2014/12/30

Quick OpenLDAP Setup on CentOS 6.6

  1. Install the necessary files:
    yum install openldap openldap-clients openldap-servers
  2. Modify the following options in the /etc/openldap/slapd.d/cn\=config.ldif configuration file:
    #olcAllows: bind_v2  
    olcIdleTimeout: 60
    
    
  3. Generate the SSHA hash for the admin user:
    slappasswd -s password
    (example output: {SSHA}abunchofhash)
    
  4. Modify the following configuration options in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif. The domain will be test.com
    olcSuffix: dc=test,dc=com
    olcRootDN: cn=admin,dc=test,dc=com
    olcRootPW: {SSHA}abunchofhash
    
    
    
  5. Modify the olcAccess option in /etc/openldap/slapd.d/cn\=config/olcDatabase={1}monitor.ldif so the dn is correct:
    olcAccess: {0}to *  by/ dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"/
    read  by dn.base="cn=admin,dc=test,dc=com" read  by * none
    
    
  6. Start the OpenLDAP server and configure it to start at boot time:
    chkconfig slapd on
    service slapd start
    
    
  7. Create an LDIF (LDAP Interchange Format) file with the configuration for our organization LDAP tree. Here we will create two organizational units one called People, where all users be a member of this ou, and another ou called Groups, which will be used to create groups for our organization. At the end of the file specify who is the RootDN for this LDAP tree (cn=admin,dc=example,dc=com).  I named this file ldapconfig.ldif:
    dn: dc=test,dc=com
    objectclass: dcObject
    objectclass: organization
    o: Test Org
    dc: test
    
    dn: ou=Users,dc=test,dc=com
    objectClass: organizationalUnit
    objectClass: top
    ou: Users
    
    dn: ou=Groups,dc=test,dc=com
    objectClass: organizationalUnit
    objectClass: top
    ou: Groups
    
    dn: cn=admin,dc=test,dc=com
    objectclass: organizationalRole
    cn: admin
  8. Apply our LDIF file and test if the LDAP tree is ready with the ldapsearch command:
    ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f ldapconfig.ldif
    ldapsearch -x -b 'dc=test,dc=com' '(objectclass=*)'
  9. Create an ldap user by adding the below to an ldif file and running ldapadd as above:
    dn: uid=user1,ou=Users,dc=test,dc=com
    objectclass: top
    objectclass: person
    objectclass: inetOrgPerson
    objectclass: organizationalPerson
    uid: user1
    cn: User 1
    sn: 1
    givenName: User 1
    
    
  10. Assign a password for the user:
    ldappasswd -S -x -D "cn=admin,dc=test,dc=com" -W/ uid=user1,ou=People,dc=test,dc=com
    
    
  11. Create a group in the Groups organizational unit by adding the below to an ldif file and running ldapadd as above:
    dn: cn=group1,ou=Groups,dc=test,dc=com
    cn: group1

    objectclass: groupofnames
    member: uid=user1,ou=Users,dc=test,dc=com
    
    
  12. To add a newly created user to the group after the initial creation create another ldif file and add the below text to it.  Then modify the group with ldapmodify:
    dn: cn=group1,ou=Groups,dc=test,dc=com
    changetype: modify
    add: member
    member: uid=user2,ou=Users,dc=test,dc=com

    ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f addto_group1.ldif
    
    
  13. To remove a user from a group create another ldif file and add the below text.  Use ldapmodify to again modify the group:
    dn: cn=group1,ou=Groups,dc=test,dc=com
    changetype: modify
    delete: member
    member: uid=user2,ou=Users,dc=test,dc=com

    ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f removefrom_group1.ldif

6 comments:

  1. Great blog thanks for sharing Looking for the best creative agency to fuel new brand ideas? Adhuntt Media is not just a digital marketing company in chennai. We specialize in revamping your brand identity to drive in best traffic that converts.

    ReplyDelete
  2. Nice blog thanks for sharing Growing your own plant comes with its own challenges and responsibilities. This is why you need a plant nursery in chennai who is ready to help you out throughout the way and guide you through the hurdles of growing a plant - Enter Karuna Nursery Gardens.

    ReplyDelete
  3. Excellent blog thanks for sharing Pixies Beauty Shop is unlike any of the other cosmetic shops in Chennai. With tons of exclusive imported brands to choose from and the best value, this is the best shopping destination for your personal and salon needs.

    ReplyDelete
  4. Awesome blog thanks for sharing While choosing your perfect ride for driving, Accord Cars comes with and the best packages for you to pick from. Self drive cars in Chennai are done the easier. Just pick out your plan from hourly, daily, weekly and even monthly plans available.

    ReplyDelete
  5. Very useful blog thanks for sharing Pearls beauty lounge is the best beauty parlour in chennai. More than 30+ years experience in this field. When you come over at Pearl’s you don’t visit a just a beauty lounge, you are welcomed into an indulging experience which you’ll want to feel again and again. Our secret ingredient for your happiness is in going an extra mile to make you feel pampered.

    ReplyDelete