30Jan/102
Installing OpenLdap on Linux – CentOS
- Install Open Ldap Servers via YUM
yum install openldap-servers
- Edit the /etc/openldap/slapd.conf file to specify the LDAP domain and server
- To use the slapd LDAP server, modify its configuration file /etc/openldap/slapd.conf, to specify the correct domain and server. The suffix line names the domain for which the LDAP server provides information and should be changed from:suffix "dc=your-domain,dc=com"so that it reflects a fully qualified domain name. For example:
suffix "dc=javachap,dc=com"
- The rootdn entry is the Distinguished Name (DN) for a user who is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. The rootdn user can be thought of as the root user for the LDAP directory. In the configuration file, change the rootdn line from its default value as in the following :
rootdn "cn=Manager,dc=javachap,dc=com"
- When populating an LDAP directory over a network, change the rootpw line — replacing the default value with an encrypted password string. To create an encrypted password string, type the following command:
/usr/sbin/slappasswd
When prompted, type and then re-type a password. The program prints the resulting encrypted password to the shell prompt. Next, copy the newly created encrypted password into the /etc/openldap/slapd.conf on one of the rootpw lines and remove the hash mark (#). When finished, the line should look similar to the following example:
rootpw {SSHA}vv2y+i233234azrIv70xSSnNAJ4538bb2u
- To use the slapd LDAP server, modify its configuration file /etc/openldap/slapd.conf, to specify the correct domain and server. The suffix line names the domain for which the LDAP server provides information and should be changed from:suffix "dc=your-domain,dc=com"so that it reflects a fully qualified domain name. For example:
- Copy the file /etc/openldap/DB_CONFIG.example and put it into/var/lib/ldap as DB_CONFIG
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
- Create users.ldif with the following content. This will create 2 users admin, javachap in Admin role.
dn: dc=javachap,dc=com dc: javachap objectClass: domain dn: ou=People,dc=javachap,dc=com ou: People objectClass: organizationalUnit dn: ou=Groups,dc=javachap,dc=com ou: Groups objectClass: organizationalUnit # Engineering Department dn: ou=Engineering,ou=People,dc=javachap,dc=com ou: Engineering objectClass: organizationalUnit # Admin Group dn: cn=Admin,ou=Groups,dc=javachap,dc=com gidNumber: 502 memberUid: admin memberUid: javachap cn: Admin objectClass: posixGroup # Admin User : dn: uid=javachap,ou=Engineering,ou=People,dc=javachap,dc=com sn: Java Chap userPassword: e235yeXB0f343444bE45Z0s0GmM= objectClass: shadowAccount objectClass: person uid: javachap cn: Java Chap # Admin User : admin dn: uid=admin,ou=Engineering,ou=People,dc=javachap,dc=com sn: Admin User userPassword: e2452eXB02222Zk9qYjhUZVBUGmc= objectClass: shadowAccount objectClass: person uid: admin cn: Administrator
- Add the users to ldap with the following command, you need to supply the root dn and password that was setup in step 2.3
ldapadd -x -D "cn=Manager,dc=javachap,dc=com" -w password -f users.ldif
- Start ldap service with the command:
/sbin/service ldap start
May 29th, 2011 - 05:28
Thanks for that great , clear piece
May I add that maybe in other distrubution such as old ubuntu , in the ldif file , you must have a new line after each objectClass :
dn: dc=esprit,dc=tn
dc: esprit
objectClass: domain
dn: ou=People,dc=esprit,dc=tn
ou: People
objectClass: organizationalUnit
dn: ou=Groups,dc=esprit,dc=tn
ou: Groups
objectClass: organizationalUnit
for example.
thanks again ,
November 2nd, 2011 - 17:46
Great piece, it was able to help me fit together the missing pieces to get LDAP working.
Also, you must have the ldap service started before you can add anything.