they can be installed.

Add a User

First, you need to configure some basic user/group options for LDAP users.  In YaST, navigate to Security and Users -> User Management, then select LDAP Options -> LDAP User and Group Configuration. You’ll need to authenticate before you can proceed.  Notice the Administrator name is pre-populated with the Administrator DN you entered in the LDAP Client Configuration advanced settings.

A warning appears up that “No entry with DN”… exists, Create it Now? You should select Yes.  Select New, leave the susegroupconfiguration Object selected, enter “groupconfiguration”, and select OK

Leave all the default settings for the groupconfiguration.  Select New again, notice only the suseuserconfiguration object is availabe.  Enter, “userconfiguration”, and select OK.  Now, we’ll edit two values in the userconfiguration module.  Set suseminuniqueid to 10000, and set susenextuniqueid to 10000.  Select Accept when you’re finished with the changes.

Set the User Filter to LDAP Users.

Two warnings will appear that No entry with DN…. exists, select Yes for each one and continue.

Select Add, and enter the user information, First Name, Last Name, Username, Password, Confirm Password.  Before selecting Accept, change to the Plug-Ins screen.

Highlight the “Edit Remaining LDAP Attributes” and select Launch, scroll down to the mail Setting, and enter the user’s email address.  Accept the changes, and select Accept again to create the user.

Let’s create a Group too.  The process is pretty much the same as users.  Change over to the groups screen, set the filter to LDAP groups, and Add a new group.  I’ll call mine, “iFolderUsers”, and add the user I just created to the group.

You can add more users and groups here if you like, but at this point, I think I’m done with the LDAP server.  Time to move on to Step 3.

• Step 1 – Virtual Machine Setup
  
• Step 2 – Finalize the LDAP server (you are here)
• Step 3 – Finalize the iFolder Web server