- Install the necessary files:
 yum install openldap openldap-clients openldap-servers 
- Modify the following options in the /etc/openldap/slapd.d/cn\=config.ldif configuration file:
 #olcAllows: bind_v2olcIdleTimeout: 60
- Generate the SSHA hash for the admin user:
 slappasswd -s password(example output: {SSHA}abunchofhash)
- Modify the following configuration options in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif. The domain will be test.com
 olcSuffix: dc=test,dc=com olcRootDN: cn=admin,dc=test,dc=com olcRootPW: {SSHA}abunchofhash
- Modify the olcAccess option in /etc/openldap/slapd.d/cn\=config/olcDatabase={1}monitor.ldif so the dn is correct:
 olcAccess: {0}to * by/ dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"/ 
 read by dn.base="cn=admin,dc=test,dc=com" read by * none
- Start the OpenLDAP server and configure it to start at boot time:
 chkconfig slapd on service slapd start
- Create   an LDIF (LDAP Interchange Format) file with the configuration for our   organization LDAP tree. Here we will create two organizational units one   called People, where all users be a member of this ou, and another ou   called Groups, which will be used to create groups for our organization.   At the end of the file specify who is the RootDN for this LDAP tree   (cn=admin,dc=example,dc=com).  I named this file ldapconfig.ldif:
 dn: dc=test,dc=com objectclass: dcObject objectclass: organization o: Test Org dc: test dn: ou=Users,dc=test,dc=com objectClass: organizationalUnit objectClass: top ou: Users dn: ou=Groups,dc=test,dc=com objectClass: organizationalUnit objectClass: top ou: Groups dn: cn=admin,dc=test,dc=com objectclass: organizationalRole cn: admin
- Apply our LDIF file and test if the LDAP tree is ready with the ldapsearch command:
 ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f ldapconfig.ldifldapsearch -x -b 'dc=test,dc=com' '(objectclass=*)'
- Create an ldap user by adding the below to an ldif file and running ldapadd as above:dn: uid=user1,ou=Users,dc=test,dc=com 
 objectclass: top
 objectclass: person
 objectclass: inetOrgPerson
 objectclass: organizationalPerson
 uid: user1
 cn: User 1
 sn: 1
 givenName: User 1
- Assign a password for the user:ldappasswd -S -x -D "cn=admin,dc=test,dc=com" -W/ uid=user1,ou=People,dc=test,dc=com 
- Create a group in the Groups organizational unit by adding the below to an ldif file and running ldapadd as above:
 dn: cn=group1,ou=Groups,dc=test,dc=com 
 cn: group1
 objectclass: groupofnames
 member: uid=user1,ou=Users,dc=test,dc=com
- To   add a newly created user to the group after the initial creation create   another ldif file and add the below text to it.  Then modify the group   with ldapmodify:dn: cn=group1,ou=Groups,dc=test,dc=com 
 changetype: modify
 add: member
 member: uid=user2,ou=Users,dc=test,dc=com
 ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f addto_group1.ldif 
- To remove a user from a group create another ldif file and add the below text.  Use ldapmodify to again modify the group:
 dn: cn=group1,ou=Groups,dc=test,dc=com 
 changetype: modify
 delete: member
 member: uid=user2,ou=Users,dc=test,dc=com
 ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f removefrom_group1.ldif 
2014/12/30
Quick OpenLDAP Setup on CentOS 6.6
Subscribe to:
Post Comments (Atom)
 
 
 
13 steps only, the quickest setup possible!
ReplyDeleteThanks for Sharing this information's about Packing Machines....I really like it, Thanks a lot!!!
ReplyDeleteJava training in chennai | Java training in annanagar | Java training in omr | Java training in porur | Java training in tambaram | Java training in velachery
WsCube Tech is a top-class institute for learning Ethical Hacking, Penetration Testing, and more cybersecurity skills. Wifi Hack Online
ReplyDeleteShareMouse Crack With Serial Key Free. ShareMouse Activation Key helps you choose between Unprotected Mode and Protected Mode from this tab ShareMouse Crack
ReplyDeleteBest first: I wish you a wonderful Christmas, fragrant with pine and cookies, filled with carols and giggling and plastic police car chases, with hugs Unique Christmas Wishes
ReplyDeleteGood content. You write beautiful things.
ReplyDeletemrbahis
taksi
hacklink
korsan taksi
sportsbet
hacklink
sportsbet
mrbahis
vbet
bilecik
ReplyDeletebüyükçekmece
demre
düzce
esenler
KXT
mersin
ReplyDeletenevşehir
uşak
ataşehir
küçükçekmece
ZE8İİ
resimli magnet
ReplyDeleteresimli magnet
çerkezköy çatı ustası
silivri çatı ustası
dijital kartvizit
MEC1C
https://saglamproxy.com
ReplyDeletemetin2 proxy
proxy satın al
knight online proxy
mobil proxy satın al
LLSV
This is a great guide to setting up OpenLDAP.
ReplyDelete