CyberKeeda In Social Media

Configure OpenLDAP server in RHEL / CenOS 6 using slapd.conf

      It's time to configure Openldap Server for authentication purpose by slapd.conf method.

  • Steps to configure (Centralized Authentication) for RHEL systems using OpenLDAP
  • RHEL 6: Setting up openldap using slapd.conf and not using the newer way of slapd.d.
  • Openldap version -  openldap 2.4
Following are the basic steps to set up openldap on RHEL/CentOS 6 using slapd.conf method:

# yum install openldap-servers openldap-clients
# cd /etc/openldap/
# mv slapd.d/ slapd.d.bak

Copy slapd.conf file from /usr/share/openldap-servers/ directory to /etc/openldap/ directory.
# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

Make /etc/openldap/slapd.conf file look like the following

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword
        by self write
        by anonymous auth
        by * read

access to *
        by self read
        by users read
        by anonymous read

database bdb

suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw redhat

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub








slapd daemon needs to be started for using Centralised Authentication


# service slapd start





Now, create the root directory structure. Make a root.ldif with the following contents in it
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: example dot com
description: Home LDAP domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Groups,dc=example,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit











    


Add root.ldif to openldap database using ldapadd: 


# ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f root.ldif




Create a newuser.ldif to add one user and a group to openldap database. It will look like the following:

    


dn: uid=testuser,ou=People,dc=example,dc=com
uid: testuser
cn: testuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/testuser

dn: cn=testuser,ou=Groups,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser
gidNumber: 1000




Add the newuser in openldap databse using ldapadd


# ldapadd -x -D "cn=Manager,dc=example,dc=com" -w redhat -f newuser.ldif




Then set password for newly created user in openldap:


# ldappasswd -x -S -D "cn=Manager,dc=example,dc=com" "uid=testuser,ou=People,dc=example,dc=com" -w redhat




















Posted by

















Labels:
,

















No comments:















Post a Comment




















        

      







Subscribe to:
Post Comments (Atom)





















































  Designed By  Jackuna