Install And Configure OpenLDAP On CentOS 5

This tutorial describes OpenLDAP installation on a computer running Red Hat, Fedora, CentOS or any distribution based on the package installer "yum."

If you use a distribution with another package installer we install the same packages but with the installer for (aptitude for Debian-based distros).

 

1) LDAP installation (as root)

[[email protected] ~]# yum install openldap-servers openldap-clients nss_ldap

 

2) Copy the directory DB_CONFIG.example

[[email protected] ~]# cd /etc/openldap/
[[email protected] ~]# cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

 

3) Create a password for LDAP

[[email protected] openldap]# slappasswd
New password:
Re-enter new password:
{SSHA}V7IS3vYe8P0/IcOvJmfEdjY1LXuWPV3U

Copy the output of this command (the password SSHA) and add it to sldap.conf:

/etc/openldap/slapd.conf

At first all we modify what is in bold:

database bdb

suffix "dc=ldap-kike,dc=com,dc=uy"
rootdn "cn=Manager,dc=ldap-kike,dc=com,dc=uy"

# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg

rootpw {SSHA}V7IS3vYe8P0/IcOvJmfEdjY1LXuWPV3U

Notes: In the tag "database" select bdb corresponding to the default OpenLDAP data storage format (you can choose MySQL, PostgreSQL or other database formats despite not being recommended at the official site of the OpenLDAP Project http://www.openldap.org/doc/admin24/backends.html).

In suffix we use the domain that will serve LDAP (in this case ldap-kike.com.uy).

Rootdn contains the name that is authenticated in OpenLDAP (Manager here but can be modified to any desired name).

Rootpw is the password of the administrator user (Manager in the example).

 

4) We are ready to start the server:

[[email protected] openldap]# service ldap start

Checking configuration files for slapd: config file testing succeeded [ OK ]

Starting slapd: [ OK ]

 

5) All the information to be loaded is introduced into ldif format files.

http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format

 

6) Create a file to initialize the LDAP database

In this case I call the file ldap-init.ldif, and it contains:

[[email protected] openldap]# cat ldap-init.ldif
dn: dc=ldap-kike,dc=com,dc=uy
objectclass: dcObject
objectclass: organization
o: Servidor LDAP ldap-kike
dc: ldap-kike
dn: cn=Manager,dc=ldap-kike,dc=com,dc=uy
objectclass: organizationalRole
cn: Manager

 

7) Initialize the database with the following command

[[email protected] openldap]# /usr/bin/ldapadd -a -x -D 'cn=Manager,dc=ldap-kike,dc=com,dc=uy' -W -f ldap-init.ldif

Enter LDAP Password:
adding new entry "dc=ldap-kike,dc=com,dc=uy"
adding new entry "cn=Manager,dc=ldap-kike,dc=com,dc=uy"

 

8) Display the contents of the database

[[email protected] openldap]# ldapsearch -h 127.0.0.1 -x -b "dc=ldap-kike,dc=com,dc=uy"

Returns something like this:

# extended LDIF
#
# LDAPv3
# base

# ldap-kike.com.uy
dn: dc=ldap-kike,dc=com,dc=uy
objectClass: dcObject
objectClass: organization
o: Servidor LDAP ldap-kike
dc: ldap-kike
# Manager, ldap-kike.com.uy
dn: cn=Manager,dc=ldap-kike,dc=com,dc=uy
objectClass: organizationalRole
cn: Manager
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2

 

9) The command authconfig-tui

We will configure the files /etc/nsswitch.conf, /etc/ldap.conf, pam and others. This will run in a console and opens a text menu where you configure LDAP authentication support and complete the information (default options are marked with *).

 

10) Create a user in the LDAP directory.

We also use a ldif formatted file.

[[email protected] openldap]# cat user.ldif
dn: uid=usuario1,dc=ldap-kike,dc=com,dc=uy
uid: usuario1
cn: usuario1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$TEDFGNB3$m24Mo06Q06EXMop7INKrC/
shadowLastChange: 14335
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/usuario1
gecos: usuario1

In this case, the userPassword is generated in this way:

[[email protected] openldap]# openssl passwd -1 -salt TEDFGNB345RTErea
Password:
$1$TEDFGNB3$m24Mo06Q06EXMop7INKrC/

The parameter -1 is MD5 and salt are random characters.

 

11) We also add the LDAP directory with ldapadd command

[[email protected] openldap]# ldapadd -a -x -D 'cn=Manager,dc=ldap-kike,dc=com,dc=uy' -W -f user.ldif

Verify that the user is walking with the id command:

[[email protected] openldap]# id usuario1
uid=10000(usuario1) gid=10000 groups=10000
Share this page:

Suggested articles

5 Comment(s)

Add comment

Comments

By: Anonymous

Dude, nice work as a startup. You should consider adding The migration of existing accounts And if possible How to expand to highclass service.

For details ojease visit:

https://help.ubuntu.com/7.04/server/C/openldap-server.html

Also http://www.bind9.net/manual/openldap/2.0/replication.html

By: Anonymous

If you have this error: "ldapadd: Undefined attribute type (17) additional info: dn: attribute type undefined" when initializing the database insert an empty line between dc:

ldap-kike

and

dn: cn=Manager,dc=ldap-kike,dc=com,dc=uy

By: Manoj

There should be enter after "dc: ldap-kike" then file should be like:

 

 dn: dc=domain,dc=myldap,dc=com

objectclass: dcObject

objectclass: organization

o: Servidor LDAP domain

dc: domain


dn: cn=Manager,dc=domain,dc=myldap,dc=com

 objectclass: organizationalRole

 cn: Manager

 

 Thanks & Regards,

Manoj Kumar\

 http://manojsprofile.blogspot.com/

By: Claude

When I tried to initialize the LDAP database with ldap-init.ldif I kept having the message:

 

ldapadd: No such object (32)

 

I got rid of the warning by adding the domain entry at the beginning of the file ldap-init.ldif:

dn: dc=com,dc=uy
objectClass: top
objectClass: domain
dc: com

Regards

By: Abhijit

I was facing issue on step 7 and after modifying the file ldap-init.ldif as below, the issue was resolved.

dn: dc=ldaptest,dc=com
objectClass: top
objectclass: dcObject
objectclass: organization
o: Servidor LDAP ldaptest
dc: ldaptest

dn: cn=Manager,dc=ldaptest,dc=com
objectclass: organizationalRole
cn: Manager 

There is an empty line after "dc: ldaptest" in the above text and not a typo :-)

The tutorial is very nice and well written. I have successfully configured LDAP and tested it on another projects.

Cheers !