Hi Team,
Can i get step by step instruction to configure LDAP in cent OS 7.5?
Also i would like to know how do we get domain SID in LDAP server.
Regards
Bala
OpenLDAP configuration steps in CentOS 7.5
Re: OpenLDAP configuration steps in CentOS 7.5
I've done this 1 time so I'm no expert. Credit goes to TheUrbanPenguin, his videos on Pluralsight got me through this.
The steps I took were:
The steps I took were:
Code: Select all
**Test domain suffix is example.com, change to correct domain
Update all
yum update -y
Restart to apply kernel
reboot
Add DNS server to /etc/resolv.conf or entry into /etc/hosts
Install OpenLDAP packages
yum install -y openldap openldap-clients openldap-servers
Add ldap service to firewall
firewall-cmd --add-service=ldap --permanent
firewall-cmd --reload
Copy ldap config example file to use, removing .example at the end
cp /usr/share/openldap-servers/DB_CONFIG.example /usr/lib/ldap/DB_CONFIG
Run test command to create db files, there will be errors*
slaptest
Set ldap as owner of everything
chown ldap.ldap /var/lib/ldap/*
Start/enable slapd service
systemctl enable slapd --now
Change directory
cd /etc/openldap/schema
Add config users
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
**files are in /etc/openldap/schema/ directory, can use full pathing
Create hash of root password
slappasswd -s PASSWORD -n > rootpasswd
Create config.ldif file that contains the following:
**Change olcLogLevel as needed, 0 means no logs
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
#Password is created in previous step**
olcRootPW: {SSHA}zPhLTnlzuDlz+L+pZBrb7fCGD7kZd6QG
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: 0
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none
Read in newly created ldif file
ldapmodify -Y EXTERNAL -H ldapi:/// -f /path/to/config.ldif
Create structure.ldif file that contains the following. **Change to your domain
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=people,dc=example,dc=com
ou: people
objectClass: top
objectClass: organizationalUnit
dn: ou=group,dc=example,dc=com
ou: group
objectClass: top
objectClass: organizationalUnit
Add in structure.ldif using Manager with password set up above:
ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /path/to/structure.ldif
Create group.ldif file that contains the following. **Change to your domain
dn: cn=ldapusers,ou=group,dc=example,dc=com
objectClass: posixGroup
cn: ldapusers
gidNumber: 4000
Add in group.ldif using Manager with password set up above:
ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /path/to/group.ldif
Create user.ldif file that contains the following. **Change as needed
dn: uid=fred,ou=People,dc=example,dc=com
uid: fred
cn: fred
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$l/vbhZNzlE3$2EGNK.Jk3mpdiNal7eStJGyA2q.KJikbie/dFHgf7ZfXiJ4k6LqS9.gdk3Ax0/
shadowLastChange: 16847
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 4000
gidNumber: 4000
homeDirectory: /home/fred
gecos: fred bloggs
Add in user.ldif using Manager with password set up above:
ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /path/to/user.ldif
**To add more users, change user.ldif to new values and rerun above command**
On Client Box:
Update all
yum update -y
Restart to apply kernel
reboot
Add DNS server to /etc/resolv.conf or entry into /etc/hosts
Install oddjob and oddjob-mkhomedir to create home directories
yum install -y oddjob oddjob-mkhomedir
Start/Enable oddjob service
systemctl enable oddjobd --now
Install ldap packages
yum install -y openldap-clients nss-pam-ldapd
Allow ldap authorization
authconfig --enableldap --ldapserver=server1.example.com --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update
Check if ldap users/groups were added
getent passwd | grep user
getent group | grep group
[\code]
-
- Posts: 2
- Joined: 2019/05/14 21:27:24
Re: OpenLDAP configuration steps in CentOS 7.5
Thanks a lot for sharing these steps. Let me try it and update you as how it goes. Regards Bala