Installing and configuting a LDAP server on CentOS / Red Hat 6

  • dc = Domain Component
  • cn = Common Name
  • ou = organizational Unit
  • dn = Distinguished Name

Install the required packages

yum install openldap-servers openldap-clients

Configuring the server

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

cd /etc/openldap

mv slapd.d slapd.d.original

cp ldap.conf ldap.conf.original

cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf

Generate the password for Manager

slappasswd

Edit configuration file

vi /etc/openldap/slapd.conf

suffix "dc=corneschi,dc=ro"
rootdn "cn=Manager,dc=corneschi,dc=ro"
rootpw {SSHA}V7IS3vYe8P0/IcOvJmfEdjY1LXuWPV3U

Start the service

chkconfig slapd on

/etc/init.d/slapd start

Configure rsyslog

vi /etc/rsyslog.conf

# LDAP
local4.* /var/log/ldap.log
touch /var/log/ldap.log

Restart rsyslog and ldap services

service rsyslog restart

service slapd restart

Initiate LDAP Directory Database

vi ldap-init.ldif

dn: dc=corneschi,dc=ro
dc: corneschi
o: corneschi.ro LDAP Server
description: Root entry for corneschi.ro
 corneschi.ro is a public website that provides a professional forum to exchange
 information, ideas, and expertise on advanced topics in the IT and scientific fields.
 The audience for corneschi.ro includes Database Administrators, System Administrators,
 Developers, Computer Scientists, Software Engineers, and Mathematicians.
objectClass: top
objectclass: dcObject
objectclass: organization

## FIRST Level hierarchy - People

dn: ou=People,dc=corneschi,dc=ro
ou: People
description: All people in corneschi.ro
objectClass: top
objectClass: organizationalUnit

## FIRST Level hierarchy - Groups

dn: ou=Groups,dc=corneschi,dc=ro
ou: Groups
description: All groups in corneschi.ro
objectClass: top
objectClass: organizationalUnit

## FIRST Level hierarchy - Hosts

dn: ou=Hosts,dc=corneschi,dc=ro
ou: Hosts
description: All hosts in corneschi.ro
objectClass: top
objectClass: organizationalUnit

## FIRST Level hierarchy - Manager

dn: cn=Manager,dc=corneschi,dc=ro
cn: Manager
description: Rootdn
objectclass: organizationalRole

ldapadd -x -W -D "cn=Manager,dc=corneschi,dc=ro" -f ldap-init.ldif

Specify the LDAP host and searchbase for ldapsearch command

vi /etc/openldap/ldap.conf

URI ldap://192.168.100.22/
BASE dc=corneschi,dc=ro

Create a new user

vi /etc/openldap/users.ldif

dn: uid=daniel,ou=People,dc=corneschi,dc=ro
uid: daniel
cn: Daniel Corneschi
givenName: Daniel
sn: Corneschi
mail: daniel@corneschi.ro
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/daniel
gecos: Daniel Corneschi

ldapadd -x -W -D "cn=Manager,dc=corneschi,dc=ro" -f /etc/openldap/users.ldif

Create a new group

vi /etc/openldap/groups.ldif

dn: cn=daniel,ou=Groups,dc=corneschi,dc=ro
objectClass: posixGroup
objectClass: top
cn: daniel
gidNumber: 501

ldapadd -x -W -D "cn=Manager,dc=corneschi,dc=ro" -f /etc/openldap/groups.ldif

Create a new netgroup

vi /etc/openldap/netgroups.ldif

dn: ou=Netgroup,dc=corneschi,dc=ro
ou: Netgroup
objectclass: organizationalUnit
description: All netgroups in corneschi.ro
objectClass: top

dn: cn=family,ou=Netgroup,dc=corneschi,dc=ro
objectClass: nisNetgroup
objectClass: top
cn: family
nisNetgroupTriple: (,daniel,)
nisNetgroupTriple: (,nicoleta,)

ldapadd -x -W -D "cn=Manager,dc=corneschi,dc=ro" -f /etc/openldap/netgroups.ldif

phpldapadmin

yum install --enablerepo=epel phpldapadmin

user: cd=Manager,dc=corneschi,dc=ro
pass: password