Quick OpenLDAP Setup on CentOS 6.6

1. Install the necessary files:
   

   yum install openldap openldap-clients openldap-servers

2. Modify the following options in the /etc/openldap/slapd.d/cn\=config.ldif configuration file:
   

   #olcAllows: bind_v2  

   olcIdleTimeout: 60

3. Generate the SSHA hash for the admin user:
   

   slappasswd -s password

   (example output: {SSHA}abunchofhash)
   

4. Modify the following configuration options in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif. The domain will be test.com
   

   olcSuffix: dc=test,dc=com
   olcRootDN: cn=admin,dc=test,dc=com
   olcRootPW: {SSHA}abunchofhash
   

5. Modify the olcAccess option in /etc/openldap/slapd.d/cn\=config/olcDatabase={1}monitor.ldif so the dn is correct:
   

   olcAccess: {0}to *  by/ dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"/
   read  by dn.base="cn=admin,dc=test,dc=com" read  by * none

6. Start the OpenLDAP server and configure it to start at boot time:
   

   chkconfig slapd on
   service slapd start

7. Create an LDIF (LDAP Interchange Format) file with the configuration for our organization LDAP tree. Here we will create two organizational units one called People, where all users be a member of this ou, and another ou called Groups, which will be used to create groups for our organization. At the end of the file specify who is the RootDN for this LDAP tree (cn=admin,dc=example,dc=com).  I named this file ldapconfig.ldif:
   

   dn: dc=test,dc=com
   objectclass: dcObject
   objectclass: organization
   o: Test Org
   dc: test
   
   dn: ou=Users,dc=test,dc=com
   objectClass: organizationalUnit
   objectClass: top
   ou: Users
   
   dn: ou=Groups,dc=test,dc=com
   objectClass: organizationalUnit
   objectClass: top
   ou: Groups
   
   dn: cn=admin,dc=test,dc=com
   objectclass: organizationalRole
   cn: admin

8. Apply our LDIF file and test if the LDAP tree is ready with the ldapsearch command:
   

   ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f ldapconfig.ldif

   ldapsearch -x -b 'dc=test,dc=com' '(objectclass=*)'

9. Create an ldap user by adding the below to an ldif file and running ldapadd as above:
   

   dn: uid=user1,ou=Users,dc=test,dc=com
   objectclass: top
   objectclass: person
   objectclass: inetOrgPerson
   objectclass: organizationalPerson
   uid: user1
   cn: User 1
   sn: 1
   givenName: User 1

10. Assign a password for the user:
    

    ldappasswd -S -x -D "cn=admin,dc=test,dc=com" -W/ uid=user1,ou=People,dc=test,dc=com

11. Create a group in the Groups organizational unit by adding the below to an ldif file and running ldapadd as above:
    

    dn: cn=group1,ou=Groups,dc=test,dc=com
    cn: group1
    objectclass: groupofnames
    member: uid=user1,ou=Users,dc=test,dc=com

12. To add a newly created user to the group after the initial creation create another ldif file and add the below text to it.  Then modify the group with ldapmodify:
    

    dn: cn=group1,ou=Groups,dc=test,dc=com
    changetype: modify
    add: member
    member: uid=user2,ou=Users,dc=test,dc=com

    
    

    ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f addto_group1.ldif

13. To remove a user from a group create another ldif file and add the below text.  Use ldapmodify to again modify the group:
    

    dn: cn=group1,ou=Groups,dc=test,dc=com
    changetype: modify
    delete: member
    member: uid=user2,ou=Users,dc=test,dc=com

    
    

    ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f removefrom_group1.ldif