Changes

← Older edit

OpenLDAP Server in container

1,000 bytes added, 06:51, 31 March 2010

→‎Create a domain ldif file (/etc/openldap/adminmart.com.ldif)

~~<h3>~~Step by Step Installation and Configuration OpenLDAP Server~~</h3>~~

Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br>System name: ldap.adminmart.com<br>Domain name: adminmart.com<br>System IP: 192.168.1.212<br>

'''Note: ''' Use your domain name and IP instead of adminmart

== Create container with OpenLDAP ==

Create a container with the following settings:

* ctid: 212

* IP address: 192.168.1.212

* name: ldap

* hostname: ldap

Run these commands on the hardware node:

vzctl create 212 --ostemplate centos-4-i386-minimal

vzctl set 212 --ipadd 192.168.1.212 --save

vzctl set 212 --nameserver 202.88.156.6 --save

vzctl set 212 --onboot yes --save

vzctl set 212 --userpasswd root:changeme --save

vzctl set 212 --name ldap --save

vzctl set 212 --hostname ldap --save

vzctl start 212

vzyum 212 install *openldap* -y

== Configuration of OpenLDAP Server ==

Easy steps for adding users:

1. # Create unix user2. # Create unix user's ldap passwd file3. # Convert passwd.file to ldif file4. # Add ldap file to LDAP Directory using ldapadd === Requirements === compat-openldap.i386 0:2.1.30-6.4E openldap-clients.i386 0:2.2.13-6.4E openldap-devel.i386 0:2.2.13-6.4E openldap-servers.i386 0:2.2.13-6.4E openldap-servers-sql.i386 0:2.2.13-6.4E You can install them using the command: yum install *openldap* -y === Start the service === [root@ldap ~]# chkconfig --levels 235 ldap on [root@ldap ~]# service ldap start <br> === Create LDAP root user password ===

~~Step~~ [root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW [root@ldap ~]#~~1. Requirements~~

~~compat-~~=== Update /etc/openldap/slapd.~~i386 0:2.1.30-6.4Eopenldap-clients.i386 0:2.2.13-6.4Eopenldap-devel.i386 0:2.2.13-6.4Eopenldap-servers.i386 0:2.2.13-6.4Eopenldap-servers-sql.i386 0:2.2.13-6.4E~~conf for the root password ===

[root@ldap ~]# vi /etc/openldap/slapd.conf

#68 database bdb

#69 suffix "dc=adminmart,dc=com"

#70 rootdn "cn=Manager,dc=adminmart,dc=com"

#71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

~~You can install them using the command~~=== Apply Changes === [root@ldap ~]# service ldap restart === Create test users === [root@ldap ~]# useradd test1 [root@ldap ~]# passwd test1 Changing password for user test1. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# useradd test2 [root@ldap ~]# passwd test2 Changing password for user test2. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]#

~~yum install *openldap* -y~~ '''Note:''' Repeat the same for the rest of users.

=== Migrate local users to LDAP ===

~~Step~~ [root@ldap ~]#2grep root /etc/passwd > /etc/openldap/passwd. ~~Start the service~~root [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2

~~<code>[root@ldap ~]# chkconfig --levels 235 ldap on[root@ldap ~]# service ldap start~~ ~~</code>Step #3~~'''Note:''' Repeat the same for the rest of users. ~~Create LDAP root user password~~

~~<code>[root@ldap ~]# slappasswdNew password:Re-enter new password:{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G~~=== Update default settings on file /~~DltW[root@ldap ~]#<~~usr/~~code>Step #4. Update~~ share/~~etc~~openldap/~~openldap~~migration/~~slapd~~migrate_common.~~conf for the root password~~ph ===

~~<code>[root@ldap ~]~~ # ~~vi /etc/openldap/slapd.conf#68 database bdb#69 suffix~~ 71 $DEFAULT_MAIL_DOMAIN = "~~dc=~~adminmart~~,dc=~~.com"; #~~70 rootdn~~ 74 $DEFAULT_BASE = "~~cn=Manager,~~dc=adminmart,dc=com"~~#71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code>~~ ~~Step #5. Apply Changes~~;

~~<code>[root@ldap ~]# service ldap restart</code>~~ ~~Step #6~~=== Convert passwd. ~~Create test users~~file to ldif (LDAP Data Interchange Format) file ===

~~<code>~~ [root@ldap ~]# ~~useradd test1~~/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd .test1~~Changing password for user~~ /etc/openldap/test1.ldif~~New UNIX password:Retype new UNIX password:passwd: all authentication tokens updated successfully.~~ [root@ldap ~]# ~~useradd test2[root@ldap ~]# passwd test2Changing password for user test2~~/usr/share/openldap/migration/migrate_passwd.~~New UNIX password:Retype new UNIX password:~~pl /etc/openldap/passwd~~: all authentication tokens updated successfully~~.~~[root@ldap ~]#~~<test2 /etc/openldap/~~code>Note: Repeat the same for the rest of users~~ ~~Step #7~~test2. ~~Migrate local users to LDAP~~ldif

~~<code>[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root[root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1[root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2</code>~~'''Note: ''' Repeat the same for the rest of users~~Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common~~.ph

~~#71 $DEFAULT_MAIL_DOMAIN~~ = == Update root.ldif file for the "~~adminmart.com~~Manager";~~#74 $DEFAULT_BASE~~ of LDAP Server = ~~"dc~~=~~adminmart,dc~~=~~com";Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file~~

~~<code>~~ [root@ldap ~]# ~~/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root~~ vi /etc/openldap/root.ldif[ #1 dn: uid=root~~@ldap ~]~~,ou=People,dc=adminmart,dc=com # ~~/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif~~2 uid: root~~[root@ldap ~]~~ # ~~/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif</code>Note~~3 cn: ~~Repeat the same for the rest of users~~Manager~~Step~~ #~~10. Update root.ldif file for the "Manager" of LDAP Server~~ 4 objectClass: account

~~[root@ldap ~]# vi~~ === Create a domain ldif file (/etc/openldap/~~root~~adminmart.com.ldif~~#1 dn: uid~~) =~~root,ou~~=~~People,dc~~=~~adminmart,dc=com#2 uid: root#3 cn: Manager#4 objectClass: account~~

~~Step~~ [root@ldap ~]#~~11. Create a domain ldif file (~~cat /etc/openldap/adminmart.com.ldif) dn: dc=adminmart,dc=com dc: adminmart description: LDAP Admin objectClass: dcObject objectClass: organizationalUnit ou: rootobject dn: ou=People, dc=adminmart,dc=com ou: People description: Users of adminmart objectClass: organizationalUnit

~~[root@ldap ~]# cat /etc/openldap/adminmart.com.ldifdn: dc~~=~~adminmart,dc~~=~~comdc: adminmartdescription:~~ = Import all users in to the LDAP ~~AdminobjectClass: dcObjectobjectClass: organizationalUnitou: rootobject~~===

dnAdd the Domain ldif file: ~~ou=People, dc=adminmart,dc=comou: Peopledescription: Users of adminmartobjectClass: organizationalUnit~~

~~Step~~ [root@ldap ~]#12ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart. ~~Import all users in to the~~ com.ldif Enter LDAPPassword: adding new entry "dc=adminmart,dc=com" adding new entry "ou=People, dc=adminmart,dc=com" [root@ldap ~]#

Add the ~~Domain ldif file~~ Users:

~~<code>~~ [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/~~adminmart.com~~root.ldif Enter LDAP Password: adding new entry "uid=root,ou=People,dc=adminmart,dc=com" adding new entry "uid=operator,ou=People, dc=adminmart,dc=com" [root@ldap ~]#~~</code>~~

~~Add the Users~~ [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif Enter LDAP Password: adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" [root@ldap ~]#

~~<code>~~ [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/~~root~~test2.ldif Enter LDAP Password: adding new entry "uid=~~root,ou=People,dc=adminmart,dc=com"adding new entry "uid=operator~~test2,ou=People,dc=adminmart,dc=com" [root@ldap ~]#

~~[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1~~'''Note:''' Repeat the same for the rest of users.~~ldifEnter LDAP Password:adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"[root@ldap ~]#~~

~~[root@ldap ~]# ldapadd -x -D "cn~~=~~Manager,dc~~=~~adminmart,dc~~=~~com" -W -f /etc/openldap/test2.ldifEnter LDAP Password:adding new entry "uid~~Apply Changes =~~test2,ou~~=~~People,dc~~=~~adminmart,dc=com"[root@ldap ~]#~~

~~</code>Note: Repeat the same for the rest of users~~ [root@ldap ~]# service ldap restart

~~Step #13. Apply Changes~~ === Test LDAP Server ===

It prints all the user information<~~code~~br> [root@ldap ~]# ~~service ldap restart</code>~~ ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'

~~Step #14. Test~~ == LDAP ~~ServerIt prints all the user information~~Client Configuration ==

~~<code>~~ [root@~~ldap~~ ldapclient ~]# ~~ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code>~~ authconfig

:: [*] Use LDAP [*] Use LDAP Authentication

(Both should be checked)

:: [ ] Use TLS

:: Server: ldap.adminmart.com

:: Base DN: dc=adminmart,dc=com

[[Category:HOWTO]]

Anonymous user

130.206.174.240

OpenVZ Virtuozzo Containers Wiki β

Changes

OpenLDAP Server in container

OpenVZ Virtuozzo Containers Wiki ^β