Wednesday, March 18, 2015

ldap server configuration in centos 6 step by step

Leave a Comment
In this articles, how to install and configuration openldap in centos 6 step by step. openldap run 2 port: 389 ( insecure ) and 636 ( secure )

What does CN, OU, DC mean?

CN = infomon Name
OU = Organizational Unit
DC = Domain infoponent

Installing and configuration openldap server on in centos 6 

Step 1: Install LDAP
# yum install openldap*
Step 2: Now generate a encrypted password for Administrator User That is "Admin"
# slappasswd
NOTE: You need to copy above generated password to text

Step 3: Edit the following file:
# vi /etc/openldap/slapd.d/"cn=config"/"olcDatabase={2}bdb.ldif"
olcSuffix: dc=linuxoperatingsystem,dc=info
olcRootDN: cn=Admin,dc=linuxoperatingsystem,dc=info
olcRootPW: <paste encrypted="" here="" password="" your=""> ( copy password at step 2 )
olcTLSCertificateFile: /etc/pki/tls/certs/linuxoperatingsystem.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/linuxoperatingsystemkey.pem
Step 4: Now specify the Monitoring privileges
# vi /etc/openldap/slapd.d/"cn=config"/"olcDatabase={1}monitor.ldif"
Step 5:  Now copy the sample database file
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#chown -R ldap:ldap /var/lib/ldap/
Step 6: Configure OpenLDAP to listen on SSL/TLS
# vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes #(default is no)
Step 7: Now you need to create a certificate for OpenLDAP Server.
# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/linuxoperatingsystem.pem -keyout /etc/pki/tls/certs/linuxoperatingsystemkey.pem -days 365
Step 8:You need to change owner and group ownership of certificate and keyfile
#chown -Rf root:ldap /etc/pki/tls/certs/linuxoperatingsystem.pem
#chown -Rf root:ldap /etc/pki/tls/certs/linuxoperatingsystemkey.pem
Step 9:  Start/Restart the service of OpenLDAP
# service slapd restart
# chkconfig slapd on
Step 10: Now you need to create base objects in OpenLDAP.

Create it manually or use migration tools to automation

I use tool to create .ldif file :
# yum install migrationtools
# cd /usr/share/migrationtools/
# ls
# vi
on the Line Number 61, change "ou=Groups"
  $NAMINGCONTEXT{'group'}             = "ou=Groups";
  on the Line Number 71, change your domain name
on the line number 74, change your base name
$DEFAULT_BASE = "dc=linuxoperatingsystem,dc=info";
on the line number 90, change schema value
For example: Creating 2 local users and groups and then I will migrate to LDAP
# useradd -d /home/ldapuser1 ldapuser1
# useradd -d /home/ldapuser2 ldapuser2
Now assign the password
# passwd ldapuser1
# passwd ldapuser2
Now you need to filter out these users from /etc/passwd to another file:
# getent passwd | tail -n 2 > /root/users
Now you need to filter out password information from /etc/shadow to another file:
# getent shadow | tail -n 2 > /root/passwords
Now you need to filter out user groups from /etc/group to another file:
# getent group | tail -n 2 > /root/groups
So Open the following file to change the location of password file
# vi
Inside this file search /etc/shadow and change it to /root/passwords and then save and exit.

Now generate a base.ldif file for your Domain, use the following:
#./ > /root/base.ldif
Now generate a ldif file for users
# ./ /root/users > /root/users.ldif
Now Generate a ldif file for groups
# ./ /root/groups > /root/groups.ldif
Step 11: Now it' time to upload these ldif file to LDAP Server
# ldapadd -x -W -D "cn=Admin,dc=linuxoperatingsystem,dc=info" -f /root/base.ldif
# ldapadd -x -W -D "cn=Admin,dc=linuxoperatingsystem,dc=info" -f /root/users.ldif
# ldapadd -x -W -D "cn=Admin,dc=linuxoperatingsystem,dc=info" -f /root/groups.ldif

Enable log openldap Server

# vi /etc/rsyslog.conf
Add line following below into rsyslog.conf
local4.* /var/log/ldap.log
Restart Rsyslog server
# /etc/init.d/rsyslog restart

Restart openldap server

# /etc/init.d/slapd restart
Now you can use "ldapsearch" command
# ldapsearch -x -b "dc=linuxoperatingsystem,dc=info"

Test connect to Openldap server

I use JXplorer software as picture below :


Link youtube ldap server configuration in centos 6 step by step

Copyright by:


Post a Comment