Tuesday, November 9, 2010

Configuring Ldap for Server and Client

compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E

yum install *openldap* -y

chkconfig --levels 235 ldap on
service ldap start

slappasswd
New password:
Re-enter new password:
{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

vi /etc/openldap/slapd.conf

#68 database        bdb
#69 suffix          "dc=example,dc=com"
#70 rootdn          "cn=admin,dc=example,dc=com"
#71 rootpw          {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW


create users test1 and test2

Migrate local user to LDAP (We assume that users test1 and test2 exist in our system)
grep root /etc/passwd > /etc/openldap/passwd.root
grep test1 /etc/passwd > /etc/openldap/passwd.test1
grep test2 /etc/passwd > /etc/openldap/passwd.test2

Update default settings on file /usr/share/openldap/migration/migrate_common.ph
#71 $DEFAULT_MAIL_DOMAIN = "example.com";
#74 $DEFAULT_BASE = "dc=example,dc=com";

cd /usr/share/openldap/migration
migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif

Update root.ldif file for the "admin" of LDAP Server

vi /etc/openldap/root.ldif

#1 dn: uid=root,ou=People, dc=example,dc=com
#2 uid: root
#3 cn: admin
#4 objectClass: account

Create a domain ldif file

cat /etc/openldap/example.com.ldif

dn: dc=example,dc=com
dc: example
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=People, dc=example,dc=com
ou: People
description: Users of example
objectClass: organizationalUnit

Import all users in to the LDAP

ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f  /etc/openldap/example.com.ldif

ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f  /etc/openldap/root.ldif

ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f  /etc/openldap/test1.ldif

ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f  /etc/openldap/test2.ldif

service ldap restart

Test LDAP Server

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

Client Configuration
authconfig-tui

use LDAP

Server: ldap.example.com
Base DN: dc=example,dc=com
Posted by at

2 comments:

  1. SYSAdminDecember 27, 2011 at 11:35 AM

    How would one go about setting up ldap for use with spam appliances and multiple domains?

    For example:

    domain1.com
    domain55.com
    domain777.com

    To authenticate if a user exist or not?

    ReplyDelete
  2. SYSAdminDecember 27, 2011 at 11:36 AM

    Do you have any examples of this setup on CentOS 6.1 64 bit?

    ReplyDelete

Subscribe to: Post Comments (Atom)