Dec 18

Step by Step: How to Install and Configure LDAP Server

From my history of executed commands.

The command sequence works like charm [though some commands might fail as I am directly pasting from history]

You can check our other posts on LDAP client configuration. Also, go to the end of the commands list; some config file contents will be provided. These files need to be created and configured before the LDAP users start working. When you see a vi command (to create a file) in the command sequence , go to the file section and bring the configurations in the file.

1 ip addr ens33
2 ip addr
3 exit
4 ls
5 vim /etc/hosts

 

this was executed before. You need to execute at this point - if these tools are not already installed
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

6 systemctl start slapd.service
7 systemctl enable slapd.service
8 netstat -antup | grep -i 389
9 slappasswd
10 ls /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
11 vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
12 vim /etc/openldap/slapd.d/db.ldif
13 ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
14 cd /etc/openldap/slapd.d/
15 ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
16 vi monitor.ldif
17 ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
18 openssl req -new -x509 -nodes -out /etc/openldap/certs/itzgeekldapcert.pem -keyout /etc/openldap/certs/itzgeekldapkey.pem -days 365
19 chown -R ldap:ldap /etc/openldap/certs/*.pem
20 ll /etc/openldap/certs/*.pem
21 vi certs.ldif
22 ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
23 slaptest -u
24 config file testing succeeded
25 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
26 chown ldap:ldap /var/lib/ldap/*
27 dapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
28 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
29 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
30 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
31 vi base.ldif
32 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
33 slappasswd
34 vi db.ldif
35 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
36 systemctl restart slapd.service
37 systemctl enable slapd.service
38 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
39 vi db.ldif
40 ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
41 ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
42 chown -R ldap:ldap /etc/openldap/certs/*.pem
43 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
44 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
45 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
46 vi base.ldif
47 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
48 vi sayed.ldif
49 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f sayed.ldif
50 ldappasswd -s password123 -W -D "cn=ldapadm,dc=itzgeek,dc=local" -x "uid=raj,ou=People,dc=itzgeek,dc=local"
51 ldapsearch -x cn=raj -b dc=itzgeek,dc=local
52 ldapdelete -W -D "cn=ldapadm,dc=itzgeek,dc=local" "uid=raj,ou=People,dc=itzgeek,dc=local"
53 firewall-cmd --permanent --add-service=ldap
54 firewall-cmd --reload
55 vi /etc/rsyslog.conf
56 systemctl restart rsyslog
57 yum install -y openldap-clients nss-pam-ldapd
58 ip addr
59 ls /etc/yum.repos.d/local.repo
60 ip addr
61 nmtui
62 ifdown ens33
63 ifup ens33
64 authconfig --enableldap --enableldapauth --ldapserver=192.168.1.73 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
65 systemctl restart nslcd
66 yum install -y openldap-clients
67 systemctl start ftp
68 systemctl start vsftp
69 systemctl start vsftpd
70 yum install -y openldap-clients
71 yum install -y openldap-clients nss-pam-ldapd
72 authconfig --enableldap --enableldapauth --ldapserver=192.168.1.73 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
73 getent passwd sayed
74 systemctl restart nslcd
75 getent passwd sayed
76 cat /etc/passwd
77 exit
78 authconfig-tui
79 ls /etc/openldap/cacerts
80*
81 authconfig-gtk
82 yum install authconfig-gtk
83 ls /etc/openldap/certs/*.pem
84 cp /etc/openldap/certs/*.pem /etc/openldap/cacerts/
85 getent passwd sayed
86 authconfig-tui
87 getent passwd sayed
88 cat /etc/passwd
89 nmtui
90 ifdown ens33
91 ifup ens33
92 authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
93 systemctl start slapd.service
94 systemctl enable slapd.service
95 authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
96 systemctl restart nslcd
97 getent passwd sayed
98 pwd
99 cd /etc/openldap/slapd.d/
100 ls -la
101 vi raj.ldif
102 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f raj.ldif
103 ldappasswd -s password123 -W -D "cn=ldapadm,dc=itzgeek,dc=local" -x "uid=raj,ou=People,dc=itzgeek,dc=local"
104 ldapsearch -x cn=raj -b dc=itzgeek,dc=local
105 irewall-cmd --permanent --add-service=ldap
106 firewall-cmd --permanent --add-service=ldap
107 firewall-cmd --reload
108 vi /etc/rsyslog.conf
109 authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
110 systemctl restart nslcd
111 getent passwd raj
112 ifconfig
113 cat /etc/hosts
114 history

 

 

 

Reference: http://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html/2  [the great one]

 

 

vi /etc/hosts

192.168.12.10 server.itzgeek.local server
192.168.12.20 client.itzgeek.local client

 

 

# vi /etc/openldap/slapd.d/db.ldif
#remember to provide the correct password. Bring the password hash as created with: slappasswd 

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=itzgeek,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=itzgeek,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}QF+jBFJ/RWGVwPuDzQI87YJfJtKOYGhK

 

# vi monitor.ldif

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=itzgeek,dc=local" read by * none4
# vi base.ldif

dn: dc=itzgeek,dc=local
dc: itzgeek
objectClass: top
objectClass: domain

dn: cn=ldapadm ,dc=itzgeek,dc=local
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager

dn: ou=People,dc=itzgeek,dc=local
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=itzgeek,dc=local
objectClass: organizationalUnit
ou: Group

 

 

# vi certs.ldif

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/itzgeekldapcert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/itzgeekldapkey.pem

 

Create ldap users

vi raj.ldif

Paste the below lines to above LDIF file.

dn: uid=raj,ou=People,dc=itzgeek,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: raj
uid: raj
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/raj
loginShell: /bin/bash
gecos: Raj [Admin (at) ITzGeek]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

 

For the file

vi /etc/rsyslog.conf

Add below line to /etc/rsyslog.conf file.

local4.* /var/log/ldap.log

 

Check if the ldap users work:

# getent passwd raj
Skip to toolbar