Difference between revisions of "OpenLDAP Server in container"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(LDAP Client Configuration: fix ( ))
(LDAP Client Configuration: Remove excessive <br>s)
Line 178: Line 178:
 
(Both should be checked)
 
(Both should be checked)
  
:: [ ] Use TLS   <br>
+
:: [ ] Use TLS
:: Server: ldap.adminmart.com<br>
+
:: Server: ldap.adminmart.com
 
:: Base DN: dc=adminmart,dc=com
 
:: Base DN: dc=adminmart,dc=com
  
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]

Revision as of 09:04, 9 April 2008

Step by Step Installation and Configuration OpenLDAP Server

Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E
System name: ldap.adminmart.com
Domain name: adminmart.com
System IP: 192.168.1.212

Note: Use your domain name and IP instead of adminmart

Create container with OpenLDAP

Create a container with the following settings:

  • ctid: 212
  • IP address: 192.168.1.212
  • name: ldap
  • hostname: ldap

Run these commands on the hardware node:

   vzctl create 212 --ostemplate centos-4-i386-minimal
   vzctl set 212 --ipadd 192.168.1.212 --save
   vzctl set 212 --nameserver 202.88.156.6 --save
   vzctl set 212 --onboot yes --save
   vzctl set 212 --userpasswd root:changeme --save
   vzctl set 212 --name ldap --save
   vzctl set 212 --hostname ldap --save
   vzctl start 212
   vzyum 212 install *openldap* -y

Configuration of OpenLDAP Server

Easy steps for adding users:

  1. Create unix user
  2. Create unix user's ldap passwd file
  3. Convert passwd.file to ldif file
  4. Add ldap file to LDAP Directory using ldapadd

Requirements

compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E

You can install them using the command:

   yum install *openldap* -y

Start the service

   [root@ldap ~]# chkconfig --levels 235 ldap on
   [root@ldap ~]# service ldap start 

Create LDAP root user password

   [root@ldap ~]# slappasswd
   New password:
   Re-enter new password:
   {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
   [root@ldap ~]#

Update /etc/openldap/slapd.conf for the root password

   [root@ldap ~]# vi /etc/openldap/slapd.conf
   #68 database bdb
   #69 suffix "dc=adminmart,dc=com"
   #70 rootdn "cn=Manager,dc=adminmart,dc=com"
   #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

Apply Changes

   [root@ldap ~]# service ldap restart

Create test users

   [root@ldap ~]# useradd test1
   [root@ldap ~]# passwd test1
   Changing password for user test1.
   New UNIX password:
   Retype new UNIX password:
   passwd: all authentication tokens updated successfully.
   [root@ldap ~]# useradd test2
   [root@ldap ~]# passwd test2
   Changing password for user test2.
   New UNIX password:
   Retype new UNIX password:
   passwd: all authentication tokens updated successfully.
   [root@ldap ~]#

Note: Repeat the same for the rest of users.

Migrate local users to LDAP

   [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
   [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
   [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2

Note: Repeat the same for the rest of users.

Update default settings on file /usr/share/openldap/migration/migrate_common.ph

   #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
   #74 $DEFAULT_BASE = "dc=adminmart,dc=com";

Convert passwd.file to ldif (LDAP Data Interchange Format) file

   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif

Note: Repeat the same for the rest of users.

Update root.ldif file for the "Manager" of LDAP Server

   [root@ldap ~]# vi /etc/openldap/root.ldif
   #1 dn: uid=root,ou=People,dc=adminmart,dc=com
   #2 uid: root
   #3 cn: Manager
   #4 objectClass: account

Create a domain ldif file (/etc/openldap/adminmart.com.ldif)

   [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
   dn: dc=adminmart,dc=com
   dc: adminmart
   description: LDAP Admin
   objectClass: dcObject
   objectClass: organizationalUnit
   ou: rootobject
   dn: ou=People, dc=adminmart,dc=com
   ou: People
   description: Users of adminmart
   objectClass: organizationalUnit

Import all users in to the LDAP

Add the Domain ldif file:

   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
   Enter LDAP Password:
   adding new entry "dc=adminmart,dc=com"
   adding new entry "ou=People, dc=adminmart,dc=com"
   [root@ldap ~]#

Add the Users:

   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
   Enter LDAP Password:
   adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
   adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#
   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
   Enter LDAP Password:
   adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#
   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
   Enter LDAP Password:
   adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#

Note: Repeat the same for the rest of users.

Apply Changes

   [root@ldap ~]# service ldap restart

Test LDAP Server

It prints all the user information

   [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'

LDAP Client Configuration

   [root@ldapclient ~]# authconfig
[*] Use LDAP [*] Use LDAP Authentication

(Both should be checked)

[ ] Use TLS
Server: ldap.adminmart.com
Base DN: dc=adminmart,dc=com