Open main menu

OpenVZ Virtuozzo Containers Wiki β

Editing OpenLDAP Server in container

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 1: Line 1:
Step by Step Installation and Configuration OpenLDAP Server
+
<h3>Step by Step Installation and Configuration OpenLDAP Server</h3>
  
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br>
+
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E
System name: ldap.adminmart.com<br>
+
System name: ldap.adminmart.com
Domain name: adminmart.com<br>
+
Domain name: adminmart.com
System IP: 192.168.1.212<br>
+
System IP: 192.168.1.212
  
'''Note:''' Use your domain name and IP instead of adminmart
+
Note: Use your domain name and IP instead of adminmart
  
== Create container with OpenLDAP ==
+
Easy steps for adding users:
Create a container with the following settings:
+
1. Create unix user
* ctid: 212
+
2. Create unix user's ldap passwd file
* IP address: 192.168.1.212
+
3. Convert passwd.file to ldif file
* name: ldap
+
4. Add ldap file to LDAP Directory using ldapadd
* hostname: ldap
 
 
 
Run these commands on the hardware node:
 
  
    vzctl create 212 --ostemplate centos-4-i386-minimal
+
Step #1. Requirements
    vzctl set 212 --ipadd 192.168.1.212 --save
 
    vzctl set 212 --nameserver 202.88.156.6 --save
 
    vzctl set 212 --onboot yes --save
 
    vzctl set 212 --userpasswd root:changeme --save
 
    vzctl set 212 --name ldap --save
 
    vzctl set 212 --hostname ldap --save
 
    vzctl start 212
 
    vzyum 212 install *openldap* -y
 
  
== Configuration of OpenLDAP Server ==
+
compat-openldap.i386 0:2.1.30-6.4E
Easy steps for adding users:
+
openldap-clients.i386 0:2.2.13-6.4E
# Create unix user
+
openldap-devel.i386 0:2.2.13-6.4E
# Create unix user's ldap passwd file
+
openldap-servers.i386 0:2.2.13-6.4E
# Convert passwd.file to ldif file
+
openldap-servers-sql.i386 0:2.2.13-6.4E
# Add ldap file to LDAP Directory using ldapadd
 
  
=== Requirements ===
 
compat-openldap.i386 0:2.1.30-6.4E
 
openldap-clients.i386 0:2.2.13-6.4E
 
openldap-devel.i386 0:2.2.13-6.4E
 
openldap-servers.i386 0:2.2.13-6.4E
 
openldap-servers-sql.i386 0:2.2.13-6.4E
 
  
 
You can install them using the command:
 
You can install them using the command:
  
    yum install *openldap* -y
+
yum install *openldap* -y  
 
 
=== Start the service ===
 
 
 
    [root@ldap ~]# chkconfig --levels 235 ldap on
 
    [root@ldap ~]# service ldap start <br>
 
 
 
=== Create LDAP root user password ===
 
 
 
    [root@ldap ~]# slappasswd
 
    New password:
 
    Re-enter new password:
 
    {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
 
    [root@ldap ~]#
 
 
 
=== Update /etc/openldap/slapd.conf for the root password ===
 
 
 
    [root@ldap ~]# vi /etc/openldap/slapd.conf
 
    #68 database bdb
 
    #69 suffix "dc=adminmart,dc=com"
 
    #70 rootdn "cn=Manager,dc=adminmart,dc=com"
 
    #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
 
 
 
=== Apply Changes ===
 
 
 
    [root@ldap ~]# service ldap restart
 
 
 
=== Create test users ===
 
 
 
    [root@ldap ~]# useradd test1
 
    [root@ldap ~]# passwd test1
 
    Changing password for user test1.
 
    New UNIX password:
 
    Retype new UNIX password:
 
    passwd: all authentication tokens updated successfully.
 
    [root@ldap ~]# useradd test2
 
    [root@ldap ~]# passwd test2
 
    Changing password for user test2.
 
    New UNIX password:
 
    Retype new UNIX password:
 
    passwd: all authentication tokens updated successfully.
 
    [root@ldap ~]#
 
 
 
'''Note:''' Repeat the same for the rest of users.
 
  
=== Migrate local users to LDAP ===
 
  
    [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
+
Step #2. Start the service
    [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
 
    [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
 
  
'''Note:''' Repeat the same for the rest of users.
+
<code>[root@ldap ~]# chkconfig --levels 235 ldap on
 +
[root@ldap ~]# service ldap start
 +
</code>
 +
Step #3. Create LDAP root user password
  
=== Update default settings on file /usr/share/openldap/migration/migrate_common.ph ===
+
<code>[root@ldap ~]# slappasswd
 +
New password:
 +
Re-enter new password:
 +
{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
 +
[root@ldap ~]#</code>
 +
Step #4. Update /etc/openldap/slapd.conf for the root password
  
    #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
+
<code>[root@ldap ~]# vi /etc/openldap/slapd.conf
    #74 $DEFAULT_BASE = "dc=adminmart,dc=com";
+
#68 database bdb
 +
#69 suffix "dc=adminmart,dc=com"
 +
#70 rootdn "cn=Manager,dc=adminmart,dc=com"
 +
#71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code>
 +
Step #5. Apply Changes
  
=== Convert passwd.file to ldif (LDAP Data Interchange Format) file ===
+
<code>[root@ldap ~]# service ldap restart</code>
 +
Step #6. Create test users
  
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
+
<code>[root@ldap ~]# useradd test1
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
+
[root@ldap ~]# passwd test1
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
+
Changing password for user test1.
 +
New UNIX password:
 +
Retype new UNIX password:
 +
passwd: all authentication tokens updated successfully.
 +
[root@ldap ~]# useradd test2
 +
[root@ldap ~]# passwd test2
 +
Changing password for user test2.
 +
New UNIX password:
 +
Retype new UNIX password:
 +
passwd: all authentication tokens updated successfully.
 +
[root@ldap ~]#
 +
</code>
 +
Note: Repeat the same for the rest of users
 +
Step #7. Migrate local users to LDAP
  
'''Note:''' Repeat the same for the rest of users.
+
<code>[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
 +
[root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
 +
[root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
 +
</code>
 +
Note: Repeat the same for the rest of users
 +
Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph
  
=== Update root.ldif file for the "Manager" of LDAP Server ===
+
#71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
 +
#74 $DEFAULT_BASE = "dc=adminmart,dc=com";
 +
Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file  
  
    [root@ldap ~]# vi /etc/openldap/root.ldif
+
<code>[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
    #1 dn: uid=root,ou=People,dc=adminmart,dc=com
+
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
    #2 uid: root
+
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
    #3 cn: Manager
+
</code>
    #4 objectClass: account
+
Note: Repeat the same for the rest of users
 +
Step #10. Update root.ldif file for the "Manager" of LDAP Server
  
=== Create a domain ldif file (/etc/openldap/adminmart.com.ldif) ===
+
[root@ldap ~]# vi /etc/openldap/root.ldif
 +
#1 dn: uid=root,ou=People,dc=adminmart,dc=com
 +
#2 uid: root
 +
#3 cn: Manager
 +
#4 objectClass: account
  
    [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
+
Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)
    dn: dc=adminmart,dc=com
 
    dc: adminmart
 
    description: LDAP Admin
 
    objectClass: dcObject
 
    objectClass: organizationalUnit
 
    ou: rootobject
 
 
    dn: ou=People, dc=adminmart,dc=com
 
    ou: People
 
    description: Users of adminmart
 
    objectClass: organizationalUnit
 
  
=== Import all users in to the LDAP ===
+
[root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
 +
dn: dc=adminmart,dc=com
 +
dc: adminmart
 +
description: LDAP Admin
 +
objectClass: dcObject
 +
objectClass: organizationalUnit
 +
ou: rootobject
  
Add the Domain ldif file:
+
dn: ou=People, dc=adminmart,dc=com
 +
ou: People
 +
description: Users of adminmart
 +
objectClass: organizationalUnit
  
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
+
Step #12. Import all users in to the LDAP
    Enter LDAP Password:
 
    adding new entry "dc=adminmart,dc=com"
 
    adding new entry "ou=People, dc=adminmart,dc=com"
 
    [root@ldap ~]#
 
  
Add the Users:
+
Add the Domain ldif file
  
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
+
<code>[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
    Enter LDAP Password:
+
Enter LDAP Password:
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
+
adding new entry "dc=adminmart,dc=com"
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
+
adding new entry "ou=People, dc=adminmart,dc=com"
    [root@ldap ~]#
+
[root@ldap ~]#
 +
</code>
  
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
+
Add the Users
    Enter LDAP Password:
 
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
 
    [root@ldap ~]#
 
  
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
+
<code>[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
    Enter LDAP Password:
+
Enter LDAP Password:
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
+
adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
    [root@ldap ~]#
+
adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
 +
[root@ldap ~]#
  
'''Note:''' Repeat the same for the rest of users.
+
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
 +
Enter LDAP Password:
 +
adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
 +
[root@ldap ~]#
  
=== Apply Changes ===
+
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
 +
Enter LDAP Password:
 +
adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
 +
[root@ldap ~]#
  
    [root@ldap ~]# service ldap restart
+
</code>
 +
Note: Repeat the same for the rest of users
  
=== Test LDAP Server ===
+
Step #13. Apply Changes
  
It prints all the user information<br>
+
<code>[root@ldap ~]# service ldap restart</code>
    [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'
 
  
== LDAP Client Configuration ==
+
Step #14. Test LDAP Server
 +
It prints all the user information
  
    [root@ldapclient ~]# authconfig
+
<code>[root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code>
  
:: [*] Use LDAP [*] Use LDAP Authentication
 
(Both should be checked)
 
  
:: [ ] Use TLS
 
:: Server: ldap.adminmart.com
 
:: Base DN: dc=adminmart,dc=com
 
  
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]

Please note that all contributions to OpenVZ Virtuozzo Containers Wiki may be edited, altered, or removed by other contributors. If you don't want your writing to be edited mercilessly, then don't submit it here.
 If you are going to add external links to an article, read the External links policy first!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)
Retrieved from "https://wiki.openvz.org/OpenLDAP_Server_in_container"