Open main menu

OpenVZ Virtuozzo Containers Wiki β

Editing OpenLDAP Server in container

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 1: Line 1:
Step by Step Installation and Configuration OpenLDAP Server
+
<h3>Step by Step Installation and Configuration OpenLDAP Server</h3>
 +
<b>By Ganesh (ganesh35@gmail.com)</b>
  
 
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br>
 
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br>
Line 5: Line 6:
 
Domain name: adminmart.com<br>
 
Domain name: adminmart.com<br>
 
System IP: 192.168.1.212<br>
 
System IP: 192.168.1.212<br>
 +
<br>
 +
<b>Note:</b> Use your domain name and IP instead of adminmart<br>
 +
<br>
  
'''Note:''' Use your domain name and IP instead of adminmart
+
<h3>Create container with OpenLDAP</h3>
 +
Create, Install vps with the following information<br>
 +
- vpsid  : 212<br>
 +
- vpsip  : 192.168.1.212<br>
 +
- vpsname : ldap<br>
 +
- vpshostname : ldap<br>
 +
<br>
 +
<b>Note:</b> Please run these commands on hardware node<br>
 +
<code>
 +
    vzctl create 212 --ostemplate centos-4-i386-minimal<br>
 +
    vzctl set 212 --ipadd 192.168.1.212 --save<br>
 +
    vzctl set 212 --nameserver 202.88.156.6 --save<br>
 +
    vzctl set 212 --onboot yes --save<br>
 +
    vzctl set 212 --userpasswd root:changeme --save<br>
 +
    vzctl set 212 --name ldap --save<br>
 +
    vzctl set 212 --hostname ldap --save<br>
 +
    vzctl start 212<br>
 +
    vzyum 212 install *openldap* -y<br>
 +
</code>
 +
<h3>Configuration of OpenLDAP Server</h3>
 +
<b>Easy steps for adding users:</b>
 +
1. Create unix user<br>
 +
2. Create unix user's ldap passwd file<br>
 +
3. Convert passwd.file to ldif file<br>
 +
4. Add ldap file to LDAP Directory using ldapadd<br>
 +
<h4>Step #1. Requirements</h4>
 +
compat-openldap.i386 0:2.1.30-6.4E<br>
 +
openldap-clients.i386 0:2.2.13-6.4E<br>
 +
openldap-devel.i386 0:2.2.13-6.4E<br>
 +
openldap-servers.i386 0:2.2.13-6.4E<br>
 +
openldap-servers-sql.i386 0:2.2.13-6.4E<br>
 +
<br>
 +
<br>
 +
You can install them using the command:<br>
 +
<br>
 +
    yum install *openldap* -y <br>
  
== Create container with OpenLDAP ==
+
<h4>Step #2. Start the service</h4>
Create a container with the following settings:
+
<code>
* ctid: 212
+
     [root@ldap ~]# chkconfig --levels 235 ldap on<br>
* IP address: 192.168.1.212
 
* name: ldap
 
* hostname: ldap
 
 
 
Run these commands on the hardware node:
 
 
 
    vzctl create 212 --ostemplate centos-4-i386-minimal
 
    vzctl set 212 --ipadd 192.168.1.212 --save
 
    vzctl set 212 --nameserver 202.88.156.6 --save
 
    vzctl set 212 --onboot yes --save
 
    vzctl set 212 --userpasswd root:changeme --save
 
    vzctl set 212 --name ldap --save
 
    vzctl set 212 --hostname ldap --save
 
    vzctl start 212
 
    vzyum 212 install *openldap* -y
 
 
 
== Configuration of OpenLDAP Server ==
 
Easy steps for adding users:
 
# Create unix user
 
# Create unix user's ldap passwd file
 
# Convert passwd.file to ldif file
 
# Add ldap file to LDAP Directory using ldapadd
 
 
 
=== Requirements ===
 
compat-openldap.i386 0:2.1.30-6.4E
 
openldap-clients.i386 0:2.2.13-6.4E
 
openldap-devel.i386 0:2.2.13-6.4E
 
openldap-servers.i386 0:2.2.13-6.4E
 
openldap-servers-sql.i386 0:2.2.13-6.4E
 
 
 
You can install them using the command:
 
 
 
    yum install *openldap* -y
 
 
 
=== Start the service ===
 
 
 
     [root@ldap ~]# chkconfig --levels 235 ldap on
 
 
     [root@ldap ~]# service ldap start <br>
 
     [root@ldap ~]# service ldap start <br>
 
+
</code>
=== Create LDAP root user password ===
+
<h4>Step #3. Create LDAP root user password</h4>
 
+
<code>
     [root@ldap ~]# slappasswd
+
     [root@ldap ~]# slappasswd<br>
     New password:
+
     New password:<br>
     Re-enter new password:
+
     Re-enter new password:<br>
     {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
+
     {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW<br>
 
     [root@ldap ~]#
 
     [root@ldap ~]#
 +
</code>
 +
   
 +
<h4>Step #4. Update /etc/openldap/slapd.conf for the root password</h4>
 +
<code>
 +
    [root@ldap ~]# vi /etc/openldap/slapd.conf<br>
 +
    #68 database bdb<br>
 +
    #69 suffix "dc=adminmart,dc=com"<br>
 +
    #70 rootdn "cn=Manager,dc=adminmart,dc=com"<br>
 +
    #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code>
  
=== Update /etc/openldap/slapd.conf for the root password ===
+
<h4>Step #5. Apply Changes</h4>
 
+
<code>
    [root@ldap ~]# vi /etc/openldap/slapd.conf
 
    #68 database bdb
 
    #69 suffix "dc=adminmart,dc=com"
 
    #70 rootdn "cn=Manager,dc=adminmart,dc=com"
 
    #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
 
 
 
=== Apply Changes ===
 
 
 
 
     [root@ldap ~]# service ldap restart
 
     [root@ldap ~]# service ldap restart
 +
</code>
  
=== Create test users ===
+
<h4>Step #6. Create test users</h4>
 
+
<code>
     [root@ldap ~]# useradd test1
+
     [root@ldap ~]# useradd test1<br>
     [root@ldap ~]# passwd test1
+
     [root@ldap ~]# passwd test1<br>
     Changing password for user test1.
+
     Changing password for user test1.<br>
     New UNIX password:
+
     New UNIX password:<br>
     Retype new UNIX password:
+
     Retype new UNIX password:<br>
     passwd: all authentication tokens updated successfully.
+
     passwd: all authentication tokens updated successfully.<br>
     [root@ldap ~]# useradd test2
+
     [root@ldap ~]# useradd test2<br>
     [root@ldap ~]# passwd test2
+
     [root@ldap ~]# passwd test2<br>
     Changing password for user test2.
+
     Changing password for user test2.<br>
     New UNIX password:
+
     New UNIX password:<br>
     Retype new UNIX password:
+
     Retype new UNIX password:<br>
     passwd: all authentication tokens updated successfully.
+
     passwd: all authentication tokens updated successfully.<br>
     [root@ldap ~]#
+
     [root@ldap ~]#<br>
 
+
    </code><br>
'''Note:''' Repeat the same for the rest of users.
+
<b>Note:</b> Repeat the same for the rest of users <br>
  
=== Migrate local users to LDAP ===
+
<h4>Step #7. Migrate local users to LDAP</h4>
 +
<code>
 +
    [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root<br>
 +
    [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1<br>
 +
    [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2<br>
 +
</code><br>
 +
<b>Note:</b> Repeat the same for the rest of users<br>
  
    [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
+
<h4>Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph</h4>
     [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
+
     #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";<br>
     [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
+
     #74 $DEFAULT_BASE = "dc=adminmart,dc=com";<br>
  
'''Note:''' Repeat the same for the rest of users.
+
<h4>Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file </h4>
 +
<code>
 +
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif<br>
 +
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif<br>
 +
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif<br>
 +
</code><br>
 +
<b>Note:</b> Repeat the same for the rest of users<br>
  
=== Update default settings on file /usr/share/openldap/migration/migrate_common.ph ===
+
<h4>Step #10. Update root.ldif file for the "Manager" of LDAP Server </h4>
 +
<code>
 +
    [root@ldap ~]# vi /etc/openldap/root.ldif<br>
 +
    #1 dn: uid=root,ou=People,dc=adminmart,dc=com<br>
 +
    #2 uid: root<br>
 +
    #3 cn: Manager<br>
 +
    #4 objectClass: account<br>
 +
</code>
 +
<h4>Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)</h4>
 +
<code>
 +
    [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif<br>
 +
    dn: dc=adminmart,dc=com<br>
 +
    dc: adminmart<br>
 +
    description: LDAP Admin<br>
 +
    objectClass: dcObject<br>
 +
    objectClass: organizationalUnit<br>
 +
    ou: rootobject<br>
 +
    <br>
 +
    dn: ou=People, dc=adminmart,dc=com<br>
 +
    ou: People<br>
 +
    description: Users of adminmart<br>
 +
    objectClass: organizationalUnit<br>
 +
</code>   
 +
<h4>Step #12. Import all users in to the LDAP</h4>
 +
<b>Add the Domain ldif file </b><br>
 +
<br>
 +
<code>
  
     #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
+
     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif<br>
     #74 $DEFAULT_BASE = "dc=adminmart,dc=com";
+
    Enter LDAP Password:<br>
 +
    adding new entry "dc=adminmart,dc=com"<br>
 +
    adding new entry "ou=People, dc=adminmart,dc=com"<br>
 +
    [root@ldap ~]#<br>
 +
</code><br>
 +
<br>
 +
<b>Add the Users</b><br>
 +
<br>
 +
<code>
 +
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif<br>
 +
    Enter LDAP Password:<br>
 +
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"<br>
 +
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"<br>
 +
    [root@ldap ~]#<br>
 +
    <br>
 +
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif<br>
 +
    Enter LDAP Password:<br>
 +
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"<br>
 +
    [root@ldap ~]#<br>
 +
    <br>
 +
     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif<br>
 +
    Enter LDAP Password:<br>
 +
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"<br>
 +
    [root@ldap ~]#<br>
 +
</code><br>
 +
<b>Note:</b> Repeat the same for the rest of users<br>
  
=== Convert passwd.file to ldif (LDAP Data Interchange Format) file ===
+
<h4>Step #13. Apply Changes </h4>
 
+
<code>
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
+
     [root@ldap ~]# service ldap restart</code> <br>
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
 
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
 
 
 
'''Note:''' Repeat the same for the rest of users.
 
 
 
=== Update root.ldif file for the "Manager" of LDAP Server ===
 
 
 
    [root@ldap ~]# vi /etc/openldap/root.ldif
 
    #1 dn: uid=root,ou=People,dc=adminmart,dc=com
 
    #2 uid: root
 
    #3 cn: Manager
 
    #4 objectClass: account
 
 
 
=== Create a domain ldif file (/etc/openldap/adminmart.com.ldif) ===
 
 
 
    [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
 
    dn: dc=adminmart,dc=com
 
    dc: adminmart
 
    description: LDAP Admin
 
    objectClass: dcObject
 
    objectClass: organizationalUnit
 
    ou: rootobject
 
 
    dn: ou=People, dc=adminmart,dc=com
 
    ou: People
 
    description: Users of adminmart
 
    objectClass: organizationalUnit
 
 
 
=== Import all users in to the LDAP ===
 
 
 
Add the Domain ldif file:
 
 
 
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
 
    Enter LDAP Password:
 
    adding new entry "dc=adminmart,dc=com"
 
    adding new entry "ou=People, dc=adminmart,dc=com"
 
    [root@ldap ~]#
 
 
 
Add the Users:
 
 
 
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
 
    Enter LDAP Password:
 
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
 
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
 
    [root@ldap ~]#
 
 
 
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
 
    Enter LDAP Password:
 
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
 
    [root@ldap ~]#
 
 
 
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
 
    Enter LDAP Password:
 
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
 
    [root@ldap ~]#
 
 
 
'''Note:''' Repeat the same for the rest of users.
 
 
 
=== Apply Changes ===
 
 
 
     [root@ldap ~]# service ldap restart
 
 
 
=== Test LDAP Server ===
 
  
 +
<h4>Step #14. Test LDAP Server</h4>
 
It prints all the user information<br>
 
It prints all the user information<br>
     [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'
+
<br>
 
+
<code>
== LDAP Client Configuration ==
+
     [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code> <br>
 
+
<br>
     [root@ldapclient ~]# authconfig
+
<br>
 
+
<h3>LDAP Client Configuration</h3>
:: [*] Use LDAP [*] Use LDAP Authentication
+
<code>
(Both should be checked)
+
     [root@ldapclient ~]# authconfig </code><br>
 
+
<b> [*] Use LDAP [*] Use LDAP Authentication </b><br>
:: [ ] Use TLS
+
<br>
:: Server: ldap.adminmart.com
+
[Both should be checked]<br>
:: Base DN: dc=adminmart,dc=com
+
<br>
 
+
<b> [ ] Use TLS   <br>
 +
Server: ldap.adminmart.com<br>
 +
Base DN: dc=adminmart,dc=com<br>
 +
</b><br>
 +
<br>
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]

Please note that all contributions to OpenVZ Virtuozzo Containers Wiki may be edited, altered, or removed by other contributors. If you don't want your writing to be edited mercilessly, then don't submit it here.
 If you are going to add external links to an article, read the External links policy first!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)
Retrieved from "https://wiki.openvz.org/OpenLDAP_Server_in_container"