Networking terms in basic level

Basics of Computer Networking

Open system:
A system which is connected to the network and is ready for communication.

Closed system:
A system which is not connected to the network and can’t be communicated with.

Computer Network:
It is the interconnection of multiple devices, generally termed as Hosts connected using multiple paths for the purpose of sending/receiving data or media.
There are also multiple devices or mediums which helps in the communication between two different devices which are known as Network devices. Ex: Router, Switch, Hub, Bridge.

The layout pattern using which devices are interconnected is called as network topology. Such as Bus, Star, Mesh, Ring, Daisy chain.

OSI:
OSI stands for Open Systems Interconnection. It is a reference model that specifies standards for communications protocols and also the functionalities of each layer.

Protocol:
A protocol is the set of rules or algorithms which define the way how two entities can communicate across the network and there exists different protocol defined at each layer of the OSI model. Few of such protocols are TCP, IP, UDP, ARP, DHCP, FTP and so on.

UNIQUE IDENTIFIERS OF NETWORK
Host name:
Each device in the network is associated with a unique device name known as Hostname.
Type “hostname” in the command prompt(Administrator Mode) and press ‘Enter’, this displays the hostname of your machine.

IP Address (Internet Protocol address):
Also, known as the Logical Address, is the network address of the system across the network.
To identify each device in the world-wide-web, Internet Assigned Numbers Authority (IANA) assigns IPV4 (Version 4) address as a unique identifier for each device on the Internet.
Length of the IP address is 32-bits. (Hence we have 232 IP addresses available.)
Type “ipconfig” in the command prompt and press ‘Enter’, this gives us the IP address of the device.

MAC Address (Media Access Control address):
Also known as physical address, is the unique identifier of each host and is associated with the NIC (Network Interface Card).
MAC address is assigned to the NIC at the time of manufacturing.
Length of the MAC address is : 12-nibble/ 6 bytes/ 48 bits
Type “ipconfig/all” in the command prompt and press ‘Enter’, this gives us the MAC address.

Cloud Computing - AWS Introduction

What is Cloud Computing?

Cloud computing is a term referred to storing and accessing data over the internet. It doesn't store any data on the hard disk of your personal computer. In cloud computing, you can access data from a remote server.

What is AWS?

Amazon web service is a platform that offers flexible, reliable, scalable, easy-to-use and cost-effective cloud computing solutions.

AWS is a comprehensive, easy to use computing platform offered Amazon. The platform is developed with a combination of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

History of AWS

• 2002- AWS services launched
• 2006- Launched its cloud products
• 2012- Holds first customer event
• 2015- Reveals revenues achieved of $4.6 billion
• 2016- Surpassed $10 billon revenue target
• 2016- Release snowball and snowmobile
• 2019- Offers nearly 100 cloud services

Important AWS Services

Amazon Web Services offers a wide range of different business purpose global cloud-based products. The products include storage, databases, analytics, networking, mobile, development tools, enterprise applications, with a pay-as-you-go pricing model.

Important AWS Services

Here, are essential AWS services.

AWS Compute Services

Here, are Cloud Compute Services offered by Amazon:

1. EC2(Elastic Compute Cloud) - EC2 is a virtual machine in the cloud on which you have OS level control. You can run this cloud server whenever you want.
2. LightSail -This cloud computing tool automatically deploys and manages the computer, storage, and networking capabilities required to run your applications.
3. Elastic Beanstalk —  The tool offers automated deployment and provisioning of resources like a highly scalable production website.
4. EKS (Elastic Container Service for Kubernetes) — The tool allows you to Kubernetes on Amazon cloud environment without installation.
5. AWS Lambda — This AWS service allows you to run functions in the cloud. The tool is a big cost saver for you as you to pay only when your functions execute.

Migration

Migration services used to transfer data physically between your datacenter and AWS.

1. DMS (Database Migration Service) -DMS service can be used to migrate on-site databases to AWS. It helps you to migrate from one type of database to another — for example, Oracle to MySQL.
2. SMS (Server Migration Service) - SMS migration services allows you to migrate on-site servers to AWS easily and quickly.
3. Snowball — Snowball is a small application which allows you to transfer terabytes of data inside and outside of AWS environment.

Storage

1. Amazon Glacier- It is an extremely low-cost storage service. It offers secure and fast storage for data archiving and backup.
2. Amazon Elastic Block Store (EBS)- It provides block-level storage to use with Amazon EC2 instances. Amazon Elastic Block Store volumes are network-attached and remain independent from the life of an instance.
3. AWS Storage Gateway- This AWS service is connecting on-premises software applications with cloud-based storage. It offers secure integration between the company's on-premises and AWS's storage infrastructure.

Security Services

1. IAM (Identity and Access Management) —  IAM is a secure cloud security service which helps you to manage users, assign policies, form groups to manage multiple users.
2. Inspector — It is an agent that you can install on your virtual machines, which reports any security vulnerabilities.
3. Certificate Manager — The service offers free SSL certificates for your domains that are managed by Route53.
4. WAF (Web Application Firewall) — WAF security service offers application-level protection and allows you to block SQL injection and helps you to block cross-site scripting attacks.
5. Cloud Directory — This service allows you to create flexible, cloud-native directories for managing hierarchies of data along multiple dimensions.
6. KMS (Key Management Service) — It is a managed service. This security service helps you to create and control the encryption keys which allows you to encrypt your data.
7. Organizations — You can create groups of AWS accounts using this service to manages security and automation settings.
8. Shield — Shield is managed DDoS (Distributed Denial of Service protection service). It offers safeguards against web applications running on AWS.
9. Macie — It offers a data visibility security service which helps classify and protect your sensitive critical content.
10. GuardDuty —It offers threat detection to protect your AWS accounts and workloads.

Database Services

1. Amazon RDS- This Database AWS service is easy to set up, operate, and scale a relational database in the cloud.
2. Amazon DynamoDB- It is a fast, fully managed NoSQL database service. It is a simple service which allow cost-effective storage and retrieval of data. It also allows you to serve any level of request traffic.
3. Amazon ElastiCache- It is a web service which makes it easy to deploy, operate, and scale an in-memory cache in the cloud.
4. Neptune- It is a fast, reliable and scalable graph database service.
5. Amazon RedShift - It is Amazon's data warehousing solution which you can use to perform complex OLAP queries.

Analytics

1. Athena — This analytics service allows perm SQL queries on your S3 bucket to find files.
2. CloudSearch — You should use this AWS service to create a fully managed search engine for your website.
3. ElasticSearch — It is similar to CloudSearch. However, it offers more features like application monitoring.
4. Kinesis — This AWS analytics service helps you to stream and analyzing real-time data at massive scale.
5. QuickSight —It is a business analytics tool. It helps you to create visualizations in a dashboard for data in Amazon Web Services. For example, S3, DynamoDB, etc.
6. EMR (Elastic Map Reduce) —This AWS analytics service mainly used for big data processing like Spark, Splunk, Hadoop, etc.
7. Data Pipeline — Allows you to move data from one place to another. For example from DynamoDB to S3.

Management Services

1. CloudWatch — Cloud watch helps you to monitor AWS environments like EC2, RDS instances, and CPU utilization. It also triggers alarms depends on various metrics.
2. CloudFormation — It is a way of turning infrastructure into the cloud. You can use templates for providing a whole production environment in minutes.
3. CloudTrail — It offers an easy method of auditing AWS resources. It helps you to log all changes.
4. OpsWorks — The service allows you to automated Chef/Puppet deployments on AWS environment.
5. Config — This AWS service monitors your environment. The tool sends alerts about changes when you break certain defined configurations.
6. Service Catalog — This service helps large enterprises to authorize which services user will be used and which won't.
7. AWS Auto Scaling — The service allows you to automatically scale your resources up and down based on given CloudWatch metrics.
8. Systems Manager — This AWS service allows you to group your resources. It allows you to identify issues and act on them.
9. Managed Services—It offers management of your AWS infrastructure which allows you to focus on your applications.

Internet of Things

1. IoT Core— It is a managed cloud AWS service. The service allows connected devices like cars, light bulbs, sensor grids, to securely interact with cloud applications and other devices.
2. IoT Device Management — It allows you to manage your IoT devices at any scale.
3. IoT Analytics — This AWS IOT service is helpful to perform analysis on data collected by your IoT devices.
4. Amazon FreeRTOS — This real-time operating system for microcontrollers helps you to connect IoT devices in the local server or into the cloud.

Application Services

1. Step Functions — It is a way of visualizing what's going inside your application and what different microservices it is using.
2. SWF (Simple Workflow Service) — The service helps you to coordinate both automated tasks and human-led tasks.
3. SNS (Simple Notification Service) — You can use this service to send you notifications in the form of email and SMS based on given AWS services.
4. SQS (Simple Queue Service) — Use this AWS service to decouple your applications. It is a pull-based service.
5. Elastic Transcoder — This AWS service tool helps you to changes a video's format and resolution to support various devices like tablets, smartphones, and laptops of different resolutions.

Deployment and Management

1. AWS CloudTrail: The services records AWS API calls and send backlog files to you.
2. Amazon CloudWatch: The tools monitor AWS resources like Amazon EC2 and Amazon RDS DB Instances. It also allows you to monitor custom metrics created by user's applications and services.
3. AWS CloudHSM: This AWS service helps you meet corporate, regulatory, and contractual, compliance requirements for maintaining data security by using the Hardware Security Module(HSM) appliances inside the AWS environment.

Developer Tools

1. CodeStar — Codestar is a cloud-based service for creating, managing, and working with various software development projects on AWS.
2. CodeCommit —  It is AWS's version control service which allows you to store your code and other assets privately in the cloud.
3. CodeBuild — This Amazon developer service help you to automates the process of building and compiling your code.
4. CodeDeploy — It is a way of deploying your code in EC2 instances automatically.
5. CodePipeline — It helps you create a deployment pipeline like testing, building, testing, authentication, deployment on development and production environments.
6. Cloud9 —It is an Integrated Development Environment for writing, running, and debugging code in the cloud.

Mobile Services

1. Mobile Hub — Allows you to add, configure and design features for mobile apps.
2. Cognito — Allows users to signup using his or her social identity.
3. Device Farm — Device farm helps you to improve the quality of apps by quickly testing hundreds of mobile devices.
4. AWS AppSync —It is a fully managed GraphQL service that offers real-time data synchronization and offline programming features.

Business Productivity

1. Alexa for Business — It empowers your organization with voice, using Alexa. It will help you to Allows you to build custom voice skills for your organization.
2. Chime — Can be used for online meeting and video conferencing.
3. WorkDocs — Helps to store documents in the cloud
4. WorkMail — Allows you to send and receive business emails.

Desktop & App Streaming

1. WorkSpaces — Workspace is a VDI (Virtual Desktop Infrastructure). It allows you to use remote desktops in the cloud.
2. AppStream — A way of streaming desktop applications to your users in the web browser. For example, using MS Word in Google Chrome.

Artificial Intelligence

1. Lex — Lex tool helps you to build chatbots quickly.
2. Polly —  It is AWS's text-to-speech service allows you to create audio versions of your notes.
3. Rekognition  — It is AWS's face recognition service. This AWS service helps you to recognize faces and object in images and videos.
4. SageMaker — Sagemaker allows you to build, train, and deploy machine learning models at any scale.
5. Transcribe —  It is AWS's speech-to-text service that offers high-quality and affordable transcriptions.
6. Translate — It is a very similar tool to Google Translate which allows you to translate text in one language to another.

AR & VR (Augmented Reality & Virtual Reality)

1. Sumerian — Sumerian is a set of tool for offering high-quality virtual reality (VR) experiences on the web. The service allows you to create interactive 3D scenes and publish it as a website for users to access.

Customer Engagement

1. Amazon Connect — Amazon Connect allows you to create your customer care center in the cloud.
2. Pinpoint — Pinpoint helps you to understand your users and engage with them.
3. SES (Simple Email Service) — Helps you to send bulk emails to your customers at a relatively cost-effective price.

Game Development

1. GameLift- It is a service which is managed by AWS. You can use this service to host dedicated game servers. It allows you to scale seamlessly without taking your game offline.

Applications of AWS services

Amazon Web services are widely used for various computing purposes like:

• Web site hosting
• Application hosting/SaaS hosting
• Media Sharing (Image/ Video)
• Mobile and Social Applications
• Content delivery and Media Distribution
• Storage, backup, and disaster recovery
• Development and test environments
• Academic Computing
• Search Engines
• Social Networking

Companies using AWS

• Instagram
• Zoopla
• Smugmug
• Pinterest
• Netflix
• Dropbox
• Etsy
• Talkbox
• Playfish
• Ftopia

Advantages of AWS

Following are the pros of using AWS services:

• AWS allows organizations to use the already familiar programming models, operating systems, databases, and architectures.
• It is a cost-effective service that allows you to pay only for what you use, without any up-front or long-term commitments.
• You will not require to spend money on running and maintaining data centers.
• Offers fast deployments
• You can easily add or remove capacity.
• You are allowed cloud access quickly with limitless capacity.
• Total Cost of Ownership is very low compared to any private/dedicated servers.
• Offers Centralized Billing and management
• Offers Hybrid Capabilities
• Allows you to deploy your application in multiple regions around the world with just a few clicks

Disadvantages of AWS

• If you need more immediate or intensive assistance, you'll have to opt for paid support packages.
• Amazon Web Services may have some common cloud computing issues when you move to a cloud. For example, downtime, limited control, and backup protection.
• AWS sets default limits on resources which differ from region to region. These resources consist of images, volumes, and snapshots.
• Hardware-level changes happen to your application which may not offer the best performance and usage of your applications.

Best practices of AWS

• You need to design for failure, but nothing will fail.
• It's important to decouple all your components before using AWS services.
• You need to keep dynamic data closer to compute and static data closer to the user.
• It's important to know security and performance tradeoffs.
• Pay for computing capacity by the hourly payment method.
• Make a habit of a one-time payment for each instance you want to reserve and to receive a significant discount on the hourly charge.

Basic Networking

Introduction

This document covers the basics of how networking works, and how to use different devices to build networks. Computer networking has existed for many years, and as time has passed the technologies have become faster and less expensive. Networks are made up of various devices—computers, switches, routers—connected together by cables or wireless signals. Understanding the basics of how networks are put together is an important step in building a wireless network in a community or neighborhood.

This module covers the concepts of:

1. Clients and servers—how services such as e-mail and web pages connect using networks.
2. IP addresses—how devices on a network can be found.
3. Network hubs, switches and cables—the hardware building blocks of any network.
4. Routers and firewalls—how to organize and control the flow of traffic on a network.

Reading through this material should take between half an hour to an hour. Exploring the activities and details of the subject with a group will take longer.

Clients and Servers

An important relationship on networks is that of the server and the client. A server is a computer that holds content and services such as a website, a media file, or a chat application. A good example of a server is the computer that holds the website for Google’s search page: http://www.google.com. The server holds that page, and sends it out when requested.

A client is a different computer, such as your laptop or cell phone, that requests to view, download, or use the content. The client can connect over a network to exchange information. For instance, when you request Google’s search page with your web browser, your computer is the client.

In the example below, two computers are connected together with an Ethernet cable. These computers are able to see each other and communicate over the cable. The client computer asks for a website from the server computer. The website is delivered from the server, and displayed on the client’s web browser.

Most requests and content delivery on networks are similar to, or are based on, a client to server relationship. On a network, the server can be located almost anywhere, and if the client has the address, it can access the content on the server.

Activity: What is one real world example of a client and server relationship:

Client: _________________


Server:_________________

Example:
client: radio receiver in your car
server: radio station

IP Addresses

In order to send and direct data across a network, computers need to be able to identify destinations and origins. This identification is an IP—Internet Protocol—address. An IP address is just a set of four numbers between 1 and 254, separated by dots. An example of an IP address is 173.194.43.7.

An IP address is similar to a street address. Parts of the address describe where in the world the building is located, another part narrows it down to a state or city, then the area within that state or city, then the location on the street.

Below we can see 192.168.1 Street. On it are three houses:

The complete addresses for each of these houses is: 192.168.1.20, 192.168.1.21, and 192.168.1.22.

There are different classifications, or types of IP addresses. A network can be public, or it can be private. Public IP addresses are accessible anywhere on the Internet. Private IP addresses are not, and most are typically hidden behind a device with a public IP address.

Here we can see an example—a street with two buildings with public IP addresses—representing computers with addresses that are visible to the entire Internet. These buildings might be anywhere in the world, but their addresses are complete, so we know exactly where they are and can send messages to them.

To see an example of how public and private IP addresses are commonly used, let’s take another look at 192.168.1 Street. We have a new building on the street. That building has a public IP address, and a private IP address. There is also a fence that blocks the rest of the Internet from seeing and passing messages to addresses on the street.

The postal building controls messages that travel between the Internet and the street, keeping track of messages that leave the street, and directs return messages to the right house. On the street, it has the address 192.168.1.1, and on the Internet it has the address 74.10.10.50.

Activity: Find the IP addresses assigned to your computer, and your network.

What is the IP address for your computer? ____________________


Browse to http://ip.mayfirst.org/ 
and write down the IP address it reports: ____________________

Are these numbers the same, or different? Why?

Network Hubs and Switches

Traditionally, computers are connected to each other using cables—creating a network. The cable used most often is Ethernet, which consists of four pairs of wires inside of a plastic jacket. It is physically similar to phone cables, but can transport much more data.

But cables and computers alone do not make a good network, so one early solution was to use a network hub. The Ethernet cables from the computer connect to the device similar to the hub of a bike wheel—where all of the spokes come together in the center.

An example of how a hub works is shown below. Computer A wants to send a message to computer B. It sends the message through the Ethernet cable to the hub, then the hub repeats the message to all of the connected computers.

A network using a hub can slow down if many computers are sending messages, since they may try and send messages at the same time and confuse the hub. To help with this problem, networks began to use another device called a switch. Instead of repeating all messages that come in, a switch only sends the message to the intended destination. This eliminates the unnecessary repetition of the hub.

Using a switch, computer A sends a message to computer B—the other computers do not see the message. Those computers can send other messages at the same time without interfering.

Switches do have a limitation though—they only know about the addresses of equipment that is plugged directly into them. So, you can only send messages to a small number of devices—however many ports the switch has! If you need to send a message to a computer on another network, it will need to be sent through a router, which we discuss next.

Routers and Firewalls

Routers do the majority of the hard work on a network - they make the decisions about all the messages that travel on the network, and whether to pass messages to and from outside networks. There are three main functions:

	Separate and Bridge Routers separate networks into sections, or bridge different networks together, as we see in the example above—the private network of 192.168.1 Street is bridged to the Internet with a public IP address.
	Assign IPs They can assign IP addresses. In the example of 192.168.1 Street, if a new house is built on the street, it would get whatever the next highest house number available. In the case of routers, they assign IP addresses using DHCP—Dynamic Host Configuration Protocol.
	Firewall and Protect They can filter messages or keep users out of private networks. Most routers have a Firewall built in. This is a software function that keeps unwanted messages from reaching the computers on the inside, or private part, of the network.

Let us take another look at 192.168.1 Street, and the postal service building we included when it had a public address for the entire street. As it turns out, that postal service building is acting as a Router.

In this case, the postal service building is routing messages between the rest of the Internet using its public address and the street with private addresses.

Definitions

DHCP—Dynamic Host Configuration Protocol

It assigns IP addresses to client devices, such as desktop computers, laptops, and phones, when they are plugged into Ethernet or connect to Wireless networks.

Ethernet

A type of networking protocol—it defines the types of cables and connections that are used to wire computers, switches, and routers together. Most often Ethernet cabling is Category 5 or 6, made up of twisted pair wiring similar to phone cables.

Hub

A network device that repeats the traffic it receives to all connected devices.

Switch

A network device that sends traffic it receives to a specific connected device, such as a single desktop computer or laptop.

Router

A network device that can bridge between different networks, determine what traffic can pass between them, and perform other functions on a network, such as assigning IP addresses.

Firewall

A function typically performed by routers, this filters traffic between networks and can protect them from interference or attacks.

Basic Docker Commands

Docker – ‘A better way to build apps’, as stated on its website, is an open-source platform for building apps and microservices. The catch here is the automated deployment of your app in a container, by OS level virtualization provided by Dockers. Dockers are better than VMs as you can do away with the additional costs for maintaining and starting the latter. By deploying your app and its dependencies (i.e. the pre-requisite apps for its proper functioning) in a container, your app becomes portable during all the phases of development and testing. Moreover, the isolated apps eliminate conflicts, enable team collaboration, and reduce the time-to-market.

When Do You Need to Use a Docker?

• For replicating the environment on your server, while running your code locally on your laptop
• For Docker CI/CD during numerous development phases (dev/test/QA)
• For distributing your app’s OS with a team, and as a version control system.

How Do You Setup a Docker Locally

• Download a Docker edition and the Docker Toolbox
• Make sure your BIOS has Virtualization Technologies, AMD-V, or KVM enabled
• Install the Extension Pack in the Oracle VirtualBox.
• Run the Setup

How Do You Use a Docker?

The biggest advantage of VMs is that they create snapshots which can be revisited instantly later. Docker containers further enhance the lightweight process virtualization by being OS independent and using the Linux Kernel’s functionality. They are created from Docker images – like snapshots. Docker images are created using a Docker file which can be customized or used as is. The default execution driver for creating a docker container is ‘libcontainer’.  Docker Hub can be used for searching docker images and seeing the way they have been built.

• To create a Docker container, download the ‘hello world’ image, by typing the following command in the terminal –

$ docker run hello world

• For checking the number of images on your system, use the following command –

$ docker images

• For searching an image in the Docker Hub –

$ docker search <image>

Here’s a List of Docker Commands

• docker run – Runs a command in a new container.
• docker start – Starts one or more stopped containers
• docker stop – Stops one or more running containers
• docker build – Builds an image form a Docker file
• docker pull – Pulls an image or a repository from a registry
• docker push – Pushes an image or a repository to a registry
• docker export – Exports a container’s filesystem as a tar archive
• docker exec – Runs a command in a run-time container
• docker search – Searches the Docker Hub for images
• docker attach – Attaches to a running container
• docker commit – Creates a new image from a container’s changes

Examples of Using a Docker

• You can run WordPress locally on your laptop by downloading Docker, without having to install Apache, PHP, MySQL etc. The Docker Toolbox creates a containerized version of Linux to run the Docker in a VM.
  • Download Docker Tool Box which will install the Oracle VirtualBox.
  • Install the Extension Pack in the VirtualBox.
  • Type $ docker run hello-world in the terminal to check if your installation has finished properly.
  • Search for a WordPress image on the Docker Hub to install WordPress locally.
• Similarly, you can install DokuWiki using dockers.
• Dockers can be used for testing SDN components

Here are a few samples to get your docker engine up and running.

*All the examples in this article are for installing Docker on Windows. You can always run it on a Linux VM.

Configuring LDAP server on Linux

How Install and Configure OpenLDAP on CentOS / RHEL Linux

LDAP stands for Lightweight Directory Access Protocol.

LDAP is a solution to access centrally stored information over network. This centrally stored information is organized in a directory that follows X.500 standard.

The information is stored and organized in a hierarchical manner and the advantage of this approach is that the information can be grouped into containers and clients can access these containers whenever needed.

The OpenLDAP hierarchy is almost similar to the DNS hierarchy.

The following are the two most commonly used objects in OpenLDAP:

1. cn (common name) – This refers to the leaf entries, which are end objects (for example: users and groups)
2. dc (domain component) – This refers to one of the container entries in the LDAP hierarchy. If in a setup the LDAP hierarchy is mapped to a DNS hierarchy, typically all DNS domains are referred to as DC objects.

For example, if there is user in the hierarchy sam.thegeekstuff.com, the fully distinguished name of this user is referred as cn=sam, dc=thegeekstuff, dc=com. If you noticed in the FDN (fully distinguished name), a comma is used a separator and not a dot, which is common in DNS.

By using the different LDAP entry types, you can setup a hierarchical directory structure. This is the reason why openLDAP is so widely used. You can easily build an openLDAP hierarchy where objects in the other locations are easily referred to without storing them on local servers. This makes OpenLDAP a lightweight directory, especially when compared to other directory servers such as Microsoft’s Active directory.

Now lets see how to setup a single instance of an LDAP server that can be used by multiple clients in your network for authentication.

Install OpenLDAP Packages

On CentOS and RedHat, use yum install as shown below, to install the openldap related packages.

yum install -y openldap openldap-clients openldap-servers

You should install the following three packages:

1. openldap-servers – This is the main LDAP server
2. openldap-clients – This contains all required LDAP client utilities
3. openldap – This packages contains the LDAP support libraries

LDAP Config Files

• config.ldif – The LDAP default configuration is stored under a file in /etc/openldap/slapd.d/cn=config.ldif that is created in the LDIF format. This is the LDAP Input Format (LDIF), a specific format that allows you to enter information in to the LDAP directory.
• olcDatabase{2}bdb.ldif – You can also modify the settings like number of connections the server can support, timeouts and other database settings under the file /etc/openldap/slapd.d/cn=config/olcDatabase{2}bdb.ldif. This is the file that also contains the parameters like LDAP root user and the base DN.

Create olcRootDN Account as Admin

It is always recommended to create a dedicated user account first with the full permissions to change information on the LDAP database.

Modify the olcDatabase={2}bdb.ldif file, and change the olcRootDN entry. The following is the default entry.

# grep olcRootDN /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
olcRootDN: cn=Manager,dc=my-domain,dc=com

Change the above line to an admin user. In this example, user “ramesh” will be the olcRootDN.

olcRootDN: cn=ramesh,dc=thegeekstuff,dc=com

Create olcRootPW Root Password

Now use slappasswd command to create a hash for the root password you want to use. Once the password is generated, open the cn=config.ldif file, include the olcRootPW parameter, and copy the hashed password as shown below.

Execute the following command and specify a password. This will generate the hash for the given password.

# slappasswd
New password: SecretLDAPRootPass2015
Re-enter new password: SecretLDAPRootPass2015
{SSHA}1pgok6qWn24lpBkVreTDboTr81rg4QC6

Take the hash output of the above command and add it to the oclRootPW parameter in the config.ldif file as shown below.

# vi /etc/openldap/slapd.d/cn=config.ldif
olcRootPW: {SSHA}1pgok6qWn24lpBkVreTDboTr81rg4QC6

Create olcSuffix Domain Name

Now setup the olcSuffix and to set the domain that you want. Simply modify the line that starts with olcSuffix in the file olcDatabase={2}bdb.ldif as shown below.

# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
olcSuffix: dc=thegeekstuff,dc=com

Verify The Configuration Files

Use slaptest command to verify the configuration file as shown below. This should display “testing succeeded” message as shown below.

# slaptest -u
config file testing succeeded

You might get the following messages during the above command, which you can ignore for now.

54a39508 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
54a39508 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif"

Start the LDAP Server

Start the ldap server as shown below.

# service slapd start
Checking configuration files for slapd: [WARNING]
config file testing succeeded
Starting slapd:                         [  OK  ]

Verify the LDAP Search

To verify the ldap server is configured successfully, you can use the below command and verify that the domain entry is present.

# ldapsearch -x -b "dc=thegeekstuff,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=thegeekstuff,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1

Base LDAP Structure in base.ldif

The use of OU (organizational unit) objects can help you in providing additional structure to the LDAP database. If you are planning on adding in different types of entries, such as users, groups, computers, printers and more to the LDAP directory, it makes it easier to put every entry type into its own container.

To create these OU’s, you can create an initial LDIF file as shown in the below example. In this example, this file allows you to create the base container which is dc=thegeekstuff,dc=com and it creates two organizational units with the names users and groups in that container.

# cat base.ldif
dn: dc=thegeekstuff,dc=com
objectClass: dcObject
objectClass: organization
o: thegeekstuff.com
dc: thegeekstuff
dn: ou=users,dc=thegeekstuff,dc=com
objectClass: organizationalUnit
objectClass: top
ou: users
dn: ou=groups,dc=thegeekstuff,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups

Import Base Structure Using ldapadd

Now we can import the base structure in to the LDAP directory using the ldapadd command as shown below.

# ldapadd -x -W -D "cn=ramesh,dc=thegeekstuff,dc=com" -f base.ldif
Enter LDAP Password:
adding new entry "dc=thegeekstuff,dc=com"
adding new entry "ou=users,dc=thegeekstuff,dc=com"
adding new entry "ou=groups,dc=thegeekstuff,dc=com"

Verify the Base Structure using ldapsearch

To verify the OUs are successfully created, use the following ldapsearch command.

# ldapsearch -x -W -D "cn=ramesh,dc=thegeekstuff,dc=com" -b "dc=thegeekstuff,dc=com" "(objectclass=*)"
Enter LDAP Password:

The output of the above command will display all the objects in the LDAP directory structure.

# extended LDIF
#
# LDAPv3
# base <dc=thegeekstuff,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# thegeekstuff.com
dn: dc=thegeekstuff,dc=com
objectClass: dcObject
objectClass: organization
o: thegeekstuff.com
dc: thegeekstuff
# users, thegeekstuff.com
dn: ou=users,dc=thegeekstuff,dc=com
objectClass: organizationalUnit
objectClass: top
ou: users
# groups, thegeekstuff.com
dn: ou=groups,dc=thegeekstuff,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3