On this page
- Install And Configure OpenLDAP On CentOS 5
- 1) LDAP installation (as root)
- 2) Copy the directory DB_CONFIG.example
- 3) Create a password for LDAP
- 4) We are ready to start the server:
- 5) All the information to be loaded is introduced into ldif format files.
- 6) Create a file to initialize the LDAP database
- 7) Initialize the database with the following command
- 8) Display the contents of the database
- 9) The command authconfig-tui
- 10) Create a user in the LDAP directory.
- 11) We also add the LDAP directory with ldapadd command
Install And Configure OpenLDAP On CentOS 5
This tutorial describes OpenLDAP installation on a computer running Red Hat, Fedora, CentOS or any distribution based on the package installer "yum."
If you use a distribution with another package installer we install the same packages but with the installer for (aptitude for Debian-based distros).
1) LDAP installation (as root)
[root@kike ~]# yum install openldap-servers openldap-clients nss_ldap
2) Copy the directory DB_CONFIG.example
[root@kike ~]# cd /etc/openldap/
[root@kike ~]# cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG
3) Create a password for LDAP
[root@kike openldap]# slappasswd
New password:
Re-enter new password:
{SSHA}V7IS3vYe8P0/IcOvJmfEdjY1LXuWPV3U
Copy the output of this command (the password SSHA) and add it to sldap.conf:
/etc/openldap/slapd.conf
At first all we modify what is in bold:
database bdb
suffix "dc=ldap-kike,dc=com,dc=uy"
rootdn "cn=Manager,dc=ldap-kike,dc=com,dc=uy"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}V7IS3vYe8P0/IcOvJmfEdjY1LXuWPV3U
Notes: In the tag "database" select bdb corresponding to the default OpenLDAP data storage format (you can choose MySQL, PostgreSQL or other database formats despite not being recommended at the official site of the OpenLDAP Project http://www.openldap.org/doc/admin24/backends.html).
In suffix we use the domain that will serve LDAP (in this case ldap-kike.com.uy).
Rootdn contains the name that is authenticated in OpenLDAP (Manager here but can be modified to any desired name).
Rootpw is the password of the administrator user (Manager in the example).
4) We are ready to start the server:
[root@kike openldap]# service ldap start
Checking configuration files for slapd: config file testing succeeded [ OK ]
Starting slapd: [ OK ]
5) All the information to be loaded is introduced into ldif format files.
http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format
6) Create a file to initialize the LDAP database
In this case I call the file ldap-init.ldif, and it contains:
[root@kike openldap]# cat ldap-init.ldif
dn: dc=ldap-kike,dc=com,dc=uy objectclass: dcObject objectclass: organization o: Servidor LDAP ldap-kike dc: ldap-kike dn: cn=Manager,dc=ldap-kike,dc=com,dc=uy objectclass: organizationalRole cn: Manager
7) Initialize the database with the following command
[root@kike openldap]# /usr/bin/ldapadd -a -x -D 'cn=Manager,dc=ldap-kike,dc=com,dc=uy' -W -f ldap-init.ldif
Enter LDAP Password:
adding new entry "dc=ldap-kike,dc=com,dc=uy"
adding new entry "cn=Manager,dc=ldap-kike,dc=com,dc=uy"
8) Display the contents of the database
[root@kike openldap]# ldapsearch -h 127.0.0.1 -x -b "dc=ldap-kike,dc=com,dc=uy"
Returns something like this:
# extended LDIF
#
# LDAPv3
# base
# ldap-kike.com.uy
dn: dc=ldap-kike,dc=com,dc=uy
objectClass: dcObject
objectClass: organization
o: Servidor LDAP ldap-kike
dc: ldap-kike
# Manager, ldap-kike.com.uy
dn: cn=Manager,dc=ldap-kike,dc=com,dc=uy
objectClass: organizationalRole
cn: Manager
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
9) The command authconfig-tui
We will configure the files /etc/nsswitch.conf, /etc/ldap.conf, pam and others. This will run in a console and opens a text menu where you configure LDAP authentication support and complete the information (default options are marked with *).
10) Create a user in the LDAP directory.
We also use a ldif formatted file.
[root@kike openldap]# cat user.ldif
dn: uid=usuario1,dc=ldap-kike,dc=com,dc=uy
uid: usuario1
cn: usuario1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$TEDFGNB3$m24Mo06Q06EXMop7INKrC/
shadowLastChange: 14335
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/usuario1
gecos: usuario1
In this case, the userPassword is generated in this way:
[root@kike openldap]# openssl passwd -1 -salt TEDFGNB345RTErea
Password:
$1$TEDFGNB3$m24Mo06Q06EXMop7INKrC/
The parameter -1 is MD5 and salt are random characters.
11) We also add the LDAP directory with ldapadd command
[root@kike openldap]# ldapadd -a -x -D 'cn=Manager,dc=ldap-kike,dc=com,dc=uy' -W -f user.ldif
Verify that the user is walking with the id command:
[root@kike openldap]# id usuario1
uid=10000(usuario1) gid=10000 groups=10000
