Configure OpenLDAP

Configure OpenLDAP Server

Install OpenLDAP-Server RPM

Use yum to install following rpm's.

# yum -y install openldap openldap-servers openldap-clients

Start and enable openldap-server deamon

# systemctl start slapd.service # systemctl enable slapd.service Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /usr/lib/systemd/system/slapd.service.
Set LDAP root account password and generate hash

Run slappasswd and set LDAP root password and generate its Hash. Keep a note of both the password and its hash as these will be used later in configurations

# slappasswd New password: Re-enter new password: {SSHA}JNNjNtlq2ZtO7oDvcR+7YbTuOvx8nv5V
Add LDAP server initial configuration Attribute

Create base_config.ldif file with following contents:

# vi base_config.ldif dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=linuxtechspace,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=root,dc=linuxtechspace,dc=com dn: olcDatabase={2}hdb,cn=config changeType: modify add: olcRootPW olcRootPW: {SSHA}JNNjNtlq2ZtO7oDvcR+7YbTuOvx8nv5V dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=root,dc=linuxtechspace,dc=com" read by * none

Deploy configuration change to LDAP server.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f base_config.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={1}monitor,cn=config"
Add in-built LDAP schemas
# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/nis.ldif # ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/inetorgperson.ldif
Set LDAP Domain Attribute

Create create_domain.ldif file with following contents:

# vi create_domain.ldif dn: dc=linuxtechspace,dc=com objectClass: dcObject objectClass: organization dc: linuxtechspace o: linuxtechspace dn: ou=users,dc=linuxtechspace,dc=com objectClass: organizationalUnit ou: users

Deploy configuration change to LDAP server.

# ldapadd -x -W -D cn=root,dc=linuxtechspace,dc=com -f create_domain.ldif Enter LDAP Password: adding new entry "dc=linuxtechspace,dc=com" adding new entry "ou=users,dc=linuxtechspace,dc=com"

Enter the LDAP root account password when prompted which we set in initial steps.

Adding LDAP User

Create ldap password for sample test user

# slappasswd New password: Re-enter new password: {SSHA}r/xCHez+Sik4Y7TfirPDVXdsWuD7+Kd4

Create create_test_user.ldif file with following contents:

# vi create_test_user.ldif dn: uid=test,ou=users,dc=linuxtechspace,dc=com uid: test cn: test objectClass: shadowAccount objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: posixAccount userPassword: {SSHA}r/xCHez+Sik4Y7TfirPDVXdsWuD7+Kd4 shadowLastChange: 17016 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1002 gidNumber: 1002 homeDirectory: /home/test sn: test dn: cn=test,ou=users,dc=linuxtechspace,dc=com objectClass: posixGroup objectClass: top cn: test userPassword: {crypt}x gidNumber: 1002

Deploy configuration change to LDAP server.

# ldapadd -x -W -D cn=root,dc=linuxtechspace,dc=com -f create_test_user.ldif Enter LDAP Password: adding new entry "uid=test,ou=users,dc=linuxtechspace,dc=com" adding new entry "cn=test,ou=users,dc=linuxtechspace,dc=com"

Enter the LDAP root account password when prompted which we set in initial steps.