How to Configure LDAP Server

Step 1: Introduction

LDAP stands for Lightweight Directory Access Protocol. It is a lightweight client-server protocol for accessing directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

Step 2: Installation

Use the following command to install LDAP or you may download and install the service manually from http://www.openldap.org

# yum install *openldap* -y

Step 3: Start ldap service

# chkconfig --levels 235 ldap on
# service ldap start

Step 4: Create LDAP root user password

# slappasswd
    New password: 
    Re-enter new password: 
    {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

Step 5: Configuration

Update /etc/openldap/slapd.conf for the root password

# vi /etc/openldap/slapd.conf

    #68 database        bdb
    #69 suffix          "dc=adminmart,dc=com"
    #70 rootdn          "cn=Manager,dc=adminmart,dc=com"
    #71 rootpw          {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

Step 6: Restart Service

# service ldap restart

Step 7: Create Local Users

# useradd test1
# passwd test1
    Changing password for user test1.
    New UNIX password: 
    Retype new UNIX password: 
    passwd: all authentication tokens updated successfully.
# useradd test2
# passwd test2
    Changing password for user test2.
    New UNIX password: 
    Retype new UNIX password: 
    passwd: all authentication tokens updated successfully.

Step 8: Migrate local users to LDAP

# grep root /etc/passwd > /etc/openldap/passwd.root
# grep test1 /etc/passwd > /etc/openldap/passwd.test1
# grep test2 /etc/passwd > /etc/openldap/passwd.test2

Step 9: Default Configuration

Update default settings on file /usr/share/openldap/migration/migrate_common.ph

    #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
    #74 $DEFAULT_BASE = "dc=adminmart,dc=com";

Step 10: Convert passwd.file to ldif

Convert passwd.file to ldif (LDAP Data Interchange Format) file

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif

Step 11: Update root.ldif

Update root.ldif file for the “Manager” of LDAP Server

# vi /etc/openldap/root.ldif

    #1 dn: uid=root,ou=People,dc=adminmart,dc=com
    #2 uid: root
    #3 cn: Manager
    #4 objectClass: account

Step 12: Create a domain ldif file

Create a domain ldif file (/etc/openldap/adminmart.com.ldif) using cat command

# cat /etc/openldap/adminmart.com.ldif

    dn: dc=adminmart,dc=com
    dc: adminmart
    description: LDAP Admin
    objectClass: dcObject
    objectClass: organizationalUnit
    ou: rootobject 
    dn: ou=People, dc=adminmart,dc=com
    ou: People
    description: Users of adminmart
    objectClass: organizationalUnit

Step 13: Import all users in to the LDAP

Import all users in to the LDAP

Add the Domain ldif file

# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/adminmart.com.ldif
    Enter LDAP Password: 
    adding new entry "dc=adminmart,dc=com"
    adding new entry "ou=People, dc=adminmart,dc=com"

Add the users:

# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/root.ldif
    Enter LDAP Password: 
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"


# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/test1.ldif
    Enter LDAP Password: 
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"

# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/test2.ldif
    Enter LDAP Password: 
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"

Step 14: Restart ldap service

# service ldap restart

Step 14: Test LDAP Server

It prints all the user information:

# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' 
1 reply
  1. centos7
    centos7 says:

    Heya i am for the first time here. I found this board and I find It really useful & it helped me out much.
    I hope to give something back and aid others like you helped me.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply to centos7 Cancel reply

Your email address will not be published. Required fields are marked *