Introduction
OpenLDAP is an open source implementation of Lightweight Directory Access Protocol. I am starting series of LDAP configuration in which will explain how to configure LDAP server, authenticate users through LDAP. It is going to be very interesting series and every Linux administrator must have a knowledge on LDAP configuration.1) Installing OpenLDAP Packages.
~]# yum install -y openldap* migrationtools
This will install packages required for Openldap server configuration. Migrationtools is a set of scripts which we require to convert local users and groups in ldif format.After installing above packages run bellow command and set password for LDAP admin.
~]# slappasswd
After running above command you will get your password in encrypted format just copy that password for future reference.
2) Configuring LDAP Server.
Important configuration file:
i) olcDatabase={0}config.ldif
ii) olcDatabase={1}monitor.ldif
iii) olcDatabase={2}hdb.ldif
Above three files are the main configuration files in Openldap 2.4 in previous versions of LDAP all configuration is maintain in the slapd.conf file. Now its separated in this three different files.
Here, I have set hostname of my server as master.ldap.com so in this configuration our dc=ldap,dc=com.
Now, lets begin with configuration steps:
Above, /var/lib/ldap/ is the database directory of ldap and its own by the LDAP otherwise you will get error while doing configurations.So make sure to check owner and group before making changes.
Lets, start LDAP service and enable it after boot. Also, add it in firewalld.
Next, step is to add configuration details in above three mention files:
~]# cd /etc/openldap/slap.d/cn\=config/ ~]# vi olcDatabase\=\{0\}config.ldif
In this configuration file at the bottom of the file add bellow line:
olcRootPW: secret
where secret is the password which I have set using slappaswd command you can also paste that encrypted password which is generated after running slappaswd command.
~]# vi olcDatabase\=\{1\}monitor.ldif
Here, search for dc=example,dc=com and replace it with your dc style. I am using "cn=Manager,dc=ldap,dc=com". Don't get confuse with what is dc. It generally indicates a dns-based LDAP tree of some kind.This is the style active directory uses.
Bellow, is the last configuration file which we are going to change.
~]# vi olcDatabase\=\{2\}hdb.ldif
olcRootPW: secret
At the bottom of the line we need to add two more line as follows:
.
Basically, above lines are for how we are going to access LDAP database.
Now, we are going to import three default schema files into LDAP our database:
Next, step is to add oraganizational unit into LDAP database. So, here we are going to create base.ldif file with bellow content:
In the above file we have created two Organizational unit People and Group. Now, its time to import this ou into LDAP database.
~]# ldapadd -D "cn=Manager,dc=ldap,dc=com" -H ldapi:/// -f base.ldif
3) Migrating local users to LDAP:
Now, create some user's with useradd command. Once you create user we will migrate that user's to LDAP using Migrationtools package we have previously install.
For migrating users use bellow steps:
First, we will migrate user's from passwd file and then group file using migrationtools scripts.
~]# ./migrate_passwd /etc/passwd /tmp/passwd.ldif ~]# ./migrate_group /etc/group /tmp/group.ldif
Above, converted files contains data of all users and groups in ldif format.Let's import this two file in LDAP.
We can search the users of LDAP using ldapsearch command as follow:
~]# ldapsearch -x -LLL -b dc=ldap,dc=com "uid=test1" ~]# ldapsearch -x -LLL -b dc=ldap,dc=com "ou=People"
First, command will search for user test1 and output all the details of user test1.
We can also seach for particular ou as shown in second command above.
This completes our LDAP Server Configuration. Next Post will show you how to configure client to authenticate user's from LDAP server.
Comments
Post a Comment