OpenLDAP configuration steps in CentOS 7.5

Issues related to applications and software problems
Post Reply
balareguraman
Posts: 2
Joined: 2019/05/14 21:27:24

OpenLDAP configuration steps in CentOS 7.5

Post by balareguraman » 2019/05/14 21:30:05

Hi Team,
Can i get step by step instruction to configure LDAP in cent OS 7.5?
Also i would like to know how do we get domain SID in LDAP server.

Regards
Bala

Thraex
Posts: 51
Joined: 2019/05/14 19:50:28

Re: OpenLDAP configuration steps in CentOS 7.5

Post by Thraex » 2019/05/15 12:36:33

I've done this 1 time so I'm no expert. Credit goes to TheUrbanPenguin, his videos on Pluralsight got me through this.
The steps I took were:

Code: Select all

**Test domain suffix is example.com, change to correct domain 
Update all
	yum update -y

Restart to apply kernel
	reboot
	
Add DNS server to /etc/resolv.conf or entry into /etc/hosts

Install OpenLDAP packages
	yum install -y openldap openldap-clients openldap-servers

Add ldap service to firewall
	firewall-cmd --add-service=ldap --permanent
	firewall-cmd --reload

Copy ldap config example file to use, removing .example at the end
	cp /usr/share/openldap-servers/DB_CONFIG.example /usr/lib/ldap/DB_CONFIG
	
Run test command to create db files, there will be errors*
	slaptest

Set ldap as owner of everything
	chown ldap.ldap /var/lib/ldap/*

Start/enable slapd service
	systemctl enable slapd --now

Change directory 
	cd /etc/openldap/schema

Add config users
	ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
	ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
		**files are in /etc/openldap/schema/ directory, can use full pathing
	
Create hash of root password
	slappasswd -s PASSWORD -n > rootpasswd

Create config.ldif file that contains the following:
**Change olcLogLevel as needed, 0 means no logs

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
#Password is created in previous step**
olcRootPW: {SSHA}zPhLTnlzuDlz+L+pZBrb7fCGD7kZd6QG

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: 0

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none


Read in newly created ldif file
	ldapmodify -Y EXTERNAL -H ldapi:/// -f /path/to/config.ldif
	
Create structure.ldif file that contains the following. **Change to your domain

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=people,dc=example,dc=com
ou: people
objectClass: top
objectClass: organizationalUnit

dn: ou=group,dc=example,dc=com
ou: group
objectClass: top
objectClass: organizationalUnit

Add in structure.ldif using Manager with password set up above:
	ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /path/to/structure.ldif


Create group.ldif file that contains the following. **Change to your domain
	
dn: cn=ldapusers,ou=group,dc=example,dc=com
objectClass: posixGroup
cn: ldapusers
gidNumber: 4000


Add in group.ldif using Manager with password set up above:
	ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /path/to/group.ldif


Create user.ldif file that contains the following. **Change as needed

dn: uid=fred,ou=People,dc=example,dc=com
uid: fred
cn: fred
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$l/vbhZNzlE3$2EGNK.Jk3mpdiNal7eStJGyA2q.KJikbie/dFHgf7ZfXiJ4k6LqS9.gdk3Ax0/
shadowLastChange: 16847
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 4000
gidNumber: 4000
homeDirectory: /home/fred
gecos: fred bloggs

Add in user.ldif using Manager with password set up above:
	ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /path/to/user.ldif
	
**To add more users, change user.ldif to new values and rerun above command**


On Client Box:

Update all
	yum update -y

Restart to apply kernel
	reboot
	
Add DNS server to /etc/resolv.conf or entry into /etc/hosts
	
Install oddjob and oddjob-mkhomedir to create home directories
	yum install -y oddjob oddjob-mkhomedir

Start/Enable oddjob service
	systemctl enable oddjobd --now

Install ldap packages
	yum install -y openldap-clients nss-pam-ldapd 
	
Allow ldap authorization
	authconfig --enableldap --ldapserver=server1.example.com --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update
	
Check if ldap users/groups were added
	getent passwd | grep user
	getent group | grep group

[\code]

balareguraman
Posts: 2
Joined: 2019/05/14 21:27:24

Re: OpenLDAP configuration steps in CentOS 7.5

Post by balareguraman » 2019/05/16 06:05:57

Thanks a lot for sharing these steps. Let me try it and update you as how it goes. Regards Bala

Post Reply