Set Up OpenLDAP On Fedora 7

Submitted by pinguingilo (Contact Author) (Forums) on Wed, 2007-07-18 16:56. :: Fedora

Set Up OpenLDAP On Fedora 7

This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.

Here we go: first we install the OpenLDAP server like this:

yum -y install openldap openldap-clients openldap-devel openldap-servers

Next we modify some files in the /etc/openldap/ directory, using our favourite text editor (I'm using nano). First we edit the file ldap.conf, just like this:

nano /etc/openldap/ldap.conf 

ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
HOST ngoprek.ibunk.or.id  --> add this line
BASE dc=ngoprek,dc=ibunk,dc=or.id --> add this line
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

Next we need to do some bdb database definitions. Edit the slapd.conf file. At the bottom you will find bdb database definitions.

nano /etc/openldap/slapd.conf

Just add this stanza:

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw

Next we create an OpenLDAP password:

slappasswd

{SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Then we add that encrypted password to/etc/openldap/slapd.conf, like this:

nano /etc/openldap/slapd.conf 

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw {SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Now we have to create a file in the /root folder called ibunk.ldif and put the following lines into it, like this:

nano /root/ibunk.ldif

dn: dc=ngoprek,dc=ibunk,dc=or.id
objectclass: dcobject
objectClass: organization
o: Ngoprek Yuk
dc: ngoprek

Finally we just run this command to add your root account in LDAP:

/usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

Enter password :
adding new entry dc=ngoprek,dc=ibunk,dc=or.id

If there is an error like this:

ldap_bind: Can't contact LDAP server (-1)

don't panic and keep smiling, just edit your /etc/hosts.allow and add:

nano /etc/hosts.allow 

localhost
127.0.0.1

And please restart your network service. Before the OpenLDAP service starts, we must copy DB_CONFIG.Example from /etc/openldap/ to /var/lib/ldap. Just run this command:

mv /etc/openldap/DB_CONFIG.Example /var/lib/ldap/DB_CONFIG

We need to start the OpenLDAP service now:

/etc/init.d/ldap start


Copyright © 2007 pinguingilo
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Too light...
Submitted by c_henry (registered user) on Tue, 2007-08-14 13:58.

I have to agree with the previous poster, this tutorial is too light on information. I followed all the instructions to the letter and it just wouldn't work. I kept getting:

ldap_bind: Can't contact LDAP server (-1)

No matter what I put into the /etc/hosts.allow and restarted the networking/rebooted. No idea how to fix it. Will do some more research.

Questions I'd like to see answered would be how would I add a user? Do I re-run the ldapadd command with the users name? Do I have to create an ldif file?

 I appreciate the effort, LDAP seem quite complicated to configure and this is possibly a good start, just needs some fleshing out.

 Thanks

reply | view as pdf view as pdf
Re: Too light...
Submitted by Carlos (not registered) on Sat, 2008-10-18 10:55.

Try adding -h localhost to the command, it worked for me.

It stays like this

/usr/bin/ldapadd -h localhost -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

reply | view as pdf view as pdf
a little lost
Submitted by banksps (registered user) on Mon, 2007-07-30 01:52.
I think this tutorial lacked a little explaining on certain things and made assumptions that I should know some of the things to replace with my data.
reply | view as pdf view as pdf
Another procedure...
Submitted by nicolargo (registered user) on Thu, 2007-07-19 09:17.

  ... in french for FC6:

http://blog.nicolargo.com/2007/02/installation-dun-annuaire-ldap.html

Nicolargo

reply | view as pdf view as pdf
OpenLDAP
Submitted by osprey1611 (registered user) on Thu, 2007-10-25 17:33.

Well, I think the howto is ok if the following are true:

1. You already understand LDAP Schemas

2. You already understand SASL/TLS etc.

In my case neither were true.  I do have it up and running, but without SASL/TLS.  

What helped me a lot, even though I am using Fedora, is this Gentoo howto:

http://gentoo-wiki.com/HOWTO_LDAPv3

I skipped the SASL/TLS Stuff because it's different in Gentoo.  I have to get this figured out, as I want get Kolab running.

HINT HINT! KOLAB ON FEDORA HOWTO!!! FALKO!!! HINT HINT!!!

:D 

reply | view as pdf view as pdf