- Install the necessary files:
yum install openldap openldap-clients openldap-servers
- Modify the following options in the /etc/openldap/slapd.d/cn\=config.ldif configuration file:
#olcAllows: bind_v2olcIdleTimeout: 60 - Generate the SSHA hash for the admin user:
slappasswd -s password(example output: {SSHA}abunchofhash) - Modify the following configuration options in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif. The domain will be test.com
olcSuffix: dc=test,dc=com olcRootDN: cn=admin,dc=test,dc=com olcRootPW: {SSHA}abunchofhash - Modify the olcAccess option in /etc/openldap/slapd.d/cn\=config/olcDatabase={1}monitor.ldif so the dn is correct:
olcAccess: {0}to * by/ dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"/
read by dn.base="cn=admin,dc=test,dc=com" read by * none - Start the OpenLDAP server and configure it to start at boot time:
chkconfig slapd on service slapd start - Create an LDIF (LDAP Interchange Format) file with the configuration for our organization LDAP tree. Here we will create two organizational units one called People, where all users be a member of this ou, and another ou called Groups, which will be used to create groups for our organization. At the end of the file specify who is the RootDN for this LDAP tree (cn=admin,dc=example,dc=com). I named this file ldapconfig.ldif:
dn: dc=test,dc=com objectclass: dcObject objectclass: organization o: Test Org dc: test dn: ou=Users,dc=test,dc=com objectClass: organizationalUnit objectClass: top ou: Users dn: ou=Groups,dc=test,dc=com objectClass: organizationalUnit objectClass: top ou: Groups dn: cn=admin,dc=test,dc=com objectclass: organizationalRole cn: admin - Apply our LDIF file and test if the LDAP tree is ready with the ldapsearch command:
ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f ldapconfig.ldifldapsearch -x -b 'dc=test,dc=com' '(objectclass=*)' - Create an ldap user by adding the below to an ldif file and running ldapadd as above:
dn: uid=user1,ou=Users,dc=test,dc=com
objectclass: top
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
uid: user1
cn: User 1
sn: 1
givenName: User 1 - Assign a password for the user:
ldappasswd -S -x -D "cn=admin,dc=test,dc=com" -W/ uid=user1,ou=People,dc=test,dc=com
- Create a group in the Groups organizational unit by adding the below to an ldif file and running ldapadd as above:
dn: cn=group1,ou=Groups,dc=test,dc=com
cn: group1
objectclass: groupofnames
member: uid=user1,ou=Users,dc=test,dc=com - To add a newly created user to the group after the initial creation create another ldif file and add the below text to it. Then modify the group with ldapmodify:
dn: cn=group1,ou=Groups,dc=test,dc=com
changetype: modify
add: member
member: uid=user2,ou=Users,dc=test,dc=com
ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f addto_group1.ldif
- To remove a user from a group create another ldif file and add the below text. Use ldapmodify to again modify the group:
dn: cn=group1,ou=Groups,dc=test,dc=com
changetype: modify
delete: member
member: uid=user2,ou=Users,dc=test,dc=com
ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f removefrom_group1.ldif
2014/12/30
Quick OpenLDAP Setup on CentOS 6.6
Subscribe to:
Posts (Atom)