Set Up OpenLDAP On Fedora 7

Want to support HowtoForge? Become a subscriber!
 
Submitted by pinguingilo (Contact Author) (Forums) on Wed, 2007-07-18 16:56. :: Fedora

Set Up OpenLDAP On Fedora 7

This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.

Here we go: first we install the OpenLDAP server like this:

yum -y install openldap openldap-clients openldap-devel openldap-servers

Next we modify some files in the /etc/openldap/ directory, using our favourite text editor (I'm using nano). First we edit the file ldap.conf, just like this:

nano /etc/openldap/ldap.conf

ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
HOST ngoprek.ibunk.or.id  --> add this line
BASE dc=ngoprek,dc=ibunk,dc=or.id --> add this line
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

Next we need to do some bdb database definitions. Edit the slapd.conf file. At the bottom you will find bdb database definitions.

nano /etc/openldap/slapd.conf

Just add this stanza:

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw 

Next we create an OpenLDAP password:

slappasswd

{SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Then we add that encrypted password to/etc/openldap/slapd.conf, like this:

nano /etc/openldap/slapd.conf

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw {SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Now we have to create a file in the /root folder called ibunk.ldif and put the following lines into it, like this:

nano /root/ibunk.ldif

dn: dc=ngoprek,dc=ibunk,dc=or.id
objectclass: dcobject
objectClass: organization
o: Ngoprek Yuk
dc: ngoprek

Finally we just run this command to add your root account in LDAP:

/usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

Enter password :
adding new entry dc=ngoprek,dc=ibunk,dc=or.id

If there is an error like this:

ldap_bind: Can't contact LDAP server (-1)

don't panic and keep smiling, just edit your /etc/hosts.allow and add:

nano /etc/hosts.allow

localhost
127.0.0.1

And please restart your network service. Before the OpenLDAP service starts, we must copy DB_CONFIG.Example from /etc/openldap/ to /var/lib/ldap. Just run this command:

mv /etc/openldap/DB_CONFIG.Example /var/lib/ldap/DB_CONFIG

We need to start the OpenLDAP service now:

/etc/init.d/ldap start


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by joewils (not registered) on Wed, 2009-02-25 20:21.

For the life of me I couldn't get this command to work: /usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

I replaced the uid=root statement with cn=Manager. I'm new to ldap, so I'm not sure what I 'fixed'...

BTW, the error I kept getting was "ldap_bind: Invalid credentials (49) "

Submitted by Siddharth Gupta (not registered) on Mon, 2010-06-07 18:19.
hey u can try this /etc/init.d/ldap stop /etc/init.d/ldap start I had the same issue and these two steps worked for me.. i guess it needs to update itself with the credentials info after u have made changes to the configs....
Submitted by c_henry (registered user) on Tue, 2007-08-14 13:58.

I have to agree with the previous poster, this tutorial is too light on information. I followed all the instructions to the letter and it just wouldn't work. I kept getting:

ldap_bind: Can't contact LDAP server (-1)

No matter what I put into the /etc/hosts.allow and restarted the networking/rebooted. No idea how to fix it. Will do some more research.

Questions I'd like to see answered would be how would I add a user? Do I re-run the ldapadd command with the users name? Do I have to create an ldif file?

 I appreciate the effort, LDAP seem quite complicated to configure and this is possibly a good start, just needs some fleshing out.

 Thanks

Submitted by Carlos (not registered) on Sat, 2008-10-18 10:55.

Try adding -h localhost to the command, it worked for me.

It stays like this

/usr/bin/ldapadd -h localhost -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif

Submitted by Ranjith (not registered) on Sun, 2009-04-12 07:41.

Hi,

 I Fixed the below error by adding ":" before localhost and 127.0.0.1 in hosts.allow

 ldap_bind: Can't contact LDAP server (-1)

 

Here is the correct hosts.allow entry.

:localhost
:127.0.0.1


 

 

 

 

 

Submitted by banksps (registered user) on Mon, 2007-07-30 01:52.
I think this tutorial lacked a little explaining on certain things and made assumptions that I should know some of the things to replace with my data.
Submitted by nicolargo (registered user) on Thu, 2007-07-19 09:17.
Submitted by osprey1611 (registered user) on Thu, 2007-10-25 17:33.

Well, I think the howto is ok if the following are true:

1. You already understand LDAP Schemas

2. You already understand SASL/TLS etc.

In my case neither were true.  I do have it up and running, but without SASL/TLS.  

What helped me a lot, even though I am using Fedora, is this Gentoo howto:

http://gentoo-wiki.com/HOWTO_LDAPv3

I skipped the SASL/TLS Stuff because it's different in Gentoo.  I have to get this figured out, as I want get Kolab running.

HINT HINT! KOLAB ON FEDORA HOWTO!!! FALKO!!! HINT HINT!!!

:D