Difference between revisions of "OpenLDAP Server in container"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(Create a domain ldif file (/etc/openldap/adminmart.com.ldif))
 
(4 intermediate revisions by one other user not shown)
Line 1: Line 1:
<h3>Step by Step Installation and Configuration OpenLDAP Server</h3>
+
Step by Step Installation and Configuration OpenLDAP Server
<b>By Ganesh (ganesh35@gmail.com)</b>
 
  
 
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br>
 
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br>
Line 6: Line 5:
 
Domain name: adminmart.com<br>
 
Domain name: adminmart.com<br>
 
System IP: 192.168.1.212<br>
 
System IP: 192.168.1.212<br>
<br>
 
<b>Note:</b> Use your domain name and IP instead of adminmart<br>
 
<br>
 
  
<h3>Create container with OpenLDAP</h3>
+
'''Note:''' Use your domain name and IP instead of adminmart
Create, Install vps with the following information<br>
 
- vpsid  : 212<br>
 
- vpsip  : 192.168.1.212<br>
 
- vpsname : ldap<br>
 
- vpshostname : ldap<br>
 
<br>
 
<b>Note:</b> Please run these commands on hardware node<br>
 
<code>
 
    vzctl create 212 --ostemplate centos-4-i386-minimal<br>
 
    vzctl set 212 --ipadd 192.168.1.212 --save<br>
 
    vzctl set 212 --nameserver 202.88.156.6 --save<br>
 
    vzctl set 212 --onboot yes --save<br>
 
    vzctl set 212 --userpasswd root:changeme --save<br>
 
    vzctl set 212 --name ldap --save<br>
 
    vzctl set 212 --hostname ldap --save<br>
 
    vzctl start 212<br>
 
    vzyum 212 install *openldap* -y<br>
 
</code>
 
<h3>Configuration of OpenLDAP Server</h3>
 
<b>Easy steps for adding users:</b>
 
1. Create unix user<br>
 
2. Create unix user's ldap passwd file<br>
 
3. Convert passwd.file to ldif file<br>
 
4. Add ldap file to LDAP Directory using ldapadd<br>
 
<h4>Step #1. Requirements</h4>
 
compat-openldap.i386 0:2.1.30-6.4E<br>
 
openldap-clients.i386 0:2.2.13-6.4E<br>
 
openldap-devel.i386 0:2.2.13-6.4E<br>
 
openldap-servers.i386 0:2.2.13-6.4E<br>
 
openldap-servers-sql.i386 0:2.2.13-6.4E<br>
 
<br>
 
<br>
 
You can install them using the command:<br>
 
<br>
 
    yum install *openldap* -y <br>
 
  
<h4>Step #2. Start the service</h4>
+
== Create container with OpenLDAP ==
<code>
+
Create a container with the following settings:
     [root@ldap ~]# chkconfig --levels 235 ldap on<br>
+
* ctid: 212
 +
* IP address: 192.168.1.212
 +
* name: ldap
 +
* hostname: ldap
 +
 
 +
Run these commands on the hardware node:
 +
 
 +
    vzctl create 212 --ostemplate centos-4-i386-minimal
 +
    vzctl set 212 --ipadd 192.168.1.212 --save
 +
    vzctl set 212 --nameserver 202.88.156.6 --save
 +
    vzctl set 212 --onboot yes --save
 +
    vzctl set 212 --userpasswd root:changeme --save
 +
    vzctl set 212 --name ldap --save
 +
    vzctl set 212 --hostname ldap --save
 +
    vzctl start 212
 +
    vzyum 212 install *openldap* -y
 +
 
 +
== Configuration of OpenLDAP Server ==
 +
Easy steps for adding users:
 +
# Create unix user
 +
# Create unix user's ldap passwd file
 +
# Convert passwd.file to ldif file
 +
# Add ldap file to LDAP Directory using ldapadd
 +
 
 +
=== Requirements ===
 +
compat-openldap.i386 0:2.1.30-6.4E
 +
openldap-clients.i386 0:2.2.13-6.4E
 +
openldap-devel.i386 0:2.2.13-6.4E
 +
openldap-servers.i386 0:2.2.13-6.4E
 +
openldap-servers-sql.i386 0:2.2.13-6.4E
 +
 
 +
You can install them using the command:
 +
 
 +
    yum install *openldap* -y
 +
 
 +
=== Start the service ===
 +
 
 +
     [root@ldap ~]# chkconfig --levels 235 ldap on
 
     [root@ldap ~]# service ldap start <br>
 
     [root@ldap ~]# service ldap start <br>
</code>
+
 
<h4>Step #3. Create LDAP root user password</h4>
+
=== Create LDAP root user password ===
<code>
+
 
     [root@ldap ~]# slappasswd<br>
+
     [root@ldap ~]# slappasswd
     New password:<br>
+
     New password:
     Re-enter new password:<br>
+
     Re-enter new password:
     {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW<br>
+
     {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
 
     [root@ldap ~]#
 
     [root@ldap ~]#
</code>
 
   
 
<h4>Step #4. Update /etc/openldap/slapd.conf for the root password</h4>
 
<code>
 
    [root@ldap ~]# vi /etc/openldap/slapd.conf<br>
 
    #68 database bdb<br>
 
    #69 suffix "dc=adminmart,dc=com"<br>
 
    #70 rootdn "cn=Manager,dc=adminmart,dc=com"<br>
 
    #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code>
 
  
<h4>Step #5. Apply Changes</h4>
+
=== Update /etc/openldap/slapd.conf for the root password ===
<code>
+
 
 +
    [root@ldap ~]# vi /etc/openldap/slapd.conf
 +
    #68 database bdb
 +
    #69 suffix "dc=adminmart,dc=com"
 +
    #70 rootdn "cn=Manager,dc=adminmart,dc=com"
 +
    #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
 +
 
 +
=== Apply Changes ===
 +
 
 
     [root@ldap ~]# service ldap restart
 
     [root@ldap ~]# service ldap restart
</code>
 
  
<h4>Step #6. Create test users</h4>
+
=== Create test users ===
<code>
+
 
     [root@ldap ~]# useradd test1<br>
+
     [root@ldap ~]# useradd test1
     [root@ldap ~]# passwd test1<br>
+
     [root@ldap ~]# passwd test1
     Changing password for user test1.<br>
+
     Changing password for user test1.
     New UNIX password:<br>
+
     New UNIX password:
     Retype new UNIX password:<br>
+
     Retype new UNIX password:
     passwd: all authentication tokens updated successfully.<br>
+
     passwd: all authentication tokens updated successfully.
     [root@ldap ~]# useradd test2<br>
+
     [root@ldap ~]# useradd test2
     [root@ldap ~]# passwd test2<br>
+
     [root@ldap ~]# passwd test2
     Changing password for user test2.<br>
+
     Changing password for user test2.
     New UNIX password:<br>
+
     New UNIX password:
     Retype new UNIX password:<br>
+
     Retype new UNIX password:
     passwd: all authentication tokens updated successfully.<br>
+
     passwd: all authentication tokens updated successfully.
     [root@ldap ~]#<br>
+
     [root@ldap ~]#
    </code><br>
+
 
<b>Note:</b> Repeat the same for the rest of users <br>
+
'''Note:''' Repeat the same for the rest of users.
  
<h4>Step #7. Migrate local users to LDAP</h4>
+
=== Migrate local users to LDAP ===
<code>
 
    [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root<br>
 
    [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1<br>
 
    [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2<br>
 
</code><br>
 
<b>Note:</b> Repeat the same for the rest of users<br>
 
  
<h4>Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph</h4>
+
    [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
     #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";<br>
+
     [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
     #74 $DEFAULT_BASE = "dc=adminmart,dc=com";<br>
+
     [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
  
<h4>Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file </h4>
+
'''Note:''' Repeat the same for the rest of users.
<code>
 
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif<br>
 
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif<br>
 
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif<br>
 
</code><br>
 
<b>Note:</b> Repeat the same for the rest of users<br>
 
  
<h4>Step #10. Update root.ldif file for the "Manager" of LDAP Server </h4>
+
=== Update default settings on file /usr/share/openldap/migration/migrate_common.ph ===
<code>
 
    [root@ldap ~]# vi /etc/openldap/root.ldif<br>
 
    #1 dn: uid=root,ou=People,dc=adminmart,dc=com<br>
 
    #2 uid: root<br>
 
    #3 cn: Manager<br>
 
    #4 objectClass: account<br>
 
</code>
 
<h4>Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)</h4>
 
<code>
 
    [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif<br>
 
    dn: dc=adminmart,dc=com<br>
 
    dc: adminmart<br>
 
    description: LDAP Admin<br>
 
    objectClass: dcObject<br>
 
    objectClass: organizationalUnit<br>
 
    ou: rootobject<br>
 
    <br>
 
    dn: ou=People, dc=adminmart,dc=com<br>
 
    ou: People<br>
 
    description: Users of adminmart<br>
 
    objectClass: organizationalUnit<br>
 
</code>   
 
<h4>Step #12. Import all users in to the LDAP</h4>
 
<b>Add the Domain ldif file </b><br>
 
<br>
 
<code>
 
  
     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif<br>
+
     #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
    Enter LDAP Password:<br>
+
     #74 $DEFAULT_BASE = "dc=adminmart,dc=com";
    adding new entry "dc=adminmart,dc=com"<br>
 
    adding new entry "ou=People, dc=adminmart,dc=com"<br>
 
    [root@ldap ~]#<br>
 
</code><br>
 
<br>
 
<b>Add the Users</b><br>
 
<br>
 
<code>
 
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif<br>
 
    Enter LDAP Password:<br>
 
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"<br>
 
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"<br>
 
    [root@ldap ~]#<br>
 
    <br>
 
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif<br>
 
    Enter LDAP Password:<br>
 
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"<br>
 
    [root@ldap ~]#<br>
 
    <br>
 
     [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif<br>
 
    Enter LDAP Password:<br>
 
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"<br>
 
    [root@ldap ~]#<br>
 
</code><br>
 
<b>Note:</b> Repeat the same for the rest of users<br>
 
  
<h4>Step #13. Apply Changes </h4>
+
=== Convert passwd.file to ldif (LDAP Data Interchange Format) file ===
<code>
+
 
     [root@ldap ~]# service ldap restart</code> <br>
+
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
 +
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
 +
    [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
 +
 
 +
'''Note:''' Repeat the same for the rest of users.
 +
 
 +
=== Update root.ldif file for the "Manager" of LDAP Server ===
 +
 
 +
    [root@ldap ~]# vi /etc/openldap/root.ldif
 +
    #1 dn: uid=root,ou=People,dc=adminmart,dc=com
 +
    #2 uid: root
 +
    #3 cn: Manager
 +
    #4 objectClass: account
 +
 
 +
=== Create a domain ldif file (/etc/openldap/adminmart.com.ldif) ===
 +
 
 +
    [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
 +
    dn: dc=adminmart,dc=com
 +
    dc: adminmart
 +
    description: LDAP Admin
 +
    objectClass: dcObject
 +
    objectClass: organizationalUnit
 +
    ou: rootobject
 +
 +
    dn: ou=People, dc=adminmart,dc=com
 +
    ou: People
 +
    description: Users of adminmart
 +
    objectClass: organizationalUnit
 +
 
 +
=== Import all users in to the LDAP ===
 +
 
 +
Add the Domain ldif file:
 +
 
 +
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
 +
    Enter LDAP Password:
 +
    adding new entry "dc=adminmart,dc=com"
 +
    adding new entry "ou=People, dc=adminmart,dc=com"
 +
    [root@ldap ~]#
 +
 
 +
Add the Users:
 +
 
 +
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
 +
    Enter LDAP Password:
 +
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
 +
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
 +
    [root@ldap ~]#
 +
 
 +
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
 +
    Enter LDAP Password:
 +
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
 +
    [root@ldap ~]#
 +
 
 +
    [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
 +
    Enter LDAP Password:
 +
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
 +
    [root@ldap ~]#
 +
 
 +
'''Note:''' Repeat the same for the rest of users.
 +
 
 +
=== Apply Changes ===
 +
 
 +
     [root@ldap ~]# service ldap restart
 +
 
 +
=== Test LDAP Server ===
  
<h4>Step #14. Test LDAP Server</h4>
 
 
It prints all the user information<br>
 
It prints all the user information<br>
<br>
+
     [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'
<code>
+
 
     [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code> <br>
+
== LDAP Client Configuration ==
<br>
+
 
<br>
+
     [root@ldapclient ~]# authconfig
<h3>LDAP Client Configuration</h3>
+
 
<code>
+
:: [*] Use LDAP [*] Use LDAP Authentication
     [root@ldapclient ~]# authconfig </code><br>
+
(Both should be checked)
<b> [*] Use LDAP [*] Use LDAP Authentication </b><br>
+
 
<br>
+
:: [ ] Use TLS
[Both should be checked]<br>
+
:: Server: ldap.adminmart.com
<br>
+
:: Base DN: dc=adminmart,dc=com
<b> [ ] Use TLS   <br>
+
 
Server: ldap.adminmart.com<br>
 
Base DN: dc=adminmart,dc=com<br>
 
</b><br>
 
<br>
 
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]

Latest revision as of 06:51, 31 March 2010

Step by Step Installation and Configuration OpenLDAP Server

Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E
System name: ldap.adminmart.com
Domain name: adminmart.com
System IP: 192.168.1.212

Note: Use your domain name and IP instead of adminmart

Create container with OpenLDAP[edit]

Create a container with the following settings:

  • ctid: 212
  • IP address: 192.168.1.212
  • name: ldap
  • hostname: ldap

Run these commands on the hardware node: 

   vzctl create 212 --ostemplate centos-4-i386-minimal
   vzctl set 212 --ipadd 192.168.1.212 --save
   vzctl set 212 --nameserver 202.88.156.6 --save
   vzctl set 212 --onboot yes --save
   vzctl set 212 --userpasswd root:changeme --save
   vzctl set 212 --name ldap --save
   vzctl set 212 --hostname ldap --save
   vzctl start 212
   vzyum 212 install *openldap* -y

Configuration of OpenLDAP Server[edit]

Easy steps for adding users:

  1. Create unix user
  2. Create unix user's ldap passwd file
  3. Convert passwd.file to ldif file
  4. Add ldap file to LDAP Directory using ldapadd

Requirements[edit]

compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E

You can install them using the command: 

   yum install *openldap* -y

Start the service[edit]

   [root@ldap ~]# chkconfig --levels 235 ldap on
   [root@ldap ~]# service ldap start

Create LDAP root user password[edit]

   [root@ldap ~]# slappasswd
   New password:
   Re-enter new password:
   {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
   [root@ldap ~]#

Update /etc/openldap/slapd.conf for the root password[edit]

   [root@ldap ~]# vi /etc/openldap/slapd.conf
   #68 database bdb
   #69 suffix "dc=adminmart,dc=com"
   #70 rootdn "cn=Manager,dc=adminmart,dc=com"
   #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

Apply Changes[edit]

   [root@ldap ~]# service ldap restart

Create test users[edit]

   [root@ldap ~]# useradd test1
   [root@ldap ~]# passwd test1
   Changing password for user test1.
   New UNIX password:
   Retype new UNIX password:
   passwd: all authentication tokens updated successfully.
   [root@ldap ~]# useradd test2
   [root@ldap ~]# passwd test2
   Changing password for user test2.
   New UNIX password:
   Retype new UNIX password:
   passwd: all authentication tokens updated successfully.
   [root@ldap ~]#

Note: Repeat the same for the rest of users.

Migrate local users to LDAP[edit]

   [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
   [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
   [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2

Note: Repeat the same for the rest of users.

Update default settings on file /usr/share/openldap/migration/migrate_common.ph[edit]

   #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
   #74 $DEFAULT_BASE = "dc=adminmart,dc=com";

Convert passwd.file to ldif (LDAP Data Interchange Format) file[edit]

   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
   [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif

Note: Repeat the same for the rest of users.

Update root.ldif file for the "Manager" of LDAP Server[edit]

   [root@ldap ~]# vi /etc/openldap/root.ldif
   #1 dn: uid=root,ou=People,dc=adminmart,dc=com
   #2 uid: root
   #3 cn: Manager
   #4 objectClass: account

Create a domain ldif file (/etc/openldap/adminmart.com.ldif)[edit]

   [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
   dn: dc=adminmart,dc=com
   dc: adminmart
   description: LDAP Admin
   objectClass: dcObject
   objectClass: organizationalUnit
   ou: rootobject

   dn: ou=People, dc=adminmart,dc=com
   ou: People
   description: Users of adminmart
   objectClass: organizationalUnit

Import all users in to the LDAP[edit]

Add the Domain ldif file: 

   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
   Enter LDAP Password:
   adding new entry "dc=adminmart,dc=com"
   adding new entry "ou=People, dc=adminmart,dc=com"
   [root@ldap ~]#

Add the Users: 

   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
   Enter LDAP Password:
   adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
   adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#

   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
   Enter LDAP Password:
   adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#

   [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
   Enter LDAP Password:
   adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
   [root@ldap ~]#

Note: Repeat the same for the rest of users.

Apply Changes[edit]

   [root@ldap ~]# service ldap restart

Test LDAP Server[edit]

It prints all the user information

   [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'

LDAP Client Configuration[edit]

   [root@ldapclient ~]# authconfig
[*] Use LDAP [*] Use LDAP Authentication

(Both should be checked)

[ ] Use TLS
Server: ldap.adminmart.com
Base DN: dc=adminmart,dc=com
Retrieved from "https://wiki.openvz.org/index.php?title=OpenLDAP_Server_in_container&oldid=8398"