On this page
Set Up OpenLDAP On Fedora 7
This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.
Here we go: first we install the OpenLDAP server like this:
yum -y install openldap openldap-clients openldap-devel openldap-servers
Next we modify some files in the /etc/openldap/ directory, using our favourite text editor (I'm using nano). First we edit the file ldap.conf, just like this:
nano /etc/openldap/ldap.conf
ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 HOST ngoprek.ibunk.or.id --> add this line BASE dc=ngoprek,dc=ibunk,dc=or.id --> add this line #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
Next we need to do some bdb database definitions. Edit the slapd.conf file. At the bottom you will find bdb database definitions.
nano /etc/openldap/slapd.conf
Just add this stanza:
database bdb suffix "dc=ngoprek,dc=ibunk,dc=or.id" rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id" rootpw
Next we create an OpenLDAP password:
slappasswd
{SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu
Then we add that encrypted password to/etc/openldap/slapd.conf, like this:
nano /etc/openldap/slapd.conf
database bdb suffix "dc=ngoprek,dc=ibunk,dc=or.id" rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id" rootpw {SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu
Now we have to create a file in the /root folder called ibunk.ldif and put the following lines into it, like this:
nano /root/ibunk.ldif
dn: dc=ngoprek,dc=ibunk,dc=or.id objectclass: dcobject objectClass: organization o: Ngoprek Yuk dc: ngoprek
Finally we just run this command to add your root account in LDAP:
/usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif
Enter password :
adding new entry dc=ngoprek,dc=ibunk,dc=or.id
If there is an error like this:
ldap_bind: Can't contact LDAP server (-1)
don't panic and keep smiling, just edit your /etc/hosts.allow and add:
nano /etc/hosts.allow
localhost 127.0.0.1
And please restart your network service. Before the OpenLDAP service starts, we must copy DB_CONFIG.Example from /etc/openldap/ to /var/lib/ldap. Just run this command:
mv /etc/openldap/DB_CONFIG.Example /var/lib/ldap/DB_CONFIG
We need to start the OpenLDAP service now:
/etc/init.d/ldap start