We like CentOS very much to be a server operating system, I think we have made that clear; it is a great system, easy to use and maintain, and you can install many specific tools to manage services within a network server. It is also compatible with the RHEL software and repository, providing a good number of applications available.
One of those important applications that can be installed in CentOS 7, oriented to server management is OpenLDAP which is an open LDAP implementation that allows us to access an orderly and distributed directory service to search for diverse information in a network environment, ie a centralized way to store contact information in an organization.
OpenLDAP has four main components:
- slapd: autonomous LDAP daemon.
- slurpd: standalone LDAP update replication daemon.
- LDAP protocol support library routines
- Utilities tools and customers.
In this tutorial we will install OpenLDAP in cents 7.
Let’s get to work
1.- Upgrading the system and installing openldap packages
As always, the first thing to do is to update the system.
:~# yum update
Now we proceed to install the OpenLDAP packages.
:~# yum install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
Once the packages have been installed, we must enable and initialize the openLDAP service.
:~# systemctl enable slapd :~# systemctl start slapd
2.- Configuring openLDAP server
First we must generate the OpenLDAP root password. That’s why we write:
:~# slappasswd -h {SSHA} -s your_password
and we’ll get something like this:
:~# {SSHA}XKrTsGmjsV0Rw1lZzLaOr7pqvZRrbv8A
Next, create the openLDAP configuration file so that it can work correctly. We write:
:~# nano conf.ldif
And we place the following content:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=osradar,dc=local
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=angelo,dc=osradar,dc=local
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}XKrTsGmjsV0Rw1lZzLaOr7pqvZRrbv8A
From that file you must modify these three parameters at your convenience:
- olcSuffix: Basically the suffix is your hostname. For your reference, in this tutorial the hostname is osradar.local
- olcRootDN: This refers to the openLDAP administrator user.
- olcRootPW: Here is the password generated above. Put yours up.
when we finish editing the file, we proceed to “upload” the configuration created to openLDAP with ldapmodify.
:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f conf.ldif
3.- Configuring the openLDAP Database
Now we proceed to copy the example database and grant it permissions.
:~# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG :~# chown ldap:ldap /var/lib/ldap/*
And we add the rest of the schemas.
:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif :~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif :~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
Now we create our file named base.ldif
:~# nano base.ldif
And within this we add the following:
dn: dc=osradar,dc=local dc: osradar objectClass: top objectClass: domain dn: cn=angelo ,dc=osradar,dc=local objectClass: organizationalRole cn: angelo description: LDAP Manager dn: ou=users,dc=osradar,dc=local objectClass: organizationalUnit ou: Users dn: ou=Group,dc=osradar,dc=local objectClass: organizationalUnit ou: Group
Now we must write the command to create the directory structure. In doing so we will be asked for the openldap password.
:~# ldapadd -x -W -D "cn=angelo,dc=osradar,dc=local" -f base.ldif
Of course, change the parameters to your own.
4.-Creating openLDAP User
now we proceed to create a user for openLDAP. An easy way to do this is to create a file for the new user, I’ll call it newuser.ldif.
:~# nano newuser.ldif
And in it we will copy the following content:
dn: uid=user,ou=users,dc=osradar,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: user
uid: user
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/user
loginShell: /bin/bash
gecos: user
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
change what you have to change.
Now with the ldapadd command we proceed to create the new user.
:~# ldapadd -x -W -D "cn=angelo,dc=osradar,dc=local" -f newuser.ldif
Now we are going to give the new user a password.
:~# ldappasswd -s pass321 -W -D "cn=angelo,dc=osradar,dc=local" -x "uid=user,ou=users,dc=osradar,dc=local"
5.- Finals configurations
We then proceed to add the rules in the firewall so that openLDAP runs smoothly.
:~# firewall-cmd --permanent --add-service=ldap :~# firewall-cmd --reload
6.- Testing the server
We verify that everything is in order:
:~# ldapsearch -x cn=user -b dc=osradar,dc=local
If the terminal displays the user information, then everything went well.
And that’s it, we have our OpenLDAP server up and running. We would only have to go and configure each client so that it can be logged into the server. This will depend on each GNU/LINUX distribution the client has.
Please share this article through your social networks.
Great Guide!!! Thank you so much but i’ve a problem in this step2:
ldapmodify -Y EXTERNAL -H ldapi:/// -f conf.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapmodify: wrong attributeType at line 5, entry “olcDatabase={2}hdb,cn=config”
Any suggest?
This one it’s my conf.ldif:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=ldap,dc=halldis,dc=cloud
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=ldap,dc=halldis,dc=cloud
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}gjv8Vad/wLZYL0ginSrxVPOSBL/cfWmD