CyberKeeda In Social Media

Configure OpenLDAP server in RHEL / CenOS 6 using slapd.conf

      It's time to configure Openldap Server for authentication purpose by slapd.conf method.

  • Steps to configure (Centralized Authentication) for RHEL systems using OpenLDAP
  • RHEL 6: Setting up openldap using slapd.conf and not using the newer way of slapd.d.
  • Openldap version -  openldap 2.4
Following are the basic steps to set up openldap on RHEL/CentOS 6 using slapd.conf method:

# yum install openldap-servers openldap-clients
# cd /etc/openldap/
# mv slapd.d/ slapd.d.bak

Copy slapd.conf file from /usr/share/openldap-servers/ directory to /etc/openldap/ directory.
# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

Make /etc/openldap/slapd.conf file look like the following

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

allow bind_v2

pidfile /var/run/openldap/
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword
        by self write
        by anonymous auth
        by * read

access to *
        by self read
        by users read
        by anonymous read

database bdb

suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw redhat

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

slapd daemon needs to be started for using Centralised Authentication
# service slapd start

Now, create the root directory structure. Make a root.ldif with the following contents in it
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: example dot com
description: Home LDAP domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Groups,dc=example,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit

Add root.ldif to openldap database using ldapadd: 
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f root.ldif

Create a newuser.ldif to add one user and a group to openldap database. It will look like the following:
dn: uid=testuser,ou=People,dc=example,dc=com uid: testuser cn: testuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: loginShell: /bin/bash uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/testuser dn: cn=testuser,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: top cn: testuser gidNumber: 1000
Add the newuser in openldap databse using ldapadd
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f newuser.ldif

Then set password for newly created user in openldap:
# ldappasswd -x -S -D "cn=Manager,dc=example,dc=com" "uid=testuser,ou=People,dc=example,dc=com" -w redhat

No comments:

Post a Comment

Designed By Jackuna