Editing OpenLDAP Server in container
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | Step by Step Installation and Configuration OpenLDAP Server | + | <h3>Step by Step Installation and Configuration OpenLDAP Server</h3> |
− | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E | + | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E |
− | System name: ldap.adminmart.com | + | System name: ldap.adminmart.com |
− | Domain name: adminmart.com | + | Domain name: adminmart.com |
− | System IP: 192.168.1.212 | + | System IP: 192.168.1.212 |
− | + | Note: Use your domain name and IP instead of adminmart | |
− | + | Easy steps for adding users: | |
− | Create | + | 1. Create unix user |
− | + | 2. Create unix user's ldap passwd file | |
− | + | 3. Convert passwd.file to ldif file | |
− | + | 4. Add ldap file to LDAP Directory using ldapadd | |
− | |||
− | |||
− | |||
− | + | Step #1. Requirements | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | compat-openldap.i386 0:2.1.30-6.4E | |
− | + | openldap-clients.i386 0:2.2.13-6.4E | |
− | + | openldap-devel.i386 0:2.2.13-6.4E | |
− | + | openldap-servers.i386 0:2.2.13-6.4E | |
− | + | openldap-servers-sql.i386 0:2.2.13-6.4E | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
You can install them using the command: | You can install them using the command: | ||
− | + | yum install *openldap* -y | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Step #2. Start the service | |
− | |||
− | |||
− | + | <code>[root@ldap ~]# chkconfig --levels 235 ldap on | |
+ | [root@ldap ~]# service ldap start | ||
+ | </code> | ||
+ | Step #3. Create LDAP root user password | ||
− | + | <code>[root@ldap ~]# slappasswd | |
+ | New password: | ||
+ | Re-enter new password: | ||
+ | {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW | ||
+ | [root@ldap ~]#</code> | ||
+ | Step #4. Update /etc/openldap/slapd.conf for the root password | ||
− | + | <code>[root@ldap ~]# vi /etc/openldap/slapd.conf | |
− | + | #68 database bdb | |
+ | #69 suffix "dc=adminmart,dc=com" | ||
+ | #70 rootdn "cn=Manager,dc=adminmart,dc=com" | ||
+ | #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code> | ||
+ | Step #5. Apply Changes | ||
− | + | <code>[root@ldap ~]# service ldap restart</code> | |
+ | Step #6. Create test users | ||
− | + | <code>[root@ldap ~]# useradd test1 | |
− | + | [root@ldap ~]# passwd test1 | |
− | + | Changing password for user test1. | |
+ | New UNIX password: | ||
+ | Retype new UNIX password: | ||
+ | passwd: all authentication tokens updated successfully. | ||
+ | [root@ldap ~]# useradd test2 | ||
+ | [root@ldap ~]# passwd test2 | ||
+ | Changing password for user test2. | ||
+ | New UNIX password: | ||
+ | Retype new UNIX password: | ||
+ | passwd: all authentication tokens updated successfully. | ||
+ | [root@ldap ~]# | ||
+ | </code> | ||
+ | Note: Repeat the same for the rest of users | ||
+ | Step #7. Migrate local users to LDAP | ||
− | + | <code>[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root | |
+ | [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 | ||
+ | [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2 | ||
+ | </code> | ||
+ | Note: Repeat the same for the rest of users | ||
+ | Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph | ||
− | === | + | #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com"; |
+ | #74 $DEFAULT_BASE = "dc=adminmart,dc=com"; | ||
+ | Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file | ||
− | + | <code>[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif | |
− | + | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif | |
− | + | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif | |
− | + | </code> | |
− | + | Note: Repeat the same for the rest of users | |
+ | Step #10. Update root.ldif file for the "Manager" of LDAP Server | ||
− | + | [root@ldap ~]# vi /etc/openldap/root.ldif | |
+ | #1 dn: uid=root,ou=People,dc=adminmart,dc=com | ||
+ | #2 uid: root | ||
+ | #3 cn: Manager | ||
+ | #4 objectClass: account | ||
− | + | Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif) | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == | + | [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif |
+ | dn: dc=adminmart,dc=com | ||
+ | dc: adminmart | ||
+ | description: LDAP Admin | ||
+ | objectClass: dcObject | ||
+ | objectClass: organizationalUnit | ||
+ | ou: rootobject | ||
− | + | dn: ou=People, dc=adminmart,dc=com | |
+ | ou: People | ||
+ | description: Users of adminmart | ||
+ | objectClass: organizationalUnit | ||
− | + | Step #12. Import all users in to the LDAP | |
− | |||
− | |||
− | |||
− | |||
− | Add the | + | Add the Domain ldif file |
− | + | <code>[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif | |
− | + | Enter LDAP Password: | |
− | + | adding new entry "dc=adminmart,dc=com" | |
− | + | adding new entry "ou=People, dc=adminmart,dc=com" | |
− | + | [root@ldap ~]# | |
+ | </code> | ||
− | + | Add the Users | |
− | |||
− | |||
− | |||
− | + | <code>[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif | |
− | + | Enter LDAP Password: | |
− | + | adding new entry "uid=root,ou=People,dc=adminmart,dc=com" | |
− | + | adding new entry "uid=operator,ou=People,dc=adminmart,dc=com" | |
+ | [root@ldap ~]# | ||
− | + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif | |
+ | Enter LDAP Password: | ||
+ | adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" | ||
+ | [root@ldap ~]# | ||
− | === | + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif |
+ | Enter LDAP Password: | ||
+ | adding new entry "uid=test2,ou=People,dc=adminmart,dc=com" | ||
+ | [root@ldap ~]# | ||
− | + | </code> | |
+ | Note: Repeat the same for the rest of users | ||
− | + | Step #13. Apply Changes | |
− | + | <code>[root@ldap ~]# service ldap restart</code> | |
− | |||
− | + | Step #14. Test LDAP Server | |
+ | It prints all the user information | ||
− | + | <code>[root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code> | |
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:HOWTO]] | [[Category:HOWTO]] |