Difference between revisions of "OpenLDAP Server in container"
|  (New page: <h3>Step by Step Installation and Configuration OpenLDAP Server</h3>  Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E System name: ldap.adminmart.com Domain name: adminmart.com System IP: 1...) | |||
| Line 1: | Line 1: | ||
| <h3>Step by Step Installation and Configuration OpenLDAP Server</h3> | <h3>Step by Step Installation and Configuration OpenLDAP Server</h3> | ||
| − | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E | + | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br> | 
| − | System name: ldap.adminmart.com | + | System name: ldap.adminmart.com<br> | 
| − | Domain name: adminmart.com | + | Domain name: adminmart.com<br> | 
| − | System IP: 192.168.1.212 | + | System IP: 192.168.1.212<br> | 
| + | <br> | ||
| + | <b>Note:</b> Use your domain name and IP instead of adminmart<br> | ||
| + | <br> | ||
| − | + | <h3>Create VPS with OpenLDAP</h3> | |
| − | + | Create, Install vps with the following information<br> | |
| − | + | - vpsid  : 212<br> | |
| − | 1.  | + | - vpsip  : 192.168.1.212<br> | 
| − | + | - vpsname : ldap<br> | |
| − | + | - vpshostname : ldap<br> | |
| − | + | <br> | |
| − | + | <b>Note:</b> Please run these commands on hardware node<br> | |
| − | + | <code> | |
| − | + |     vzctl create 212 --ostemplate centos-4-i386-minimal<br> | |
| − | + |     vzctl set 212 --ipadd 192.168.1.212 --save<br> | |
| − | + |     vzctl set 212 --nameserver 202.88.156.6 --save<br> | |
| − | + |     vzctl set 212 --onboot yes --save<br> | |
| − | + |     vzctl set 212 --userpasswd root:changeme --save<br> | |
| − | + |     vzctl set 212 --name ldap --save<br> | |
| − | + |     vzctl set 212 --hostname ldap --save<br> | |
| − | + |     vzctl start 212<br> | |
| − | + |     vzyum 212 install *openldap* -y<br> | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | < | ||
| − | |||
| − | < | ||
| − | |||
| − | |||
| − | < | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | < | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| </code> | </code> | ||
| − | + | <h3>Configuration of OpenLDAP Server</h3> | |
| − | Step # | + | <b>Easy steps for adding users:</b> | 
| + | 1. Create unix user<br> | ||
| + | 2. Create unix user's ldap passwd file<br> | ||
| + | 3. Convert passwd.file to ldif file<br> | ||
| + | 4. Add ldap file to LDAP Directory using ldapadd<br> | ||
| + | <h4>Step #1. Requirements</h4> | ||
| + | compat-openldap.i386 0:2.1.30-6.4E<br> | ||
| + | openldap-clients.i386 0:2.2.13-6.4E<br> | ||
| + | openldap-devel.i386 0:2.2.13-6.4E<br> | ||
| + | openldap-servers.i386 0:2.2.13-6.4E<br> | ||
| + | openldap-servers-sql.i386 0:2.2.13-6.4E<br> | ||
| + | <br> | ||
| + | <br> | ||
| + | You can install them using the command:<br> | ||
| + | <br> | ||
| + |     yum install *openldap* -y <br> | ||
| − | < | + | <h4>Step #2. Start the service</h4> | 
| − | [root@ldap ~]#  | + | <code> | 
| − | [root@ldap ~]#  | + |     [root@ldap ~]# chkconfig --levels 235 ldap on<br> | 
| + |     [root@ldap ~]# service ldap start <br> | ||
| </code> | </code> | ||
| − | + | <h4>Step #3. Create LDAP root user password</h4> | |
| − | Step # | + | <code> | 
| − | + |     [root@ldap ~]# slappasswd<br> | |
| − | + |     New password:<br> | |
| − | + |     Re-enter new password:<br> | |
| − | + |     {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW<br> | |
| − | + |     [root@ldap ~]# | |
| − | <code>[root@ldap ~]#  | ||
| − | |||
| − | [root@ldap ~]#  | ||
| </code> | </code> | ||
| − | + | ||
| − | Step # | + | <h4>Step #4. Update /etc/openldap/slapd.conf for the root password</h4> | 
| + | <code> | ||
| + |     [root@ldap ~]# vi /etc/openldap/slapd.conf<br> | ||
| + |     #68 database bdb<br> | ||
| + |     #69 suffix "dc=adminmart,dc=com"<br> | ||
| + |     #70 rootdn "cn=Manager,dc=adminmart,dc=com"<br> | ||
| + |     #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code> | ||
| − | + | <h4>Step #5. Apply Changes</h4> | |
| − | + | <code> | |
| − | + |     [root@ldap ~]# service ldap restart | |
| − | |||
| − | |||
| − | |||
| − | Step # | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | <code>[root@ldap ~]#  | ||
| − | |||
| − | |||
| − | |||
| − | |||
| </code> | </code> | ||
| − | + | <h4>Step #6. Create test users</h4> | |
| + | <code> | ||
| + |     [root@ldap ~]# useradd test1<br> | ||
| + |     [root@ldap ~]# passwd test1<br> | ||
| + |     Changing password for user test1.<br> | ||
| + |     New UNIX password:<br> | ||
| + |     Retype new UNIX password:<br> | ||
| + |     passwd: all authentication tokens updated successfully.<br> | ||
| + |     [root@ldap ~]# useradd test2<br> | ||
| + |     [root@ldap ~]# passwd test2<br> | ||
| + |     Changing password for user test2.<br> | ||
| + |     New UNIX password:<br> | ||
| + |     Retype new UNIX password:<br> | ||
| + |     passwd: all authentication tokens updated successfully.<br> | ||
| + |     [root@ldap ~]#<br> | ||
| + |     </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users <br> | ||
| − | <code>[root@ldap ~]#  | + | <h4>Step #7. Migrate local users to LDAP</h4> | 
| − | + | <code> | |
| − | + |     [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root<br> | |
| − | + |     [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1<br> | |
| − | [root@ldap ~]# | + |     [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2<br> | 
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users<br> | ||
| − | + | <h4>Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph</h4> | |
| − | + |     #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";<br> | |
| − | + |     #74 $DEFAULT_BASE = "dc=adminmart,dc=com";<br> | |
| − | |||
| − | [root@ldap ~]#  | + | <h4>Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file </h4> | 
| − | + | <code> | |
| − | + |     [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif<br> | |
| − | [root@ldap ~]# | + |     [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif<br> | 
| + |     [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif<br> | ||
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users<br> | ||
| + | <h4>Step #10. Update root.ldif file for the "Manager" of LDAP Server </h4> | ||
| + | <code> | ||
| + |     [root@ldap ~]# vi /etc/openldap/root.ldif<br> | ||
| + |     #1 dn: uid=root,ou=People,dc=adminmart,dc=com<br> | ||
| + |     #2 uid: root<br> | ||
| + |     #3 cn: Manager<br> | ||
| + |     #4 objectClass: account<br> | ||
| </code> | </code> | ||
| − | + | <h4>Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)</h4> | |
| − | + | <code> | |
| − | Step # | + |     [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif<br> | 
| − | + |     dn: dc=adminmart,dc=com<br> | |
| − | <code>[root@ldap ~]#  | + |     dc: adminmart<br> | 
| − | + |     description: LDAP Admin<br> | |
| − | + |     objectClass: dcObject<br> | |
| − | + |     objectClass: organizationalUnit<br> | |
| − | + |     ou: rootobject<br> | |
| − | < | + |     <br> | 
| + |     dn: ou=People, dc=adminmart,dc=com<br> | ||
| + |     ou: People<br> | ||
| + |     description: Users of adminmart<br> | ||
| + |     objectClass: organizationalUnit<br> | ||
| + | </code>     | ||
| + | <h4>Step #12. Import all users in to the LDAP</h4> | ||
| + | <b>Add the Domain ldif file </b><br> | ||
| + | <br> | ||
| + | <code> | ||
| + |     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif<br> | ||
| + |     Enter LDAP Password:<br> | ||
| + |     adding new entry "dc=adminmart,dc=com"<br> | ||
| + |     adding new entry "ou=People, dc=adminmart,dc=com"<br> | ||
| + |     [root@ldap ~]#<br> | ||
| + | </code><br> | ||
| + | <br> | ||
| + | <b>Add the Users</b><br> | ||
| + | <br> | ||
| + | <code> | ||
| + |     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif<br> | ||
| + |     Enter LDAP Password:<br> | ||
| + |     adding new entry "uid=root,ou=People,dc=adminmart,dc=com"<br> | ||
| + |     adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"<br> | ||
| + |     [root@ldap ~]#<br> | ||
| + |     <br> | ||
| + |     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif<br> | ||
| + |     Enter LDAP Password:<br> | ||
| + |     adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"<br> | ||
| + |     [root@ldap ~]#<br> | ||
| + |     <br> | ||
| + |     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif<br> | ||
| + |     Enter LDAP Password:<br> | ||
| + |     adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"<br> | ||
| + |     [root@ldap ~]#<br> | ||
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users<br> | ||
| + | <h4>Step #13. Apply Changes </h4> | ||
| + | <code> | ||
| + |     [root@ldap ~]# service ldap restart</code> <br> | ||
| + | <h4>Step #14. Test LDAP Server</h4> | ||
| + | It prints all the user information<br> | ||
| + | <br> | ||
| + | <code> | ||
| + |     [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code> <br> | ||
| + | <br> | ||
| + | <br> | ||
| + | <h3>LDAP Client Configuration</h3> | ||
| + | <code>	 | ||
| + |     [root@ldapclient ~]# authconfig </code><br> | ||
| + | <b>		[*] Use LDAP	 [*] Use LDAP Authentication </b><br> | ||
| + | 	<br> | ||
| + | 	[Both should be checked]<br> | ||
| + | 	<br> | ||
| + | <b>		[ ] Use TLS    <br> | ||
| + | 		Server: ldap.adminmart.com<br> | ||
| + | 		Base DN: dc=adminmart,dc=com<br> | ||
| + | </b><br> | ||
| + | <br> | ||
| [[Category:HOWTO]] | [[Category:HOWTO]] | ||
Revision as of 19:42, 10 February 2007
Contents
- 1 Step by Step Installation and Configuration OpenLDAP Server
- 2 Create VPS with OpenLDAP
- 3 Configuration of OpenLDAP Server
- 3.1 Step #1. Requirements
- 3.2 Step #2. Start the service
- 3.3 Step #3. Create LDAP root user password
- 3.4 Step #4. Update /etc/openldap/slapd.conf for the root password
- 3.5 Step #5. Apply Changes
- 3.6 Step #6. Create test users
- 3.7 Step #7. Migrate local users to LDAP
- 3.8 Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph
- 3.9 Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file
- 3.10 Step #10. Update root.ldif file for the "Manager" of LDAP Server
- 3.11 Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)
- 3.12 Step #12. Import all users in to the LDAP
- 3.13 Step #13. Apply Changes
- 3.14 Step #14. Test LDAP Server
 
- 4 LDAP Client Configuration
Step by Step Installation and Configuration OpenLDAP Server
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E
System name: ldap.adminmart.com
Domain name: adminmart.com
System IP: 192.168.1.212
Note: Use your domain name and IP instead of adminmart
Create VPS with OpenLDAP
Create, Install vps with the following information
- vpsid  : 212
- vpsip  : 192.168.1.212
- vpsname : ldap
- vpshostname : ldap
Note: Please run these commands on hardware node
   vzctl create 212 --ostemplate centos-4-i386-minimal
   vzctl set 212 --ipadd 192.168.1.212 --save
   vzctl set 212 --nameserver 202.88.156.6 --save
   vzctl set 212 --onboot yes --save
   vzctl set 212 --userpasswd root:changeme --save
   vzctl set 212 --name ldap --save
   vzctl set 212 --hostname ldap --save
   vzctl start 212
   vzyum 212 install *openldap* -y
Configuration of OpenLDAP Server
Easy steps for adding users:
1. Create unix user
2. Create unix user's ldap passwd file
3. Convert passwd.file to ldif file
4. Add ldap file to LDAP Directory using ldapadd
Step #1. Requirements
compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E
You can install them using the command:
yum install *openldap* -y
Step #2. Start the service
   [root@ldap ~]# chkconfig --levels 235 ldap on
   [root@ldap ~]# service ldap start 
Step #3. Create LDAP root user password
   [root@ldap ~]# slappasswd
   New password:
   Re-enter new password:
   {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
   [root@ldap ~]#
Step #4. Update /etc/openldap/slapd.conf for the root password
   [root@ldap ~]# vi /etc/openldap/slapd.conf
   #68 database bdb
   #69 suffix "dc=adminmart,dc=com"
   #70 rootdn "cn=Manager,dc=adminmart,dc=com"
   #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
Step #5. Apply Changes
   [root@ldap ~]# service ldap restart
Step #6. Create test users
[root@ldap ~]# useradd test1
[root@ldap ~]# passwd test1
Changing password for user test1.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ldap ~]# useradd test2
[root@ldap ~]# passwd test2
Changing password for user test2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ldap ~]#
Note: Repeat the same for the rest of users 
Step #7. Migrate local users to LDAP
   [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
   [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
   [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
Note: Repeat the same for the rest of users
#71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
#74 $DEFAULT_BASE = "dc=adminmart,dc=com";
Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
Note: Repeat the same for the rest of users
Step #10. Update root.ldif file for the "Manager" of LDAP Server
   [root@ldap ~]# vi /etc/openldap/root.ldif
   #1 dn: uid=root,ou=People,dc=adminmart,dc=com
   #2 uid: root
   #3 cn: Manager
   #4 objectClass: account
Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)
   [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
   dn: dc=adminmart,dc=com
   dc: adminmart
   description: LDAP Admin
   objectClass: dcObject
   objectClass: organizationalUnit
   ou: rootobject
   
   dn: ou=People, dc=adminmart,dc=com
   ou: People
   description: Users of adminmart
   objectClass: organizationalUnit
    
Step #12. Import all users in to the LDAP
Add the Domain ldif file 
   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
   Enter LDAP Password:
   adding new entry "dc=adminmart,dc=com"
   adding new entry "ou=People, dc=adminmart,dc=com"
   [root@ldap ~]#
Add the Users
   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
   Enter LDAP Password:
   adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
   adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#
   
   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
   Enter LDAP Password:
   adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#
   
   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
   Enter LDAP Password:
   adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#
Note: Repeat the same for the rest of users
Step #13. Apply Changes
[root@ldap ~]# service ldap restart
Step #14. Test LDAP Server
It prints all the user information
[root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'
LDAP Client Configuration
	
[root@ldapclient ~]# authconfig
		[*] Use LDAP	 [*] Use LDAP Authentication 
	
	[Both should be checked]
	
		[ ] Use TLS    
		Server: ldap.adminmart.com
		Base DN: dc=adminmart,dc=com
