Ldap configuration documentation
•
0 likes•503 views
This document provides instructions for configuring an LDAP server with the following key steps: 1. Install required LDAP packages and create a root password. 2. Configure the LDAP configuration file and import a base LDIF file. 3. Create Unix test accounts, convert their passwords to LDIF files, and import the LDIF files into the LDAP database.
More Related Content
What's hot
What's hot (20)
Similar to Ldap configuration documentation
Similar to Ldap configuration documentation (20)
Recently uploaded
Recently uploaded (20)
Ldap configuration documentation
- 1. LDAP Configuration Documentation Installation Guide 01. Network Details: Below is the network details used while writing this article. System name: openldap.example.com System IP: 192.168.10.50 Domain Name: example.com Step 1: Create Test Accounts Firsty create two test user accounts in your linux system using following commnands. # useradd ldapuser1 # useradd ldapuser2 # passwd ldapuser1 # passwd ldapuser2 Step 2: Install Requird Packages Below is list of software required for setup openldap compat-openldap openldap-clients openldap-devel openldap-servers openldap-servers-sql Install all packages using following command. # yum install *openldap* -y
- 2. Step 3: Setup OpenLDAP root Password After installing openldap packages, First create OpenLDAP root user password # slappasswd New password: Re-enter new password: {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw Step 4:Edit Configuration File Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step # vi /etc/openldap/slapd.conf database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw Step 5:Setup LDAP Database File Copye example LDAP database file at below location. Use given example file from openldap # cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG Step 6 Start Services Start openldap service and setup service to auto start on system boot
- 3. # service ldap start # chkconfig ldap on Step 7: Create Domain LDIF File Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif # vim /etc/openldap/base.ldif dn: dc=example,dc=com dc: example objectClass: top objectClass: domain dn: ou=users,dc=example,dc=com ou: users objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: top objectClass: organizationalUnit Step 8: Create Users LDIF File After creating ldif file for your domain, Let create ldif file for all test users. # cd /usr/share/openldap/migration/
- 4. # grep root /etc/passwd > /etc/openldap/passwd.root # grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1 # grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2 # ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif Step 9: Edit Users LDIF Files Modify all LDIF files created for users as per below given example for ldapuser1. # vim /etc/openldap/ldapuser1.ldif dn: uid=ldapuser1,dc=example,dc=com uid: ldapuser1 cn: ldapuser1 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: radiusprofile description: 802.1x user radiusFilterId: "Enterasys:version=1:policy=Enterprise User" userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
- 5. shadowLastChange: 15419 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 612 gidNumber: 612 homeDirectory: /home/ldapuser1 Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication objectClass: radiusprofile description: 802.1x user radiusFilterId: “Enterasys:version=1:policy=Enterprise User” Step 10: Import All Data Import all Data from configuration files to LDAP database Importing base.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif Enter LDAP Password: adding new entry "dc=example,dc=com" adding new entry "ou=users,dc=example,dc=com" adding new entry "ou=Group,dc=example,dc=com" Importing root.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif
- 6. Enter LDAP Password: adding new entry "uid=root,ou=users,dc=example,dc=com" adding new entry "uid=operator,ou=users,dc=example,dc=com" Importing ldapuser1.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif Enter LDAP Password: adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com" Importing ldapuser2.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif Enter LDAP Password: adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com" Step 11: Restart LDAP Service Stop and Start LDAP service using following command. # /etc/init.d/ldap stop # /etc/init.d/ldap start Step 12: Test Your Setup You setup has been completed, Lets test your ldap server using ldapsearch # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
- 7. Congratulation’s your ldap setup has been completed. Installation Guide 01 Completed
- 8. Installation Guide 02 Start Step by Step Installation and Configuration OpenLDAP Server Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E System name: ldap.shree.com Domain name: shree.com System IP: 192.168.1.212 Note: Use your domain name and IP instead of adminmart. Easy steps for adding users: 1. Create unix user 2. Create unix user's ldap passwd file 3. Convert passwd.file to ldif file 4. Add ldap file to LDAP Directory using ldapadd Step #1. Requirements compat-openldap.i386 0:2.1.30-6.4E openldap-clients.i386 0:2.2.13-6.4E openldap-devel.i386 0:2.2.13-6.4E openldap-servers.i386 0:2.2.13-6.4E openldap-servers-sql.i386 0:2.2.13-6.4E You can install them using the command: yum install *openldap* -y Step #2. Start the service [root@ldap ~]# chkconfig --levels 235 ldap on [root@ldap ~]# service ldap start Step #3. Create LDAP root user password [root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW [root@ldap ~]# Step #4. Update /etc/openldap/slapd.conf for the root password [root@ldap ~]# vi /etc/openldap/slapd.conf #68 database bdb #69 suffix "dc=adminmart,dc=com"
- 9. #70 rootdn "cn=Manager,dc=adminmart,dc=com" #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW Step #5. Apply Changes [root@ldap ~]# service ldap restart Step #6. Create test users [root@ldap ~]# useradd test1 [root@ldap ~]# passwd test1 Changing password for user test1. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# useradd test2 [root@ldap ~]# passwd test2 Changing password for user test2. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# Note: Repeat the same for the rest of users Step #7. Migrate local users to LDAP [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2 Note: Repeat the same for the rest of users Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph #71 $DEFAULT_MAIL_DOMAIN = "shree.com"; #74 $DEFAULT_BASE = "dc=adminmart,dc=com"; Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
- 10. Note: Repeat the same for the rest of users Step #10. Update root.ldif file for the "Manager" of LDAP Server [root@ldap ~]# vi /etc/openldap/root.ldif #1 dn: uid=root,ou=People,dc=adminmart,dc=com #2 uid: root #3 cn: Manager #4 objectClass: account Step #11. Create a domain ldif file (/etc/openldap/shree.com.ldif) [root@ldap ~]# cat /etc/openldap/shree.com.ldif dn: dc=adminmart,dc=com dc: adminmart description: LDAP Admin objectClass: dcObject objectClass: organizationalUnit ou: rootobject dn: ou=People, dc=adminmart,dc=com ou: People description: Users of adminmart objectClass: organizationalUnit Step #12. Import all users in to the LDAP Add the Domain ldif file [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/shree.com.ldif Enter LDAP Password: adding new entry "dc=adminmart,dc=com" adding new entry "ou=People, dc=adminmart,dc=com" [root@ldap ~]# Add the users: [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/root.ldif
- 11. Enter LDAP Password: adding new entry "uid=root,ou=People,dc=adminmart,dc=com" adding new entry "uid=operator,ou=People,dc=adminmart,dc=com" [root@ldap ~]# [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/test1.ldif Enter LDAP Password: adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" [root@ldap ~]# [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/test2.ldif Enter LDAP Password: adding new entry "uid=test2,ou=People,dc=adminmart,dc=com" [root@ldap ~]# Note: Repeat the same for the rest of users Step #13. Apply Changes [root@ldap ~]# service ldap restart Step #14. Test LDAP Server It prints all the user information: [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' Installation Guide 02 Completed Shree H. Niraula sriniraula@gmail.com