JavaChap Blog Java and Technology musings for the masses

30Jan/102

Installing OpenLdap on Linux – CentOS

  1. Install Open Ldap Servers via YUM
    yum install openldap-servers
  2. Edit the /etc/openldap/slapd.conf file to specify the LDAP domain and server
    1. To use the slapd LDAP server, modify its configuration file /etc/openldap/slapd.conf, to specify the correct domain and server. The suffix line names the domain for which the LDAP server provides information and should be changed from:suffix "dc=your-domain,dc=com"so that it reflects a fully qualified domain name. For example:
      suffix "dc=javachap,dc=com"
    2. The rootdn entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The rootdn user can be thought of as the root user for the LDAP directory. In the configuration file, change the rootdn line from its default value as in the following :
      rootdn "cn=Manager,dc=javachap,dc=com"
    3. When populating an LDAP directory over a network, change the rootpw line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command:
      /usr/sbin/slappasswd

      When prompted, type and then re-type a password. The program prints the resulting encrypted password to the shell prompt. Next, copy the newly created encrypted password into the /etc/openldap/slapd.conf on one of the rootpw lines and remove the hash mark (#). When finished, the line should look similar to the following example:

      rootpw {SSHA}vv2y+i233234azrIv70xSSnNAJ4538bb2u
  3. Copy the file /etc/openldap/DB_CONFIG.example and put it into/var/lib/ldap as DB_CONFIG
    cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
  4. Create users.ldif with the following content. This will create 2 users admin, javachap in Admin role.
    dn: dc=javachap,dc=com
    dc: javachap
    objectClass: domain
    dn: ou=People,dc=javachap,dc=com
    ou: People
    objectClass: organizationalUnit
    dn: ou=Groups,dc=javachap,dc=com
    ou: Groups
    objectClass: organizationalUnit
    
    # Engineering Department
    dn: ou=Engineering,ou=People,dc=javachap,dc=com
    ou: Engineering
    objectClass: organizationalUnit
    
    # Admin Group
    dn: cn=Admin,ou=Groups,dc=javachap,dc=com
    gidNumber: 502
    memberUid: admin
    memberUid: javachap
    cn: Admin
    objectClass: posixGroup
    
    # Admin User :
    dn: uid=javachap,ou=Engineering,ou=People,dc=javachap,dc=com
    sn: Java Chap
    userPassword: e235yeXB0f343444bE45Z0s0GmM=
    objectClass: shadowAccount
    objectClass: person
    uid: javachap
    cn: Java Chap
    
    # Admin User : admin
    dn: uid=admin,ou=Engineering,ou=People,dc=javachap,dc=com
    sn: Admin User
    userPassword: e2452eXB02222Zk9qYjhUZVBUGmc=
    objectClass: shadowAccount
    objectClass: person
    uid: admin
    cn: Administrator
    
  5. Add the users to ldap with the following command, you need to supply the root dn and password that was setup in step 2.3
    ldapadd -x -D "cn=Manager,dc=javachap,dc=com" -w password -f users.ldif
  6. Start ldap service with the command:
    /sbin/service ldap start
Comments (2) Trackbacks (0)
  1. Thanks for that great , clear piece
    May I add that maybe in other distrubution such as old ubuntu , in the ldif file , you must have a new line after each objectClass :

    dn: dc=esprit,dc=tn
    dc: esprit
    objectClass: domain

    dn: ou=People,dc=esprit,dc=tn
    ou: People
    objectClass: organizationalUnit

    dn: ou=Groups,dc=esprit,dc=tn
    ou: Groups
    objectClass: organizationalUnit

    for example.
    thanks again ,

  2. Great piece, it was able to help me fit together the missing pieces to get LDAP working.

    Also, you must have the ldap service started before you can add anything.


Leave a comment

(required)

Spam protection by WP Captcha-Free

No trackbacks yet.