Difference between revisions of "OpenLDAP Server in container"
(New page: <h3>Step by Step Installation and Configuration OpenLDAP Server</h3> Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E System name: ldap.adminmart.com Domain name: adminmart.com System IP: 1...) |
|||
| Line 1: | Line 1: | ||
<h3>Step by Step Installation and Configuration OpenLDAP Server</h3> | <h3>Step by Step Installation and Configuration OpenLDAP Server</h3> | ||
| − | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E | + | Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E<br> |
| − | System name: ldap.adminmart.com | + | System name: ldap.adminmart.com<br> |
| − | Domain name: adminmart.com | + | Domain name: adminmart.com<br> |
| − | System IP: 192.168.1.212 | + | System IP: 192.168.1.212<br> |
| + | <br> | ||
| + | <b>Note:</b> Use your domain name and IP instead of adminmart<br> | ||
| + | <br> | ||
| − | + | <h3>Create VPS with OpenLDAP</h3> | |
| − | + | Create, Install vps with the following information<br> | |
| − | + | - vpsid : 212<br> | |
| − | 1. | + | - vpsip : 192.168.1.212<br> |
| − | + | - vpsname : ldap<br> | |
| − | + | - vpshostname : ldap<br> | |
| − | + | <br> | |
| − | + | <b>Note:</b> Please run these commands on hardware node<br> | |
| − | + | <code> | |
| − | + | vzctl create 212 --ostemplate centos-4-i386-minimal<br> | |
| − | + | vzctl set 212 --ipadd 192.168.1.212 --save<br> | |
| − | + | vzctl set 212 --nameserver 202.88.156.6 --save<br> | |
| − | + | vzctl set 212 --onboot yes --save<br> | |
| − | + | vzctl set 212 --userpasswd root:changeme --save<br> | |
| − | + | vzctl set 212 --name ldap --save<br> | |
| − | + | vzctl set 212 --hostname ldap --save<br> | |
| − | + | vzctl start 212<br> | |
| − | + | vzyum 212 install *openldap* -y<br> | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | < | ||
| − | |||
| − | < | ||
| − | |||
| − | |||
| − | < | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | < | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</code> | </code> | ||
| − | + | <h3>Configuration of OpenLDAP Server</h3> | |
| − | Step # | + | <b>Easy steps for adding users:</b> |
| + | 1. Create unix user<br> | ||
| + | 2. Create unix user's ldap passwd file<br> | ||
| + | 3. Convert passwd.file to ldif file<br> | ||
| + | 4. Add ldap file to LDAP Directory using ldapadd<br> | ||
| + | <h4>Step #1. Requirements</h4> | ||
| + | compat-openldap.i386 0:2.1.30-6.4E<br> | ||
| + | openldap-clients.i386 0:2.2.13-6.4E<br> | ||
| + | openldap-devel.i386 0:2.2.13-6.4E<br> | ||
| + | openldap-servers.i386 0:2.2.13-6.4E<br> | ||
| + | openldap-servers-sql.i386 0:2.2.13-6.4E<br> | ||
| + | <br> | ||
| + | <br> | ||
| + | You can install them using the command:<br> | ||
| + | <br> | ||
| + | yum install *openldap* -y <br> | ||
| − | < | + | <h4>Step #2. Start the service</h4> |
| − | [root@ldap ~]# | + | <code> |
| − | [root@ldap ~]# | + | [root@ldap ~]# chkconfig --levels 235 ldap on<br> |
| + | [root@ldap ~]# service ldap start <br> | ||
</code> | </code> | ||
| − | + | <h4>Step #3. Create LDAP root user password</h4> | |
| − | Step # | + | <code> |
| − | + | [root@ldap ~]# slappasswd<br> | |
| − | + | New password:<br> | |
| − | + | Re-enter new password:<br> | |
| − | + | {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW<br> | |
| − | + | [root@ldap ~]# | |
| − | <code>[root@ldap ~]# | ||
| − | |||
| − | [root@ldap ~]# | ||
</code> | </code> | ||
| − | + | ||
| − | Step # | + | <h4>Step #4. Update /etc/openldap/slapd.conf for the root password</h4> |
| + | <code> | ||
| + | [root@ldap ~]# vi /etc/openldap/slapd.conf<br> | ||
| + | #68 database bdb<br> | ||
| + | #69 suffix "dc=adminmart,dc=com"<br> | ||
| + | #70 rootdn "cn=Manager,dc=adminmart,dc=com"<br> | ||
| + | #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW</code> | ||
| − | + | <h4>Step #5. Apply Changes</h4> | |
| − | + | <code> | |
| − | + | [root@ldap ~]# service ldap restart | |
| − | |||
| − | |||
| − | |||
| − | Step # | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | <code>[root@ldap ~]# | ||
| − | |||
| − | |||
| − | |||
| − | |||
</code> | </code> | ||
| − | + | <h4>Step #6. Create test users</h4> | |
| + | <code> | ||
| + | [root@ldap ~]# useradd test1<br> | ||
| + | [root@ldap ~]# passwd test1<br> | ||
| + | Changing password for user test1.<br> | ||
| + | New UNIX password:<br> | ||
| + | Retype new UNIX password:<br> | ||
| + | passwd: all authentication tokens updated successfully.<br> | ||
| + | [root@ldap ~]# useradd test2<br> | ||
| + | [root@ldap ~]# passwd test2<br> | ||
| + | Changing password for user test2.<br> | ||
| + | New UNIX password:<br> | ||
| + | Retype new UNIX password:<br> | ||
| + | passwd: all authentication tokens updated successfully.<br> | ||
| + | [root@ldap ~]#<br> | ||
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users <br> | ||
| − | <code>[root@ldap ~]# | + | <h4>Step #7. Migrate local users to LDAP</h4> |
| − | + | <code> | |
| − | + | [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root<br> | |
| − | + | [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1<br> | |
| − | [root@ldap ~]# | + | [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2<br> |
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users<br> | ||
| − | + | <h4>Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph</h4> | |
| − | + | #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";<br> | |
| − | + | #74 $DEFAULT_BASE = "dc=adminmart,dc=com";<br> | |
| − | |||
| − | [root@ldap ~]# | + | <h4>Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file </h4> |
| − | + | <code> | |
| − | + | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif<br> | |
| − | [root@ldap ~]# | + | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif<br> |
| + | [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif<br> | ||
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users<br> | ||
| + | <h4>Step #10. Update root.ldif file for the "Manager" of LDAP Server </h4> | ||
| + | <code> | ||
| + | [root@ldap ~]# vi /etc/openldap/root.ldif<br> | ||
| + | #1 dn: uid=root,ou=People,dc=adminmart,dc=com<br> | ||
| + | #2 uid: root<br> | ||
| + | #3 cn: Manager<br> | ||
| + | #4 objectClass: account<br> | ||
</code> | </code> | ||
| − | + | <h4>Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)</h4> | |
| − | + | <code> | |
| − | Step # | + | [root@ldap ~]# cat /etc/openldap/adminmart.com.ldif<br> |
| − | + | dn: dc=adminmart,dc=com<br> | |
| − | <code>[root@ldap ~]# | + | dc: adminmart<br> |
| − | + | description: LDAP Admin<br> | |
| − | + | objectClass: dcObject<br> | |
| − | + | objectClass: organizationalUnit<br> | |
| − | + | ou: rootobject<br> | |
| − | < | + | <br> |
| + | dn: ou=People, dc=adminmart,dc=com<br> | ||
| + | ou: People<br> | ||
| + | description: Users of adminmart<br> | ||
| + | objectClass: organizationalUnit<br> | ||
| + | </code> | ||
| + | <h4>Step #12. Import all users in to the LDAP</h4> | ||
| + | <b>Add the Domain ldif file </b><br> | ||
| + | <br> | ||
| + | <code> | ||
| + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif<br> | ||
| + | Enter LDAP Password:<br> | ||
| + | adding new entry "dc=adminmart,dc=com"<br> | ||
| + | adding new entry "ou=People, dc=adminmart,dc=com"<br> | ||
| + | [root@ldap ~]#<br> | ||
| + | </code><br> | ||
| + | <br> | ||
| + | <b>Add the Users</b><br> | ||
| + | <br> | ||
| + | <code> | ||
| + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif<br> | ||
| + | Enter LDAP Password:<br> | ||
| + | adding new entry "uid=root,ou=People,dc=adminmart,dc=com"<br> | ||
| + | adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"<br> | ||
| + | [root@ldap ~]#<br> | ||
| + | <br> | ||
| + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif<br> | ||
| + | Enter LDAP Password:<br> | ||
| + | adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"<br> | ||
| + | [root@ldap ~]#<br> | ||
| + | <br> | ||
| + | [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif<br> | ||
| + | Enter LDAP Password:<br> | ||
| + | adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"<br> | ||
| + | [root@ldap ~]#<br> | ||
| + | </code><br> | ||
| + | <b>Note:</b> Repeat the same for the rest of users<br> | ||
| + | <h4>Step #13. Apply Changes </h4> | ||
| + | <code> | ||
| + | [root@ldap ~]# service ldap restart</code> <br> | ||
| + | <h4>Step #14. Test LDAP Server</h4> | ||
| + | It prints all the user information<br> | ||
| + | <br> | ||
| + | <code> | ||
| + | [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'</code> <br> | ||
| + | <br> | ||
| + | <br> | ||
| + | <h3>LDAP Client Configuration</h3> | ||
| + | <code> | ||
| + | [root@ldapclient ~]# authconfig </code><br> | ||
| + | <b> [*] Use LDAP [*] Use LDAP Authentication </b><br> | ||
| + | <br> | ||
| + | [Both should be checked]<br> | ||
| + | <br> | ||
| + | <b> [ ] Use TLS <br> | ||
| + | Server: ldap.adminmart.com<br> | ||
| + | Base DN: dc=adminmart,dc=com<br> | ||
| + | </b><br> | ||
| + | <br> | ||
[[Category:HOWTO]] | [[Category:HOWTO]] | ||
Revision as of 19:42, 10 February 2007
Contents
- 1 Step by Step Installation and Configuration OpenLDAP Server
- 2 Create VPS with OpenLDAP
- 3 Configuration of OpenLDAP Server
- 3.1 Step #1. Requirements
- 3.2 Step #2. Start the service
- 3.3 Step #3. Create LDAP root user password
- 3.4 Step #4. Update /etc/openldap/slapd.conf for the root password
- 3.5 Step #5. Apply Changes
- 3.6 Step #6. Create test users
- 3.7 Step #7. Migrate local users to LDAP
- 3.8 Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph
- 3.9 Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file
- 3.10 Step #10. Update root.ldif file for the "Manager" of LDAP Server
- 3.11 Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)
- 3.12 Step #12. Import all users in to the LDAP
- 3.13 Step #13. Apply Changes
- 3.14 Step #14. Test LDAP Server
- 4 LDAP Client Configuration
Step by Step Installation and Configuration OpenLDAP Server
Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E
System name: ldap.adminmart.com
Domain name: adminmart.com
System IP: 192.168.1.212
Note: Use your domain name and IP instead of adminmart
Create VPS with OpenLDAP
Create, Install vps with the following information
- vpsid : 212
- vpsip : 192.168.1.212
- vpsname : ldap
- vpshostname : ldap
Note: Please run these commands on hardware node
vzctl create 212 --ostemplate centos-4-i386-minimal
vzctl set 212 --ipadd 192.168.1.212 --save
vzctl set 212 --nameserver 202.88.156.6 --save
vzctl set 212 --onboot yes --save
vzctl set 212 --userpasswd root:changeme --save
vzctl set 212 --name ldap --save
vzctl set 212 --hostname ldap --save
vzctl start 212
vzyum 212 install *openldap* -y
Configuration of OpenLDAP Server
Easy steps for adding users:
1. Create unix user
2. Create unix user's ldap passwd file
3. Convert passwd.file to ldif file
4. Add ldap file to LDAP Directory using ldapadd
Step #1. Requirements
compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E
You can install them using the command:
yum install *openldap* -y
Step #2. Start the service
[root@ldap ~]# chkconfig --levels 235 ldap on
[root@ldap ~]# service ldap start
Step #3. Create LDAP root user password
[root@ldap ~]# slappasswd
New password:
Re-enter new password:
{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
[root@ldap ~]#
Step #4. Update /etc/openldap/slapd.conf for the root password
[root@ldap ~]# vi /etc/openldap/slapd.conf
#68 database bdb
#69 suffix "dc=adminmart,dc=com"
#70 rootdn "cn=Manager,dc=adminmart,dc=com"
#71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
Step #5. Apply Changes
[root@ldap ~]# service ldap restart
Step #6. Create test users
[root@ldap ~]# useradd test1
[root@ldap ~]# passwd test1
Changing password for user test1.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ldap ~]# useradd test2
[root@ldap ~]# passwd test2
Changing password for user test2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ldap ~]#
Note: Repeat the same for the rest of users
Step #7. Migrate local users to LDAP
[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
[root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
[root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
Note: Repeat the same for the rest of users
#71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
#74 $DEFAULT_BASE = "dc=adminmart,dc=com";
Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
Note: Repeat the same for the rest of users
Step #10. Update root.ldif file for the "Manager" of LDAP Server
[root@ldap ~]# vi /etc/openldap/root.ldif
#1 dn: uid=root,ou=People,dc=adminmart,dc=com
#2 uid: root
#3 cn: Manager
#4 objectClass: account
Step #11. Create a domain ldif file (/etc/openldap/adminmart.com.ldif)
[root@ldap ~]# cat /etc/openldap/adminmart.com.ldif
dn: dc=adminmart,dc=com
dc: adminmart
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=adminmart,dc=com
ou: People
description: Users of adminmart
objectClass: organizationalUnit
Step #12. Import all users in to the LDAP
Add the Domain ldif file
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
Enter LDAP Password:
adding new entry "dc=adminmart,dc=com"
adding new entry "ou=People, dc=adminmart,dc=com"
[root@ldap ~]#
Add the Users
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
Enter LDAP Password:
adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"
[root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif
Enter LDAP Password:
adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"
[root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test2.ldif
Enter LDAP Password:
adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"
[root@ldap ~]#
Note: Repeat the same for the rest of users
Step #13. Apply Changes
[root@ldap ~]# service ldap restart
Step #14. Test LDAP Server
It prints all the user information
[root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)'
LDAP Client Configuration
[root@ldapclient ~]# authconfig
[*] Use LDAP [*] Use LDAP Authentication
[Both should be checked]
[ ] Use TLS
Server: ldap.adminmart.com
Base DN: dc=adminmart,dc=com
