Set Up OpenLDAP On Fedora 7

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Submitted by pinguingilo (Contact Author) (Forums) on Wed, 2007-07-18 16:56. :: Fedora

Set Up OpenLDAP On Fedora 7

This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.

Here we go: first we install the OpenLDAP server like this:

yum -y install openldap openldap-clients openldap-devel openldap-servers

Next we modify some files in the /etc/openldap/ directory, using our favourite text editor (I'm using nano). First we edit the file ldap.conf, just like this:

nano /etc/openldap/ldap.conf 

ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
HOST ngoprek.ibunk.or.id  --> add this line
BASE dc=ngoprek,dc=ibunk,dc=or.id --> add this line
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

Next we need to do some bdb database definitions. Edit the slapd.conf file. At the bottom you will find bdb database definitions.

nano /etc/openldap/slapd.conf

Just add this stanza:

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw

Next we create an OpenLDAP password:

slappasswd

{SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Then we add that encrypted password to/etc/openldap/slapd.conf, like this:

nano /etc/openldap/slapd.conf 

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw {SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Now we have to create a file in the /root folder called ibunk.ldif and put the following lines into it, like this:

nano /root/ibunk.ldif

dn: dc=ngoprek,dc=ibunk,dc=or.id
objectclass: dcobject
objectClass: organization
o: Ngoprek Yuk
dc: ngoprek

Finally we just run this command to add your root account in LDAP:

/usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

Enter password :
adding new entry dc=ngoprek,dc=ibunk,dc=or.id

If there is an error like this:

ldap_bind: Can't contact LDAP server (-1)

don't panic and keep smiling, just edit your /etc/hosts.allow and add:

nano /etc/hosts.allow 

localhost
127.0.0.1

And please restart your network service. Before the OpenLDAP service starts, we must copy DB_CONFIG.Example from /etc/openldap/ to /var/lib/ldap. Just run this command:

mv /etc/openldap/DB_CONFIG.Example /var/lib/ldap/DB_CONFIG

We need to start the OpenLDAP service now:

/etc/init.d/ldap start


Copyright © 2007 pinguingilo
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
ldapadd
Submitted by joewils (not registered) on Wed, 2009-02-25 20:21.

For the life of me I couldn't get this command to work: /usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

I replaced the uid=root statement with cn=Manager. I'm new to ldap, so I'm not sure what I 'fixed'...

BTW, the error I kept getting was "ldap_bind: Invalid credentials (49) "

reply | view as pdf view as pdf
Too light...
Submitted by c_henry (registered user) on Tue, 2007-08-14 13:58.

I have to agree with the previous poster, this tutorial is too light on information. I followed all the instructions to the letter and it just wouldn't work. I kept getting:

ldap_bind: Can't contact LDAP server (-1)

No matter what I put into the /etc/hosts.allow and restarted the networking/rebooted. No idea how to fix it. Will do some more research.

Questions I'd like to see answered would be how would I add a user? Do I re-run the ldapadd command with the users name? Do I have to create an ldif file?

 I appreciate the effort, LDAP seem quite complicated to configure and this is possibly a good start, just needs some fleshing out.

 Thanks

reply | view as pdf view as pdf
Re: Too light...
Submitted by Carlos (not registered) on Sat, 2008-10-18 10:55.

Try adding -h localhost to the command, it worked for me.

It stays like this

/usr/bin/ldapadd -h localhost -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

reply | view as pdf view as pdf
Re: Re: Too light...
Submitted by Ranjith (not registered) on Sun, 2009-04-12 07:41.

Hi,

 I Fixed the below error by adding ":" before localhost and 127.0.0.1 in hosts.allow

 ldap_bind: Can't contact LDAP server (-1)

 

Here is the correct hosts.allow entry.

:localhost
:127.0.0.1

 

 

 

 

 

reply | view as pdf view as pdf
a little lost
Submitted by banksps (registered user) on Mon, 2007-07-30 01:52.
I think this tutorial lacked a little explaining on certain things and made assumptions that I should know some of the things to replace with my data.
reply | view as pdf view as pdf
Another procedure...
Submitted by nicolargo (registered user) on Thu, 2007-07-19 09:17.

  ... in french for FC6:

http://blog.nicolargo.com/2007/02/installation-dun-annuaire-ldap.html

Nicolargo

reply | view as pdf view as pdf
OpenLDAP
Submitted by osprey1611 (registered user) on Thu, 2007-10-25 17:33.

Well, I think the howto is ok if the following are true:

1. You already understand LDAP Schemas

2. You already understand SASL/TLS etc.

In my case neither were true.  I do have it up and running, but without SASL/TLS.  

What helped me a lot, even though I am using Fedora, is this Gentoo howto:

http://gentoo-wiki.com/HOWTO_LDAPv3

I skipped the SASL/TLS Stuff because it's different in Gentoo.  I have to get this figured out, as I want get Kolab running.

HINT HINT! KOLAB ON FEDORA HOWTO!!! FALKO!!! HINT HINT!!!

:D 

reply | view as pdf view as pdf
Sponsored Links: Turn your desk phone and mobile phone into one with Sprint Mobile Integration.
www.seamlessenterprise.com

One number. One voicemail. Seize the lead. Sprint Mobile Integration.
www.seamlessenterprise.com

One Number. One Voicemail.
Make it easier for clients to reach you. Turn your desk phone and mobile phone into one with Sprint Mobile Integration.
www.seamlessenterprise.com

One number. One voicemail. Sprint Mobile Integration.
www.seamlessenterprise.com

AT&T Synaptic Compute as a Service. Boost your power on demand.

Trial: IBM Cognos Express Reporting, Analysis & Planning