Skip to content

vinil-v/basic-ldap

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
README.md
README.md
 
 
ldapuser.sh
ldapuser.sh
 
 

Repository files navigation

How To Install and Configure a Basic LDAP Server

The following parameters are used to configure the ldap server.

Domain: vinil.com
Domain DN: dc=vinil,dc=com
LDAP Server: ldapserver.vinil.com
OS Version : Red Hat Enterprise Linux Server release 7.9 (Maipo)

Installing packages required to configure Ldap server:

[root@ldapserver ~]# yum -y install openldap-servers openldap-clients

copying the sample config file and starting the service

[root@ldapserver ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldapserver ~]# chown ldap. /var/lib/ldap/DB_CONFIG
[root@ldapserver ~]# systemctl start slapd
[root@ldapserver ~]# systemctl enable slapd

Set OpenLDAP admin password.

[root@ldapserver ~]# slappasswd
New password:
Re-enter new password:
{SSHA}lQiyFGZXw4Uk3F2Bic74EbShG3Fl6C57

specify the password generated above for "olcRootPW" section

[root@ldapserver ~]# vi chrootpw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}lQiyFGZXw4Uk3F2Bic74EbShG3Fl6C57

[root@ldapserver ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

Import basic schemas

[root@ldapserver ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

[root@ldapserver ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"

[root@ldapserver ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"

Set your domain name on LDAP DB.

[root@ldapserver ~]# slappasswd
New password:
Re-enter new password:
{SSHA}E1rizZbX2PijOZrh0JYb0E8VwZF+jshy

[root@ldapserver ~]# vi chdomain.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=vinil,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=vinil,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=vinil,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}E1rizZbX2PijOZrh0JYb0E8VwZF+jshy

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=vinil,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=vinil,dc=com" write by * read

[root@ldapserver ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}monitor,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

[root@ldapserver ~]# vi basedomain.ldif
dn: dc=vinil,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Vinil Com
dc: vinil

dn: cn=Manager,dc=vinil,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=vinil,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=vinil,dc=com
objectClass: organizationalUnit
ou: Group

[root@ldapserver ~]# ldapadd -x -D cn=Manager,dc=vinil,dc=com -W -f basedomain.ldif
Enter LDAP Password:
adding new entry "dc=vinil,dc=com"

adding new entry "cn=Manager,dc=vinil,dc=com"

adding new entry "ou=People,dc=vinil,dc=com"

adding new entry "ou=Group,dc=vinil,dc=com"

Checking the ldap server setup:

[root@ldapserver ~]# ss -tlpnu | grep slapd
tcp LISTEN 0 128 :389 : users:(("slapd",pid=1731,fd=8))
tcp LISTEN 0 128 [::]:389 [::]: users:(("slapd",pid=1731,fd=9))

verifying the config file

[root@ldapserver ~]# slaptest
config file testing succeeded

running ldapsearch

[root@ldapserver ~]# ldapsearch -x -b "dc=vinil,dc=com" -H ldap://ldapserver.vinil.com

Adding some ldap users for testing
 run useradd to add some users in ldapserver and set the password.

[root@ldapserver ~]# useradd user1
[root@ldapserver ~]# useradd user2
[root@ldapserver ~]# useradd user3
[root@ldapserver ~]# useradd user4
[root@ldapserver ~]# useradd user5
[root@ldapserver ~]# echo "vinilv123" | passwd --stdin user1
Changing password for user user1.
passwd: all authentication tokens updated successfully.
[root@ldapserver ~]# echo "vinilv123" | passwd --stdin user2
Changing password for user user2.
passwd: all authentication tokens updated successfully.
[root@ldapserver ~]# echo "vinilv123" | passwd --stdin user3
Changing password for user user3.
passwd: all authentication tokens updated successfully.
[root@ldapserver ~]# echo "vinilv123" | passwd --stdin user4
Changing password for user user4.
passwd: all authentication tokens updated successfully.
[root@ldapserver ~]# echo "vinilv123" | passwd --stdin user5
Changing password for user user5.
passwd: all authentication tokens updated successfully.

run ldapuser.sh script to create ldif file for adding the users to ldap server.
 [root@ldapserver ~]# sh ldapuser.sh

[root@ldapserver ~]# ls -ltr
-rw-r--r-- 1 root root 4025 Feb 22 11:20 ldapuser.ldif

Add the users to ldap server using ldapadd

[root@ldapserver ~]# ldapadd -x -D cn=Manager,dc=vinil,dc=com -W -f ldapuser.ldif
Enter LDAP Password:
adding new entry "uid=packer,ou=People,dc=vinil,dc=com"

adding new entry "uid=vinil,ou=People,dc=vinil,dc=com"

adding new entry "uid=user1,ou=People,dc=vinil,dc=com"

adding new entry "uid=user2,ou=People,dc=vinil,dc=com"

adding new entry "uid=user3,ou=People,dc=vinil,dc=com"

adding new entry "uid=user4,ou=People,dc=vinil,dc=com"

adding new entry "uid=user5,ou=People,dc=vinil,dc=com"

adding new entry "cn=packer,ou=Group,dc=vinil,dc=com"

adding new entry "cn=vinil,ou=Group,dc=vinil,dc=com"

adding new entry "cn=user1,ou=Group,dc=vinil,dc=com"

adding new entry "cn=user2,ou=Group,dc=vinil,dc=com"

adding new entry "cn=user3,ou=Group,dc=vinil,dc=com"

adding new entry "cn=user4,ou=Group,dc=vinil,dc=com"

adding new entry "cn=user5,ou=Group,dc=vinil,dc=com"

About

Basic Ldap setup

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%