TinyLDAP Configuration

TinyLDAP is a minimalistic LDAP server. Here is how to get a minimal User-Management running through TinyLDAP.

The following LDIF file sets up two groups (admin and user) and two users (superman and batman). superman is member of both groups, batman is only member of the user group:

example.ldif

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organisation
o: Example Solutions
dc: example
 
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
 
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
 
dn: cn=user,ou=Groups,dc=example,dc=com
objectClass: posixGroup
description: Common Users
gidNumber: 2000
cn: user
 
dn: cn=admin,ou=Groups,dc=example,dc=com
objectClass: posixGroup
description: Administrators
cn: admin
gidNumber: 2001
memberUid: superman
 
dn: uid=superman,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Clark Kent
givenName: Clark
sn: Kent
uid: superman
userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg==
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/superman
loginShell: /bin/bash
mail: superman@example.com
 
dn: uid=batman,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Bruce Wayne
givenName: Bruce
sn: Wayne
uid: batman
userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg==
uidNumber: 2001
gidNumber: 2000
homeDirectory: /home/batman
loginShell: /bin/bash
mail: batman@example.com

To run tinyldap with the above user data you need to prepare the data file (called example below) and add the needed indexes to it:

parse example.ldif example
addindex example uid if
addindex example memberUID if
addindex example gidNumber f
addindex example dn if
addindex example objectClass if

You then can run one of the three tinyldap binaries with the created data file. While configuring I recommend to use the tinyldap_debug binary.

Finally, the following should be put into your local.protected.php file:

conf/local.protected.php

$conf['authtype']    = 'ldap';
$conf['auth']['ldap']['server']      = 'localhost'; # important! ldap:// style connection doesn't work!
$conf['auth']['ldap']['usertree']    = 'ou=People, dc=example, dc=com';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups, dc=example, dc=com';
$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';