Ir al contenido principal

This is my blog, more about me at marianoguerra.github.io

🦋 @marianoguerra.org 🐘 @marianoguerra@hachyderm.io 🐦 @warianoguerra

Testing erlang ldap lib eldap with local ldap server the easy way

First we need to pick an ldap server to run, I've heard horror stories about setting up ldap servers locally for testing purposes so I was surpised by how easy it was to setup a ldap server using Apache Directory Studio which is a kind of Visual Tool to manage Apache Directory from an Eclipse based UI.

We start by downloading it from the Apache Directory Download Page

After downloading and unpacking it (snippet for the lazy linux users):

wget http://mirrors.fe.up.pt/pub/apache//directory/studio/dist/2.0.0.v20130628/ApacheDirectoryStudio-linux-x86_64-2.0.0.v20130628.tar.gz

tar -xzf ApacheDirectoryStudio-linux-x86_64-2.0.0.v20130628.tar.gz

Now we start it, in my case I had some segfaults as noted on the download page so I had to add the variable declaration before, it works for fedora, you may have to change the path a little:

GTK2_RC_FILES=/usr/share/themes/Raleigh/gtk-2.0/gtkrc ./ApacheDirectoryStudio

Now that we have it running we will see something like this:

/galleries/code/ldap-erlang/1-first-session.png

We first create a new server by clicking on new server on the bottom left:

/galleries/code/ldap-erlang/2-new-server.png

We pick "ApacheDS 2.0.0" just because we like to be in the bleeding edge (?):

/galleries/code/ldap-erlang/3-select-version.png

If we double click the created server we can see the config, I leave everything as default:

/galleries/code/ldap-erlang/4-server-config.png

We now start the server by clicking the green run button on the bottom left:

/galleries/code/ldap-erlang/5-server-run.png

Then we want to create a connection, we do that by right clicking the server and selecting "Create a Connection":

/galleries/code/ldap-erlang/6-create-connection.png

Then we connect:

/galleries/code/ldap-erlang/7-open-connection.png

Now we can see the details of the server on the top left panel, we click the entry named "dc=example,dc=com" (in my case, if you changed the config it may be different for you.

on the pop up menu we pick "New -> New Entry":

/galleries/code/ldap-erlang/8-new-dc-entry.png

On the dialog we select "Create entry from scratch" and click next:

/galleries/code/ldap-erlang/9-from-scratch.png

We want to create an organization unit to hold our users so we start typing "org" on the "Available object classes" entry until we see the entry "organizationalUnit":

/galleries/code/ldap-erlang/10-organization-unit.png

We select it and click the "Add" button, when the right panel is populated we click "Next >"

/galleries/code/ldap-erlang/11-org-unit-add-next.png

On the next step of the dialog we enter "ou" on the RDN entry and "users" on the right side and click "Next >"

/galleries/code/ldap-erlang/12-ou-users.png

On the next step we click "Finish"

/galleries/code/ldap-erlang/13-users-finish.png

Now we want to create a new user under our "users" organization unit, to do that we right click ont he users ou and again select "New -> New Entry" and pick "Create entry from scratch" and then "Next >".

/galleries/code/ldap-erlang/14-create-inet-org-person.png

after that we look for the object class "inetOrgPerson" and click "Add" and then "Next >":

/galleries/code/ldap-erlang/15-add-next.png

On the next step we enter uid as RDN and the username as value on the right side, in my case it will be mariano because I'm egocentric :P

/galleries/code/ldap-erlang/16-user-uid.png

Then we click "Next >" and on the next step we fill cn (Common Name) and sn (Surename) and click "Finish"

by the way, dc is Domain Component and dn is Distinguished Name ;)

/galleries/code/ldap-erlang/17-set-cn-sn.png

Now we have our first user but it doesn't have a password, let's set it by double clicking the user on the top left pannel and clicking the "New Attribute" on the bar at the top of the center panel:

/galleries/code/ldap-erlang/18-user-new-attr-user-password.png

On the dialog that opens we pick "Attribute type" "userPassword" and click "Next >"

/galleries/code/ldap-erlang/19-select-user-password-next.png

We enter a password:

/galleries/code/ldap-erlang/20-set-password-ok.png

And that's it, we have a user with a password inside an organization unit!

/galleries/code/ldap-erlang/21-user-result.png

Now that we have the server running and one user we can code some erlang to try it.

Most of the code was taken from the Erlang Central Article "How To Talk LDAP from Erlang"

1> Host = "127.0.0.1".
"127.0.0.1"
2> Port = 10389.
10389
3> {_,S} = eldap:open([Host], [{port, Port}]).
{ok,<0.37.0>}
4> UserRest = "ou=users,dc=example,dc=com".
"ou=users,dc=example,dc=com"
5> Username = "mariano".
"mariano"
6> Password = "secret".
"secret"
7> DN = "uid=" ++ Username ++ "," ++ UserRest.
"uid=mariano,ou=users,dc=example,dc=com"
8>
8> eldap:simple_bind(S, DN, Password).
ok
9> eldap:simple_bind(S, DN, "anothersecret").
{error,invalidCredentials}

and that's the basics, there's some more code in the article were this code was based.

You can also find the docs for the eldap library in the erlang documentation for eldap