Set Up OpenLDAP On Fedora 7

This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.

Here we go: first we install the OpenLDAP server like this:

yum -y install openldap openldap-clients openldap-devel openldap-servers

Next we modify some files in the /etc/openldap/ directory, using our favourite text editor (I'm using nano). First we edit the file ldap.conf, just like this:

nano /etc/openldap/ldap.conf

# LDAP Defaults
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE   dc=example, dc=com
#URI    ldap:// ldap://
HOST  --> add this line
BASE dc=ngoprek,dc=ibunk, --> add this line
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

Next we need to do some bdb database definitions. Edit the slapd.conf file. At the bottom you will find bdb database definitions.

nano /etc/openldap/slapd.conf

Just add this stanza:

database bdb
suffix "dc=ngoprek,dc=ibunk,"
rootdn "uid=root,dc=ngoprek,dc=ibunk,"

Next we create an OpenLDAP password:



Then we add that encrypted password to/etc/openldap/slapd.conf, like this:

nano /etc/openldap/slapd.conf

database bdb
suffix "dc=ngoprek,dc=ibunk,"
rootdn "uid=root,dc=ngoprek,dc=ibunk,"
rootpw {SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Now we have to create a file in the /root folder called ibunk.ldif and put the following lines into it, like this:

nano /root/ibunk.ldif

dn: dc=ngoprek,dc=ibunk,
objectclass: dcobject
objectClass: organization
o: Ngoprek Yuk
dc: ngoprek

Finally we just run this command to add your root account in LDAP:

/usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,' -W -f /root/ibunk.ldif

Enter password :
adding new entry dc=ngoprek,dc=ibunk,

If there is an error like this:

ldap_bind: Can't contact LDAP server (-1)

don't panic and keep smiling, just edit your /etc/hosts.allow and add:

nano /etc/hosts.allow


And please restart your network service. Before the OpenLDAP service starts, we must copy DB_CONFIG.Example from /etc/openldap/ to /var/lib/ldap. Just run this command:

mv /etc/openldap/DB_CONFIG.Example /var/lib/ldap/DB_CONFIG

We need to start the OpenLDAP service now:

/etc/init.d/ldap start

Share this page:

9 Comment(s)

Add comment


From: Ranjith at: 2009-04-12 06:41:10


 I Fixed the below error by adding ":" before localhost and in hosts.allow

 ldap_bind: Can't contact LDAP server (-1)


Here is the correct hosts.allow entry.







From: at: 2007-07-19 08:17:05
From: at: 2007-10-25 16:33:06

Well, I think the howto is ok if the following are true:

1. You already understand LDAP Schemas

2. You already understand SASL/TLS etc.

In my case neither were true.  I do have it up and running, but without SASL/TLS.  

What helped me a lot, even though I am using Fedora, is this Gentoo howto:

I skipped the SASL/TLS Stuff because it's different in Gentoo.  I have to get this figured out, as I want get Kolab running.



From: at: 2007-11-28 11:04:31
From: at: 2007-07-30 00:52:05

I think this tutorial lacked a little explaining on certain things and made assumptions that I should know some of the things to replace with my data.

From: at: 2007-08-14 12:58:09

I have to agree with the previous poster, this tutorial is too light on information. I followed all the instructions to the letter and it just wouldn't work. I kept getting:

ldap_bind: Can't contact LDAP server (-1)

No matter what I put into the /etc/hosts.allow and restarted the networking/rebooted. No idea how to fix it. Will do some more research.

Questions I'd like to see answered would be how would I add a user? Do I re-run the ldapadd command with the users name? Do I have to create an ldif file?

 I appreciate the effort, LDAP seem quite complicated to configure and this is possibly a good start, just needs some fleshing out.


From: Carlos at: 2008-10-18 09:55:30

Try adding -h localhost to the command, it worked for me.

It stays like this

/usr/bin/ldapadd -h localhost -x -D 'uid=root,dc=ngoprek,dc=ibunk,' -W -f /root/ibunk.ldif

From: joewils at: 2009-02-25 19:21:10

For the life of me I couldn't get this command to work: /usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,' -W -f /root/ibunk.ldif

I replaced the uid=root statement with cn=Manager. I'm new to ldap, so I'm not sure what I 'fixed'...

BTW, the error I kept getting was "ldap_bind: Invalid credentials (49) "

From: Siddharth Gupta at: 2010-06-07 17:19:25

hey u can try this /etc/init.d/ldap stop /etc/init.d/ldap start I had the same issue and these two steps worked for me.. i guess it needs to update itself with the credentials info after u have made changes to the configs....