Editing OpenLDAP Server in container
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | Step by Step Installation and Configuration OpenLDAP Server | + | <h3>Step by Step Installation and Configuration OpenLDAP Server</h3> |
+ | <b>By Ganesh (ganesh35@gmail.com)</b> | ||
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br> | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br> | ||
Line 5: | Line 6: | ||
Domain name: adminmart.com<br> | Domain name: adminmart.com<br> | ||
System IP: 192.168.1.212<br> | System IP: 192.168.1.212<br> | ||
+ | <br> | ||
+ | <b>Note:</b> Use your domain name and IP instead of adminmart<br> | ||
+ | <br> | ||
− | + | <h3>Create container with OpenLDAP</h3> | |
+ | Create, Install vps with the following information<br> | ||
+ | - vpsid : 212<br> | ||
+ | - vpsip : 192.168.1.212<br> | ||
+ | - vpsname : ldap<br> | ||
+ | - vpshostname : ldap<br> | ||
+ | <br> | ||
+ | <b>Note:</b> Please run these commands on hardware node<br> | ||
+ | <code> | ||
+ | vzctl create 212 --ostemplate centos-4-i386-minimal<br> | ||
+ | vzctl set 212 --ipadd 192.168.1.212 --save<br> | ||
+ | vzctl set 212 --nameserver 202.88.156.6 --save<br> | ||
+ | vzctl set 212 --onboot yes --save<br> | ||
+ | vzctl set 212 --userpasswd root:changeme --save<br> | ||
+ | vzctl set 212 --name ldap --save<br> | ||
+ | vzctl set 212 --hostname ldap --save<br> | ||
+ | vzctl start 212<br> | ||
+ | vzyum 212 install *openldap* -y<br> | ||
+ | </code> | ||
+ | <h3>Configuration of OpenLDAP Server</h3> | ||
+ | <b>Easy steps for adding users:</b> | ||
+ | 1. Create unix user<br> | ||
+ | 2. Create unix user's ldap passwd file<br> | ||
+ | 3. Convert passwd.file to ldif file<br> | ||
+ | 4. Add ldap file to LDAP Directory using ldapadd<br> | ||
+ | <h4>Step #1. Requirements</h4> | ||
+ | compat-openldap.i386 0:2.1.30-6.4E<br> | ||
+ | openldap-clients.i386 0:2.2.13-6.4E<br> | ||
+ | openldap-devel.i386 0:2.2.13-6.4E<br> | ||
+ | openldap-servers.i386 0:2.2.13-6.4E<br> | ||
+ | openldap-servers-sql.i386 0:2.2.13-6.4E<br> | ||
+ | <br> | ||
+ | <br> | ||
+ | You can install them using the command:<br> | ||
+ | <br> | ||
+ | yum install *openldap* -y <br> | ||
− | + | <h4>Step #2. Start the service</h4> | |
− | + | <code> | |
− | + | [root@ldap ~]# chkconfig --levels 235 ldap on<br> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | # | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | [root@ldap ~]# chkconfig --levels 235 ldap on | ||
[root@ldap ~]# service ldap start <br> | [root@ldap ~]# service ldap start <br> | ||
− | + | </code> | |
− | + | <h4>Step #3. Create LDAP root user password</h4> | |
− | + | <code> | |
− | [root@ldap ~]# slappasswd | + | [root@ldap ~]# slappasswd<br> |
− | New password: | + | New password:<br> |
− | Re-enter new password: | + | Re-enter new password:<br> |
− | {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW | + | {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW<br> |
[root@ldap ~]# | [root@ldap ~]# | ||
+ | </code> | ||
+ | |||
+ | <h4>Step #4. Update /etc/openldap/slapd.conf for the root password</h4> | ||
+ | <code> | ||
+ | [root@ldap ~]# vi /etc/openldap/slapd.conf<br> | ||
+ | #68 database bdb<br> | ||
+ | #69 suffix "dc=adminmart,dc=com"<br> | ||
+ | #70 rootdn "cn=Manager,dc=adminmart,dc=com"<br> | ||
+ | #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code> | ||
− | + | <h4>Step #5. Apply Changes</h4> | |
− | + | <code> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[root@ldap ~]# service ldap restart | [root@ldap ~]# service ldap restart | ||
+ | </code> | ||
− | + | <h4>Step #6. Create test users</h4> | |
− | + | <code> | |
− | [root@ldap ~]# useradd test1 | + | [root@ldap ~]# useradd test1<br> |
− | [root@ldap ~]# passwd test1 | + | [root@ldap ~]# passwd test1<br> |
− | Changing password for user test1. | + | Changing password for user test1.<br> |
− | New UNIX password: | + | New UNIX password:<br> |
− | Retype new UNIX password: | + | Retype new UNIX password:<br> |
− | passwd: all authentication tokens updated successfully. | + | passwd: all authentication tokens updated successfully.<br> |
− | [root@ldap ~]# useradd test2 | + | [root@ldap ~]# useradd test2<br> |
− | [root@ldap ~]# passwd test2 | + | [root@ldap ~]# passwd test2<br> |
− | Changing password for user test2. | + | Changing password for user test2.<br> |
− | New UNIX password: | + | New UNIX password:<br> |
− | Retype new UNIX password: | + | Retype new UNIX password:<br> |
− | passwd: all authentication tokens updated successfully. | + | passwd: all authentication tokens updated successfully.<br> |
− | [root@ldap ~]# | + | [root@ldap ~]#<br> |
− | + | </code><br> | |
− | + | <b>Note:</b> Repeat the same for the rest of users <br> | |
− | + | <h4>Step #7. Migrate local users to LDAP</h4> | |
+ | <code> | ||
+ | [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root<br> | ||
+ | [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1<br> | ||
+ | [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2<br> | ||
+ | </code><br> | ||
+ | <b>Note:</b> Repeat the same for the rest of users<br> | ||
− | + | <h4>Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph</h4> | |
− | + | #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";<br> | |
− | + | #74 $DEFAULT_BASE = "dc=adminmart,dc=com";<br> | |
− | + | <h4>Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file </h4> | |
+ | <code> | ||
+ | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif<br> | ||
+ | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif<br> | ||
+ | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif<br> | ||
+ | </code><br> | ||
+ | <b>Note:</b> Repeat the same for the rest of users<br> | ||
− | === | + | <h4>Step #10. Update root.ldif file for the "Manager" of LDAP Server </h4> |
+ | <code> | ||
+ | [root@ldap ~]# vi /etc/openldap/root.ldif<br> | ||
+ | #1 dn: uid=root,ou=People,dc=adminmart,dc=com<br> | ||
+ | #2 uid: root<br> | ||
+ | #3 cn: Manager<br> | ||
+ | #4 objectClass: account<br> | ||
+ | </code> | ||
+ | <h4>Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)</h4> | ||
+ | <code> | ||
+ | [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif<br> | ||
+ | dn: dc=adminmart,dc=com<br> | ||
+ | dc: adminmart<br> | ||
+ | description: LDAP Admin<br> | ||
+ | objectClass: dcObject<br> | ||
+ | objectClass: organizationalUnit<br> | ||
+ | ou: rootobject<br> | ||
+ | <br> | ||
+ | dn: ou=People, dc=adminmart,dc=com<br> | ||
+ | ou: People<br> | ||
+ | description: Users of adminmart<br> | ||
+ | objectClass: organizationalUnit<br> | ||
+ | </code> | ||
+ | <h4>Step #12. Import all users in to the LDAP</h4> | ||
+ | <b>Add the Domain ldif file </b><br> | ||
+ | <br> | ||
+ | <code> | ||
− | # | + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif<br> |
− | # | + | Enter LDAP Password:<br> |
+ | adding new entry "dc=adminmart,dc=com"<br> | ||
+ | adding new entry "ou=People, dc=adminmart,dc=com"<br> | ||
+ | [root@ldap ~]#<br> | ||
+ | </code><br> | ||
+ | <br> | ||
+ | <b>Add the Users</b><br> | ||
+ | <br> | ||
+ | <code> | ||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif<br> | ||
+ | Enter LDAP Password:<br> | ||
+ | adding new entry "uid=root,ou=People,dc=adminmart,dc=com"<br> | ||
+ | adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"<br> | ||
+ | [root@ldap ~]#<br> | ||
+ | <br> | ||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif<br> | ||
+ | Enter LDAP Password:<br> | ||
+ | adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"<br> | ||
+ | [root@ldap ~]#<br> | ||
+ | <br> | ||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif<br> | ||
+ | Enter LDAP Password:<br> | ||
+ | adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"<br> | ||
+ | [root@ldap ~]#<br> | ||
+ | </code><br> | ||
+ | <b>Note:</b> Repeat the same for the rest of users<br> | ||
− | + | <h4>Step #13. Apply Changes </h4> | |
− | + | <code> | |
− | + | [root@ldap ~]# service ldap restart</code> <br> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | [root@ldap ~]# service ldap restart | ||
− | |||
− | |||
+ | <h4>Step #14. Test LDAP Server</h4> | ||
It prints all the user information<br> | It prints all the user information<br> | ||
− | [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' | + | <br> |
− | + | <code> | |
− | + | [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code> <br> | |
− | + | <br> | |
− | [root@ldapclient ~]# authconfig | + | <br> |
− | + | <h3>LDAP Client Configuration</h3> | |
− | + | <code> | |
− | + | [root@ldapclient ~]# authconfig </code><br> | |
− | + | <b> [*] Use LDAP [*] Use LDAP Authentication </b><br> | |
− | + | <br> | |
− | + | [Both should be checked]<br> | |
− | + | <br> | |
− | + | <b> [ ] Use TLS <br> | |
+ | Server: ldap.adminmart.com<br> | ||
+ | Base DN: dc=adminmart,dc=com<br> | ||
+ | </b><br> | ||
+ | <br> | ||
[[Category:HOWTO]] | [[Category:HOWTO]] |