Difference between revisions of "OpenLDAP Server in container"
(→Create a domain ldif file (/etc/openldap/adminmart.com.ldif)) |
|||
(8 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | + | Step by Step Installation and Configuration OpenLDAP Server | |
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br> | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br> | ||
Line 5: | Line 5: | ||
Domain name: adminmart.com<br> | Domain name: adminmart.com<br> | ||
System IP: 192.168.1.212<br> | System IP: 192.168.1.212<br> | ||
− | |||
− | |||
− | |||
− | + | '''Note:''' Use your domain name and IP instead of adminmart | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | == Create container with OpenLDAP == | |
− | + | Create a container with the following settings: | |
− | [root@ldap ~]# chkconfig --levels 235 ldap on | + | * ctid: 212 |
+ | * IP address: 192.168.1.212 | ||
+ | * name: ldap | ||
+ | * hostname: ldap | ||
+ | |||
+ | Run these commands on the hardware node: | ||
+ | |||
+ | vzctl create 212 --ostemplate centos-4-i386-minimal | ||
+ | vzctl set 212 --ipadd 192.168.1.212 --save | ||
+ | vzctl set 212 --nameserver 202.88.156.6 --save | ||
+ | vzctl set 212 --onboot yes --save | ||
+ | vzctl set 212 --userpasswd root:changeme --save | ||
+ | vzctl set 212 --name ldap --save | ||
+ | vzctl set 212 --hostname ldap --save | ||
+ | vzctl start 212 | ||
+ | vzyum 212 install *openldap* -y | ||
+ | |||
+ | == Configuration of OpenLDAP Server == | ||
+ | Easy steps for adding users: | ||
+ | # Create unix user | ||
+ | # Create unix user's ldap passwd file | ||
+ | # Convert passwd.file to ldif file | ||
+ | # Add ldap file to LDAP Directory using ldapadd | ||
+ | |||
+ | === Requirements === | ||
+ | compat-openldap.i386 0:2.1.30-6.4E | ||
+ | openldap-clients.i386 0:2.2.13-6.4E | ||
+ | openldap-devel.i386 0:2.2.13-6.4E | ||
+ | openldap-servers.i386 0:2.2.13-6.4E | ||
+ | openldap-servers-sql.i386 0:2.2.13-6.4E | ||
+ | |||
+ | You can install them using the command: | ||
+ | |||
+ | yum install *openldap* -y | ||
+ | |||
+ | === Start the service === | ||
+ | |||
+ | [root@ldap ~]# chkconfig --levels 235 ldap on | ||
[root@ldap ~]# service ldap start <br> | [root@ldap ~]# service ldap start <br> | ||
− | + | ||
− | + | === Create LDAP root user password === | |
− | + | ||
− | [root@ldap ~]# slappasswd | + | [root@ldap ~]# slappasswd |
− | New password: | + | New password: |
− | Re-enter new password: | + | Re-enter new password: |
− | {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW | + | {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW |
[root@ldap ~]# | [root@ldap ~]# | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | === Update /etc/openldap/slapd.conf for the root password === | |
− | + | ||
+ | [root@ldap ~]# vi /etc/openldap/slapd.conf | ||
+ | #68 database bdb | ||
+ | #69 suffix "dc=adminmart,dc=com" | ||
+ | #70 rootdn "cn=Manager,dc=adminmart,dc=com" | ||
+ | #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW | ||
+ | |||
+ | === Apply Changes === | ||
+ | |||
[root@ldap ~]# service ldap restart | [root@ldap ~]# service ldap restart | ||
− | |||
− | + | === Create test users === | |
− | + | ||
− | [root@ldap ~]# useradd test1 | + | [root@ldap ~]# useradd test1 |
− | [root@ldap ~]# passwd test1 | + | [root@ldap ~]# passwd test1 |
− | Changing password for user test1. | + | Changing password for user test1. |
− | New UNIX password: | + | New UNIX password: |
− | Retype new UNIX password: | + | Retype new UNIX password: |
− | passwd: all authentication tokens updated successfully. | + | passwd: all authentication tokens updated successfully. |
− | [root@ldap ~]# useradd test2 | + | [root@ldap ~]# useradd test2 |
− | [root@ldap ~]# passwd test2 | + | [root@ldap ~]# passwd test2 |
− | Changing password for user test2. | + | Changing password for user test2. |
− | New UNIX password: | + | New UNIX password: |
− | Retype new UNIX password: | + | Retype new UNIX password: |
− | passwd: all authentication tokens updated successfully. | + | passwd: all authentication tokens updated successfully. |
− | [root@ldap ~]# | + | [root@ldap ~]# |
− | + | ||
− | + | '''Note:''' Repeat the same for the rest of users. | |
− | + | === Migrate local users to LDAP === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root | |
− | # | + | [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 |
− | # | + | [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2 |
− | + | '''Note:''' Repeat the same for the rest of users. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | === Update default settings on file /usr/share/openldap/migration/migrate_common.ph === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com"; | |
− | + | #74 $DEFAULT_BASE = "dc=adminmart,dc=com"; | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | === Convert passwd.file to ldif (LDAP Data Interchange Format) file === | |
− | + | ||
− | [root@ldap ~]# service ldap restart | + | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif |
+ | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif | ||
+ | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif | ||
+ | |||
+ | '''Note:''' Repeat the same for the rest of users. | ||
+ | |||
+ | === Update root.ldif file for the "Manager" of LDAP Server === | ||
+ | |||
+ | [root@ldap ~]# vi /etc/openldap/root.ldif | ||
+ | #1 dn: uid=root,ou=People,dc=adminmart,dc=com | ||
+ | #2 uid: root | ||
+ | #3 cn: Manager | ||
+ | #4 objectClass: account | ||
+ | |||
+ | === Create a domain ldif file (/etc/openldap/adminmart.com.ldif) === | ||
+ | |||
+ | [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif | ||
+ | dn: dc=adminmart,dc=com | ||
+ | dc: adminmart | ||
+ | description: LDAP Admin | ||
+ | objectClass: dcObject | ||
+ | objectClass: organizationalUnit | ||
+ | ou: rootobject | ||
+ | |||
+ | dn: ou=People, dc=adminmart,dc=com | ||
+ | ou: People | ||
+ | description: Users of adminmart | ||
+ | objectClass: organizationalUnit | ||
+ | |||
+ | === Import all users in to the LDAP === | ||
+ | |||
+ | Add the Domain ldif file: | ||
+ | |||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif | ||
+ | Enter LDAP Password: | ||
+ | adding new entry "dc=adminmart,dc=com" | ||
+ | adding new entry "ou=People, dc=adminmart,dc=com" | ||
+ | [root@ldap ~]# | ||
+ | |||
+ | Add the Users: | ||
+ | |||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif | ||
+ | Enter LDAP Password: | ||
+ | adding new entry "uid=root,ou=People,dc=adminmart,dc=com" | ||
+ | adding new entry "uid=operator,ou=People,dc=adminmart,dc=com" | ||
+ | [root@ldap ~]# | ||
+ | |||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif | ||
+ | Enter LDAP Password: | ||
+ | adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" | ||
+ | [root@ldap ~]# | ||
+ | |||
+ | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif | ||
+ | Enter LDAP Password: | ||
+ | adding new entry "uid=test2,ou=People,dc=adminmart,dc=com" | ||
+ | [root@ldap ~]# | ||
+ | |||
+ | '''Note:''' Repeat the same for the rest of users. | ||
+ | |||
+ | === Apply Changes === | ||
+ | |||
+ | [root@ldap ~]# service ldap restart | ||
+ | |||
+ | === Test LDAP Server === | ||
− | |||
It prints all the user information<br> | It prints all the user information<br> | ||
− | + | [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' | |
− | + | ||
− | [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' | + | == LDAP Client Configuration == |
− | + | ||
− | + | [root@ldapclient ~]# authconfig | |
− | + | ||
− | + | :: [*] Use LDAP [*] Use LDAP Authentication | |
− | [root@ldapclient ~]# authconfig | + | (Both should be checked) |
− | + | ||
− | + | :: [ ] Use TLS | |
− | + | :: Server: ldap.adminmart.com | |
− | + | :: Base DN: dc=adminmart,dc=com | |
− | + | ||
− | |||
− | |||
− | |||
− | |||
[[Category:HOWTO]] | [[Category:HOWTO]] |
Latest revision as of 06:51, 31 March 2010
Step by Step Installation and Configuration OpenLDAP Server
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E
System name: ldap.adminmart.com
Domain name: adminmart.com
System IP: 192.168.1.212
Note: Use your domain name and IP instead of adminmart
Contents
- 1 Create container with OpenLDAP
- 2 Configuration of OpenLDAP Server
- 2.1 Requirements
- 2.2 Start the service
- 2.3 Create LDAP root user password
- 2.4 Update /etc/openldap/slapd.conf for the root password
- 2.5 Apply Changes
- 2.6 Create test users
- 2.7 Migrate local users to LDAP
- 2.8 Update default settings on file /usr/share/openldap/migration/migrate_common.ph
- 2.9 Convert passwd.file to ldif (LDAP Data Interchange Format) file
- 2.10 Update root.ldif file for the "Manager" of LDAP Server
- 2.11 Create a domain ldif file (/etc/openldap/adminmart.com.ldif)
- 2.12 Import all users in to the LDAP
- 2.13 Apply Changes
- 2.14 Test LDAP Server
- 3 LDAP Client Configuration
Create container with OpenLDAP[edit]
Create a container with the following settings:
- ctid: 212
- IP address: 192.168.1.212
- name: ldap
- hostname: ldap
Run these commands on the hardware node:
vzctl create 212 --ostemplate centos-4-i386-minimal vzctl set 212 --ipadd 192.168.1.212 --save vzctl set 212 --nameserver 202.88.156.6 --save vzctl set 212 --onboot yes --save vzctl set 212 --userpasswd root:changeme --save vzctl set 212 --name ldap --save vzctl set 212 --hostname ldap --save vzctl start 212 vzyum 212 install *openldap* -y
Configuration of OpenLDAP Server[edit]
Easy steps for adding users:
- Create unix user
- Create unix user's ldap passwd file
- Convert passwd.file to ldif file
- Add ldap file to LDAP Directory using ldapadd
Requirements[edit]
compat-openldap.i386 0:2.1.30-6.4E openldap-clients.i386 0:2.2.13-6.4E openldap-devel.i386 0:2.2.13-6.4E openldap-servers.i386 0:2.2.13-6.4E openldap-servers-sql.i386 0:2.2.13-6.4E
You can install them using the command:
yum install *openldap* -y
Start the service[edit]
[root@ldap ~]# chkconfig --levels 235 ldap on [root@ldap ~]# service ldap start
Create LDAP root user password[edit]
[root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW [root@ldap ~]#
Update /etc/openldap/slapd.conf for the root password[edit]
[root@ldap ~]# vi /etc/openldap/slapd.conf #68 database bdb #69 suffix "dc=adminmart,dc=com" #70 rootdn "cn=Manager,dc=adminmart,dc=com" #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
Apply Changes[edit]
[root@ldap ~]# service ldap restart
Create test users[edit]
[root@ldap ~]# useradd test1 [root@ldap ~]# passwd test1 Changing password for user test1. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# useradd test2 [root@ldap ~]# passwd test2 Changing password for user test2. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]#
Note: Repeat the same for the rest of users.
Migrate local users to LDAP[edit]
[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
Note: Repeat the same for the rest of users.
[edit]
#71 $DEFAULT_MAIL_DOMAIN = "adminmart.com"; #74 $DEFAULT_BASE = "dc=adminmart,dc=com";
Convert passwd.file to ldif (LDAP Data Interchange Format) file[edit]
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
Note: Repeat the same for the rest of users.
Update root.ldif file for the "Manager" of LDAP Server[edit]
[root@ldap ~]# vi /etc/openldap/root.ldif #1 dn: uid=root,ou=People,dc=adminmart,dc=com #2 uid: root #3 cn: Manager #4 objectClass: account
Create a domain ldif file (/etc/openldap/adminmart.com.ldif)[edit]
[root@ldap ~]# cat /etc/openldap/adminmart.com.ldif dn: dc=adminmart,dc=com dc: adminmart description: LDAP Admin objectClass: dcObject objectClass: organizationalUnit ou: rootobject dn: ou=People, dc=adminmart,dc=com ou: People description: Users of adminmart objectClass: organizationalUnit
Import all users in to the LDAP[edit]
Add the Domain ldif file:
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif Enter LDAP Password: adding new entry "dc=adminmart,dc=com" adding new entry "ou=People, dc=adminmart,dc=com" [root@ldap ~]#
Add the Users:
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif Enter LDAP Password: adding new entry "uid=root,ou=People,dc=adminmart,dc=com" adding new entry "uid=operator,ou=People,dc=adminmart,dc=com" [root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif Enter LDAP Password: adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" [root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif Enter LDAP Password: adding new entry "uid=test2,ou=People,dc=adminmart,dc=com" [root@ldap ~]#
Note: Repeat the same for the rest of users.
Apply Changes[edit]
[root@ldap ~]# service ldap restart
Test LDAP Server[edit]
It prints all the user information
[root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'
LDAP Client Configuration[edit]
[root@ldapclient ~]# authconfig
- [*] Use LDAP [*] Use LDAP Authentication
(Both should be checked)
- [ ] Use TLS
- Server: ldap.adminmart.com
- Base DN: dc=adminmart,dc=com