How to Configure LDAP Server

Step 1: Introduction

LDAP stands for Lightweight Directory Access Protocol. It is a lightweight client-server protocol for accessing directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

Step 2: Installation

Use the following command to install LDAP or you may download and install the service manually from http://www.openldap.org

# yum install *openldap* -y

Step 3: Start ldap service

# chkconfig --levels 235 ldap on
# service ldap start

Step 4: Create LDAP root user password

# slappasswd
    New password: 
    Re-enter new password: 
    {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

Step 5: Configuration

Update /etc/openldap/slapd.conf for the root password

# vi /etc/openldap/slapd.conf

    #68 database        bdb
    #69 suffix          "dc=adminmart,dc=com"
    #70 rootdn          "cn=Manager,dc=adminmart,dc=com"
    #71 rootpw          {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

Step 6: Restart Service

# service ldap restart

Step 7: Create Local Users

# useradd test1
# passwd test1
    Changing password for user test1.
    New UNIX password: 
    Retype new UNIX password: 
    passwd: all authentication tokens updated successfully.
# useradd test2
# passwd test2
    Changing password for user test2.
    New UNIX password: 
    Retype new UNIX password: 
    passwd: all authentication tokens updated successfully.

Step 8: Migrate local users to LDAP

# grep root /etc/passwd > /etc/openldap/passwd.root
# grep test1 /etc/passwd > /etc/openldap/passwd.test1
# grep test2 /etc/passwd > /etc/openldap/passwd.test2

Step 9: Default Configuration

Update default settings on file /usr/share/openldap/migration/migrate_common.ph

    #71 $DEFAULT_MAIL_DOMAIN = "adminmart.com";
    #74 $DEFAULT_BASE = "dc=adminmart,dc=com";

Step 10: Convert passwd.file to ldif

Convert passwd.file to ldif (LDAP Data Interchange Format) file

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif

Step 11: Update root.ldif

Update root.ldif file for the “Manager” of LDAP Server

# vi /etc/openldap/root.ldif

    #1 dn: uid=root,ou=People,dc=adminmart,dc=com
    #2 uid: root
    #3 cn: Manager
    #4 objectClass: account

Step 12: Create a domain ldif file

Create a domain ldif file (/etc/openldap/adminmart.com.ldif) using cat command

# cat /etc/openldap/adminmart.com.ldif

    dn: dc=adminmart,dc=com
    dc: adminmart
    description: LDAP Admin
    objectClass: dcObject
    objectClass: organizationalUnit
    ou: rootobject 
    dn: ou=People, dc=adminmart,dc=com
    ou: People
    description: Users of adminmart
    objectClass: organizationalUnit

Step 13: Import all users in to the LDAP

Import all users in to the LDAP

Add the Domain ldif file

# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/adminmart.com.ldif
    Enter LDAP Password: 
    adding new entry "dc=adminmart,dc=com"
    adding new entry "ou=People, dc=adminmart,dc=com"

Add the users:

# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/root.ldif
    Enter LDAP Password: 
    adding new entry "uid=root,ou=People,dc=adminmart,dc=com"
    adding new entry "uid=operator,ou=People,dc=adminmart,dc=com"


# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/test1.ldif
    Enter LDAP Password: 
    adding new entry "uid=test1,ou=People,dc=adminmart,dc=com"

# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f  /etc/openldap/test2.ldif
    Enter LDAP Password: 
    adding new entry "uid=test2,ou=People,dc=adminmart,dc=com"

Step 14: Restart ldap service

# service ldap restart

Step 14: Test LDAP Server

It prints all the user information:

# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' 

File/Folder Permissions in Linux

Introduction

Linux has inherited from UNIX the concept of ownerships and permissions for files. When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

  • The write bit allows the affected user to create, rename, or delete files within the directory, and modify the directory’s attributes
  • The read bit allows the affected user to list the files within the directory
  • The execute bit allows the affected user to enter the directory, and access files and directories inside
  • The sticky bit states that files and directories within that directory may only be deleted or renamed by their owner (or root)

Following are the useful commands for modifying file permissions and ownership:

  • chmod – modify file access rights
  • su – temporarily become the superuser
  • chown – change file ownership
  • chgrp – change a file’s group ownership

The Permission Groups used are:

  • User (u): The owner of file
  • Group (g): Other user who are in group (to access files)
  • Other (o): Everyone else

Octal numbers and permissions

There are three types of modes in file system i.e

  • Read (r) – 4
  • Write (w) – 2
  • Execute (x) – 1

For Example if we want to change the file permission to 777, 666, 700

  • rwx rwx rwx = 111 111 111 = 777
  • rw- rw- rw- = 110 110 110 = 666
  • rwx — — = 111 000 000 = 700

Change Ownership of Directory/File

To change the ownership of any directory or file use the  “chown” command:

# chown wheel:wheel filename

Change Permission of Directory/File

To setup a file readable by anyone and writable by the owner only:

# chmod 644 file

To setup a file readable/executable by everyone and writable by the owner only:

# chmod 755 file

Note: By default the file permission of file in linux is 644 and 755 for folder.

Recursively Change:

We can change file permissions recursively with the following command:
For Directories:

# find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} ;

For Files:

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} ;