It's time to configure Openldap Server for authentication purpose by slapd.conf method.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to attrs=userPassword
by self write
by anonymous auth
by * read
access to *
by self read
by users read
by anonymous read
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw redhat
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
- Steps to configure (Centralized Authentication) for RHEL systems using OpenLDAP
- RHEL 6: Setting up openldap using slapd.conf and not using the newer way of slapd.d.
- Openldap version - openldap 2.4
Following are the basic steps to set up openldap on RHEL/CentOS 6 using slapd.conf method:
# yum install openldap-servers openldap-clients
# cd /etc/openldap/
# mv slapd.d/ slapd.d.bak
Copy slapd.conf file from
# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
Make
/usr/share/openldap-servers/
directory to /etc/openldap/
directory.# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
Make
/etc/openldap/slapd.conf
file look like the followinginclude /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to attrs=userPassword
by self write
by anonymous auth
by * read
access to *
by self read
by users read
by anonymous read
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw redhat
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
slapd
daemon needs to be started for using Centralised Authentication# service slapd start
Now, create the root directory structure. Make a root.ldif
with the following contents in it
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: example dot com
description: Home LDAP domain
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Groups,dc=example,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit
ldapadd
:
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f root.ldif
Create a newuser.ldif to add one user and a group to openldap database. It will look like the following:
Add the newuser in openldap databse using ldapadd
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f newuser.ldif
Then set password for newly created user in openldap:
# ldappasswd -x -S -D "cn=Manager,dc=example,dc=com" "uid=testuser,ou=People,dc=example,dc=com" -w redhat
No comments:
Post a Comment